Roblox Anti-Exploit, Theft, & Plagiarism - Why we need Changes Now

The first solution seems a bit invasive to me, especially growing up seeing other people’s parents restricting what they can do because ‘oooh Roblox looks like a virus because you need to download it!’.

But yeah, I agree with most of the points. I’m dumb in this area, but I would think that there are cases where anti-exploits have worked pretty well (i.e. Valve’s stuff).

3 Likes

Actually, if I’m correct, aren’t people under 13 currently not aloud to play non-FE games? The user depicted in the article was listed as under 13, so that would mean the place would of probably of been FE anyways hax

2 Likes

This is absurd, FE is not some sort of wall you just “bypass”.

And I’m fairly sure the FE age rule only takes the games off the sort, but I’d need confirmation on that.
Confirmation: I can play non-FE games on <13 alt.

7 Likes

This is completely false, there is no way for the client to impact the server in a general sense (as in, you can manipulate the physics of parts you own, but you can’t arbitrarily change anything) when FilteringEnabled is on.

6 Likes

I made a similar post about this not to long ago.
https://devforum.roblox.com/t/ways-to-protect-your-game-from-exploiters/140369/36

Unfortunately if people steal your stuff you can report it but it’ll take a while for the leaked copy to get taken down. If it gets taken down at all.

I strongly agree we need better protection. I also want to have normal team create in group games so developers don’t have access to all the assets of a certain game. Meaning builders will only be invited to building places and cannot access the main game.

4 Likes

I don’t know how Roblox’s anti cheat works, but the best one I’ve ever seen is ESEA’s CS GO anti cheat, it is literally impossible to cheat there, of course you can, but the anti cheat is so good you will be detected within minutes and the cheats that bypass it in any way are very private and cost thousands of dollars. I’d love to see Roblox create something like that, but I believe it involves scanning files on your computer which might not be ideal for a lot of people.

1 Like

Players under 13 can still player non-FE games, also known as experimental games, but games that are in experimental mode will not appear on game sorting meaning those players will need to have a direct link to the game page or follow a friend to play a game in experimental mode.


Also, what exactly do you mean by “bypasses”. I don’t think you quite understand what the FilteringEnabled property does. The FitleringEnabled property prevents any changes the client makes from replicating on to the server.

However, when you say “bypasses”, you may be thinking of one of the few exceptions to this property, but they are not per say bypasses. Those exceptions to the FilteringEnabled property would be:

  • Some properties on the local Humanoid
  • Sound playback, when SoundService.RespectFilteringEnabled is set to false
  • ClickDetector input events
  • AnimationTrack playback
  • Physics simulated on BaseParts which the client has network ownership of

I’d recommend you read up on these articles to learn more in-depth about the FilteringEnabled property and how it works:

3 Likes

ESEA on CS:GO is an edge case that only works because it specifically targets common CS:GO cheats (e.g. detecting DirectX detours to create overlays). As far as I know, it also includes a server-side part that can detect aimbotters by checking their accuracy, something that doesn’t transfer over to Roblox efficiently.

1 Like

I reported a leaked version of my game and Roblox refuses to remove it because, from what I understand, I have people in my team create.
I’m with Russian on this one, gotta enforce the rules a lot more to deter exploiters.

5 Likes

Yes… What I suggest is, not all leaks are hacked. Many are from people from your dev team who get angry and leak everything. Which shouldn’t happen if we can make a normal team create on group games instead of allowing anyone with edit access to edit any game.

2 Likes

Oh no, I tracked down the exploiter on this one. Got a video of him admitting it and telling me who hired him and all that jazz.
But you’re right on that last part. Would love to give access to only certain places to devs. They only need access to my animations, not every single map I’ve ever made.

3 Likes

Roblox has recently came out with an anti-exploit… which worked, but now everyone knows it exists and most exploits are bypassing it now.

My best guess as to why Roblox is not implementing a good anti-cheat, shared by many others, is cross-compatibility. I’m sure you’ve heard of the Roblox app on the Windows 10 Store… but did you know that in order to be on the Windows 10 store, that version of Roblox has had most of the protection in the normal Roblox client stripped away from it? Yup, the Windows Store has strict guidelines and some of the checks Roblox used for security violated those guidelines, so they just decided to remove them.

In regards to BattlEye - it’s a company solely based on preventing cheats. Roblox has a lot more to focus on, and anti-cheats are not at the top or even middle of their priority list. Also, you must understand that BattlEye has a lot of access to any computer it’s installed on - I can imagine that COPPA guidelines would also heavily restrict Roblox in a field like this.

