This is a really neat post and I definitely appreciate the new insight on the subject.
Though, as helpful as this is, it doesn’t solve botting dislikes or likes which is one of the BIGGEST security issues Roblox has to date. Dislike/like botting is an epidemic no one but Roblox can fix realistically.
As far as I know you can only shoddily prevent dislike botting by kicking any players that are under a certain age (1 < day old accounts are kicked). Your method you’ve introduced. And a couple of other methods, but these are band-aid fixes onto a gushing wound.
But this obviously doesn’t prevent the frequent botted games getting 1k, 5k, 10k, even 100k. Even reputable games like Adopt Me and others have been botted before.
Usually games that get player-botted have horrible like/dislike ratios but who’s to stop a semi-decent game or even a good game with good ratios from being boosted from a couple thousand bots?
I won’t touch on it too much since it’s a bit off-topic but don’t even get me started on how much the Library received botting issues a few months back.
TLDR This is awesome, thank you . I just wish the actual problem was cut at the root.
I did have a question though. Where are some sources on this? I would personally love to research more on this for more ways to prevent this until Roblox fixes it.
Instead of each game having its own challenge, it would be possible to make a general solution.
Essentially the server generates a problem. This problem would be hard to solve, but easy to verify. Think proof of work bitcoin style.
What this means is that a client would have to solve a somewhat computationally complex problem in a limited amount of time. An individual computer would be able to solve it with little problems. However a bot that generates thousands of joins would need a substantial amount of computational power in order to answer 1000s of these questions, something that these bot users likely do not have.
This is very interesting. I have had one idea I’ve never implemented and eventually shot down, but it’s much more basic. Its simply just creating a giant “X” button on the player’s screen and if they don’t click within 5 minutes or so, kick the player…
But obviously, 5 minutes is too long and I can’t tell if it’s just a bot or a player getting a snack lol
I wonder how effective Captcha systems could be in this case. Something like this except maybe the button could move with each press randomly. Bots attacking game servers - #2 by toocrusty
That is if the bots do eventually break through the measures we have now. It wouldn’t surprise me with how quickly they seem to adapt.
I made an updated version. https://www.youtube.com/watch?v=pXtKjV8yuKk&feature=youtu.be
Check it out, I think this will prevent in-game botting but not dislikes, maybe checking user’s age and kicking them will but I think Roblox should do something about it.
New players must be able to play games only after they’ve verified their email.
Don’t think that’s the case, I do recall a time where I clicked the play button but then later the client failed to load because of my slow internet, though I was still able to rate the game after i’ve clicked the play button.
Bots must follow all user-account restrictions. It’s impossible to tell if the user is a bot based on name and if account age is put Into perspective, you’re missing out on a lot of new players joining your game. This is not a developer issue. This is simply Roblox failing to follow modern security techniques.
You’re trying to attempt to get rid of an issue that has nothing to do with developers nor is it in their control. Anything you can do as a player can be done as a bot. Therefore, any changes to prevent bots from entering your place will also affect real players trying to play as well.
You’re trying to attempt to get rid of an issue that has nothing to do with developers
Not “attempt”, I’ve literally proved it works. It doesn’t matter if it isn’t our problem, we can still do something about it, and clearly people care enough to do whatever we can to stop it.
Therefore, any changes to prevent bots from entering your place will also affect real players trying to play as well.
A remote event test does not affect legitimate players, if you make the time sufficient enough (which appears to be a little greater than 5 seconds, try 20 seconds).
I’m pretty sure Adonis admin has a feature that checks if the client is responding every 5 minutes or so, so you might already have this protection if you have Adonis or a custom variant in your game.