PSA: Stop using Roblox proxies! (roproxy, rprxy.xyz, rprxy)

The example I gave was a very specific scenario to demonstrate the problem with trusting these proxies. You cannot “always spot fake data”.

1 Like

I will still use proxies Regardless. Not for Roblox bots but only for Webhooks as those aren’t actual bots so chances are slim for logging into a webhook account.

If you mean you’re using a public proxy for your Discord webhooks, the risk is that anyone with the token can send messages to the connected channel. If that risk is bearable, then it’s not horrible but still not ideal. If it’s a public channel it’s certainly a bad idea because a malicious user could ping everyone in the server, send links to scams, etc.

1 Like

It’s a private channel and I always protect my code.

I use webhooks for logging purposes for my game.

Also, how will they be able to change the content of the webhook just by getting a link?

You’re sending requests to their server, correct? So they can do whatever they want. They can choose not to send it at all, they can change the contents, they can store the webhook for later and do whatever they please. If giving a stranger access to your webhook is fine with you, then feel free to continue using a public proxy.

You think that they can just access my scripts and get the link to the webhooks. I don’t think so because never had any issues.

Are you using their proxy? If you are, you’re giving them your token. That’s how it works. They take the token you give them and then send the request themselves.

Like I said it has never happened so I don’t think it ever will.

It will happen once your game gets popular enough to attract hackers.

But still Hackers or Exploiters whatever you want to call them can’t access the Server. Therefore, they can’t see your script that you have on the server-side to run your webhooks. The only way they can possibly get the Token is if you are using Remote Events which sends data from server to Client and from Client to Server. These requests aren’t encrypted. It best to run your webhooks if you are using proxies on the Server.

Also, you can add checks for if they are in the Group and if they are a specific Rank in the group to prevent random requests getting sent to your webhooks.

That’s not related to the issue here - it’s that you’re leaving your webhooks open to attack by the people running the proxy itself

Hi everyone, I’m a PM from Roblox and want to learn more about your needs about accessing Roblox domain directly from your game.
Could you share the features you’re trying to build?

10 Likes

For getting precise and extensive details on badges, groups, games, people, and items. You can’t do this with methods of MarketplaceService, players, etc. This is why I use roproxy, anyways.

Some documentation on roblox even says developers use proxies to send requests to roblox.com, so why can’t we just send it directly?

2 Likes

How do you use such details in your game? can you give some examples?

2 Likes

As a way to show how many people earned a badge:

A way to get lots of details on games:

Trade hangout get’s users items: (most likely though rolimons API, but it could be through roblox in some games like this)


It would be more efficient to go directly to roblox rather than through a proxy. But, if it’s for security reasons (or some similar excu- reason), then I understand.

3 Likes

I think we just need more methods to services directly. I feel making web requests to itself is just sort of hacky.

4 Likes

Yes of course, but if we had to send a request I’d prefer it directly to roblox for information on roblox stuff. Maybe then it could detect I’m asking for roblox.com, and would ask it’s own servers instead of making a request?

1 Like