Also, for the record - Blizzard’s anti-cheat isn’t very good. The reason you don’t see a lot of cheaters in Overwatch is because two things: It’s extremely easy to identify (and report) cheaters in Overwatch, and the fact that Blizzard has over 4,500 employees. Obviously not all of those employees review reports and whatnot, but personally, I’d guess that the amount of those employees who do review reports is probably equal to the total amount of Roblox employees (that’s probably not right, but you get the point).

Correct me if I’m wrong, but I don’t remember there being any more than 3 people working on client security at Roblox. (one being ConvexHero, all hail)

TL;DR Roblox has bigger priorities than anti-cheat, you can’t expect Roblox to make something like BattlEye because of privacy concerns, and there are big cross compatibility issues regarding good anti-cheats that Roblox would most definitely encounter.

7 Likes

This just isn’t true. I know of open source, completely free CS:GO cheats that bypass ESEA’s anti cheat very easily. CS:GO itself came out with a near-perfect anti-cheat recently, but it’s already being bypassed (including in those open source cheats). That’s the problem with anti-cheats, it’s a constant fight and unless you’re charging for your game, the bad guys will always have the upper hand.

2 Likes

I do have a minor method against stealing building, but you just have to accept the fact, that if it’s visible it can be stolen. You should only worry if your server code is getting stolen.

Also most anti-cheats are up to the developer of the game. Some anti-cheats may be useless on some games, or they could break other games.

I generally try to make games, that render everyday exploits useless, but even then, you may still find a hard cheat to patch.

1 Like

I don’t know where this rumor came from, but I don’t know of any common map stealing scripts that do this.

You’re right, Roblox does leave a lot of anti-exploiting to the game developer, rightfully so. Roblox cannot guess to the contents and inner workings of every single game, only the game developer knows the internals and thus the proper way to protect against exploits.

1 Like

Back in the day a common place stealer set all archiveables to true, there may be a newer place stealer that gets around this.

1 Like

I think having an intrusive anti-cheat system for roblox is a terrible idea, also where are you getting the data to come to the conclusion that cheating on roblox is getting worse and worse? I’ve certainly noticed it less and less since the introduction of filtering enabled and at this point filtering enabled is basically a must-have to even have a game on the platform. I remember seeing exploits almost daily back in 2012, yet now I can’t even recall the last time I saw a game get exploited.

As far as stealing developers work, they can only go do far in trying to prevent it. at the end of the day, you can’t use roblox without having data sent to your computer and that data being stored in memory. Even with clothing, there’s so many things to think about

Issues with an automatic detection system:
-What do you do about “simple” clothes that are easy to make, like super simple colored shirts with little to no shading. Just because it’s a match doesn’t mean its unoriginal
-What do you do about someone working on clothing for someone else, and they upload it on their account first to make sure it looks right in game? you would need some whole system for transferring ownership of clothing
-What do you do about the people who steal clothes but then change one pixel? or steal clothes and slightly offset the color? you can’t really detect that without then opening up a whole different can of worms of “are these shirts just similar or is someone trying to cheat the system?”

So then what, should roblox hire piles of new moderators to investigate every case that gets reported? Figuring out who copied who and who owns the rights to what and what is really considered fair use is a huge process that takes a long time and a lot of involvement between two parties.

At the end of the day, A lot of these cases of things being stolen are annoying, but are they really that damaging? If someone has a copy of the jailbreak map, what are they going to do, make jailbreak 2 and start releasing better updates than badimo? I doubt it. I’m pretty sure the moderators do take action in the case of significant asset theft if it’s obviously a big deal and obviously causing the creator to lose money and the creator wants to put any effort into getting it taken down. but a huge huge huge percentage of this is both not very impactful, and extremely difficult to remedy.

6 Likes

This just isn’t true. There are no cheats that can bypass ESEA without costing thousands of dollars or getting detected within minutes, please show me if you say there are.

VACnet by Valve uses machine learning and is much different from ESEA’s anti-cheat, it is much less intrusive which is why it’s already being bypassed since it looks for certain behaviours within gameplay instead of scanning your computer extensively. If you figure out how to avoid those behaviours it is easily bypassed.

1 Like

I’m not linking cheats on this, you can tag me in the Devforum discord and I’ll gladly show you.

Really not sure where you got $1,000 from.

Also, yes, Valve’s anti-cheat is a really good method. It can’t be bypassed - in order to “bypass” it, cheaters have to be less destructive and less harmful to gameplay, which is still a good anti-cheat in my book. If Roblox were to make an anti-cheat, this would be a good model to go off of.

3 Likes

I feel like that would mostly be up to developers to make tho, every game is different. Beyond what roblox is already doing i feel like it would be pretty hard to make an all-in-one anticheat that works for every game

4 Likes