Need ideas for blocking this specific alt generator?

Hello!

I own a sword fighting game, which if you have ever played one you would know are a big target by exploiters.

Currently, exploiters use a program called “altgen” which is basically a compilation of botted accounts from 2017-18-19 era, and then distributes them through a service either paid or free.

Most of these bots have a name, for example “JohnDoeHackAlt1000”, “JohnDoeHackAlt1001”, etc. With this, I am able to ban anyone with “JohnDoeHackAlt” in their name which provides an easy fix.

But recently another type of altgen has came around that has users named like “JohnDoe12”, “JaneMoe13”, etc. but with completely random first and last names.

I had a idea of blocking them which was finding an online list of first and last names and if the players first name (starts with a capital letter) and last name (starts with another capital letter) matches anything in that list and then also if there is 2 letters after it.

I doubt many players who would play my game would have that.

But it hit me that they might use a different list than me, especially for the last names, so I kind of ran out of ideas.

Anyone got good ideas for blocking this, if possible at all?

Account age, String Patterns or the entire string functions.

Account age won’t work as most these accounts were made in 2017.

How would I use string patterns for this? Only way I can think of is find names with 2 caps and also2 numbers but this is unreliable

Find the coincidences between the accounts?

Perhaps you can try making your own table to match their table. Taking advantage of strings, see if the username matches a first name, last name, or phrase in the table, and has a number at the end. You’d have to update this table every time you find a new name or phrase used in the usernames, but I can’t think of any other ways you can do this properly.

By the way, it’s obvious because you’re not going to play a game with an old or new account which a user with a similar name got banned right?? Yeah i know there’s a probability to get false banned.

game.Players.PlayerAdded:Connect(function(Player)
	print(Player.AccountAge)
	if Player.AccountAge < 7 then
		Player:Kick("New account detected")
	end
end)

this kicks new accounts but

At the same time, you should also be trying to prevent these exploits along with the accounts using the exploits. It’s even more important if these exploits cause server-sided changes because that would mean the game has backdoors that allow these exploits to be used.

There’s no 100% reliable way to ban exploiter accounts without possible repercussions to normal players. You’re better off devoting your time to making a more secure sword system that is harder to exploit. One thing I can think of doing is requiring accounts to have email verification. If the exploiters don’t have email verified accounts, you can just check if they own the hat you get from verifying your email.

https://developer.roblox.com/en-us/api-reference/function/MarketplaceService/PlayerOwnsAsset
https://www.roblox.com/catalog/102611803/Verified-Bonafide-Plaidafied

Reply to @Misinformater: There are none. Its <random 2 digit number.

Reply to @Real_BenTheMiner: I don’t have access to their table which is the issue. It seems there is hundreds of names because I have banned over 200+ alts like this and and very few have repeated the same names.

Reply to @Vibe90K: This wouldn’t work because most these accounts were made early 2017, back when the bot filtration system was non existent. It seems the database containing all of them is being repurposed now as a altgen for whatever reason.

@ozyubkx This is actually a good idea. I will try and implement this and let you know of the results.

This works, but it also cut the amount of players on half. I don’t think I can use it.

what exactly are these fake accounts doing to exploit the game?

It varies depending on whoever is using it, but usually reaching, speeding, etc. Anything to get a unfair advantage.

in this video i show how to make a antihack where it allows the server to keep track of where the players position should be

then on the serverside when a player attacks a player you should use the antihack to make sure they never moved to fast and also to make sure there not attacking from far away to prevent reaching

I implement all of these in my game.

• Can’t kill someone unless at least 12 studs near them
• Basic walkspeed detection

but sadly exploiters have a lot of different methods to bypass it, such as metatable spoofing which turns the game in to a metatable and edits it to change the walkspeed without the server or client seeing any change.

well that would not bypass the anti hack

what you do is lets say the player attacks someone at the position 0,0,0 then 1 second later wants to attack another person at 0,0,100 you have to calculate how fast they would of needed to move to move from 0,0,0 to 0,0,100 in 1 second and if that speed is grater then lets say 16 studs a second then you don’t accept the attack this can not be bypassed in anyway

But what I am saying is I already made it so if they tried to attack someone over 12 studs away it won’t accept the attack. This is because the swords handle length wouldn’t be long enough to reach the player in any reasonable situation.

The issue is they can make a reach “aura” or circle around them so instead of being like a reasonable player who gets 8-9 studs per kill they get 11-12.

If I lowered past 11 it causes issues with actual fighting for normal players

oh ok i understand now

So there reach advantage is giving them the advantage of a larger hit box and 2-4 more studs of range

your correct that the anti hack would not be able to detect that small advantage

ill try think of a better anti hack system that will be more accurate

local function IsAltGen(user,accountage)
   return string.match(user,"%u%w+%u%w+%d+") ~= nil and (accountage >= 1900 and accountage <= 2500)
end

there are a bunch of main accounts that use new accounts