Scam Remove Bot

You should use require("0q0-roblox") as roblox.js haa outdated scripts.


You can aswell use okwo yeah,


Facts about the "bot"

This doesn’t work, “roblox.js” is outdated as @Etheroit pointed out. Roblox has no proper API for the website so every time the website gets an update we’re back to where we started. @Etheroit suggested to use “0q0-roblox” however it doesn’t work either. Neither of them do. In conclusion I want to say that this idea will never work. There’s no official API, the unofficial ones is either unofficial or not even functional. With “roblox.js” you get “You do not have permission to view the wall” as error, even though I made a role for the bot with all permissions activated. Moving on to “0q0-roblox”, it seems to work, however when finally a bot posted some of the words in the “blacklist” I received the error “Delete wall post failed, make sure you have permission to manage the wall” once again, the bot has all permissions activated and should work.

My opinion about how it’s written

It’s written in a terrible way if I may be honest with you @DutchDeveloper. It doesn’t print the errors so getting an idea what the issue is was nearly impossible. If you want to even have a chance to view your errors replace this:

onWallPost.on(“close”, function(e) { console.log(“The event has disconnected!”); });
onWallPost.on(“error”, function(e) {});
}).catch(function(e) {});

With this:

onWallPost.on(“close”, function(e) { console.log(“The event has disconnected!”,e); });
onWallPost.on(“error”, function(e) { console.log(“Unexpected error:”, e);});
}).catch(function(e) {
console.log(“Unexpected error:”, e);


The “bot” doesn’t work at all, whenever you use an “updated” unofficial API or not. Until Roblox releases an official API for the Website we’ll never have bots protecting our groups for us. The “bot” as @DutchDeveloper wrote is far from done and the code is not user friendly at all. Hoped to have a bot running 24/7 on my server but that’s just to cancel that plan.

Thank you,


Adding onto what I said above, after contacting @DutchDeveloper over Discord he sent me another version of the bot. After few errors I got it working, there’s still errors and mistakes that needs to be corrected, however, we’re making progress.


Thank you, always great work out of you and Kurka!

1 Like

Proper, official API to log in

Proper, official API to get group wall posts

Proper, official API to delete a group wall post

Proper, official API to delete all group wall posts by a specific user

General usage procedures

To make any request, you need a valid X-CSRF-TOKEN header. If you lack it or yours is invalid then your request will fail. When it fails, roblox will give you a valid X-CSRF-TOKEN in the response header, which you can use for your next request to make it succeed. I think X-CSRF-TOKENs are authenticated separately for each subdomain.

To make requests that require authentication, you need .ROBLOSECURITY=... in your Cookie header. Roblox will return this as part of the Set-Cookie response header when you use the login API.

So general procedure for a group wall scam post delete bot:

  1. Make blank login request to get CSRF token
  2. Make new login request with valid CSRF token to get authentication cookie
  3. Make blank group wall get request to get CSRF token
  4. Make valid group wall get request while providing your auth cookie and CSRF token to get group wall posts.
    4.1. Save returned CSRF token
    4.2. Search through group wall posts and add any user ids that make scams to an array
  5. Make a valid group wall user posts delete request while providing your auth cookie and CSRF token to delete all posts by a user.
    5.1 Save returned CSRF token
    5.2 Repeat for all users in delete-posts-by array.
  6. Jump to step 4 and repeat every 15 seconds or so.

The methods of impersonating a regular user behind a regular browser that roblox-js, noblox-js, and 0q0-roblox and their forks use is mostly not necessary any more. Here is a list of new web endpoints (ignore the thread title, or read through the thread to understand its relevance).


Thank you.

1 Like

This is due to roblox-js not being updated after manual wall page selection was removed.

I already know, I am pointed out stuff for people that don’t.

1 Like

Not sure on what you’ve meant about “Delete wall post failed” as it’s really working perfect for me.

Just make sure that bot’s rank is lower than the sender’s rank.


Fellas, Novaly studios has had this issue solved forever! Just set your group to private, and then accept all join requests. Because of how many groups one bot tries to join (more than its max 5), they never get into your group!

eNjOY qUAliTy ConVeRSaTioN1


This is not a solution. People often join groups associated with games to give instant feedback on their experience. If the group is set to manual approval this often puts people off of joining the group, and they could be waiting more than 12 hours to be accepted into the group.


I’ve also found a solution I’ve proposed to Dutch. Make the primary role without permission to post on chat and then auto-rank people to other, which does have it.

1 Like

Yeah, I realized that some hours after. So now it works :slight_smile:

1 Like

Glad it does. Was a little bit surprised tbh.
PS: Sorry for giving you code with no better error handling. Just it was a quick job and thought that it won’t be released for educational purposes (just for running it on server and preventing crashes)

1 Like

Oh by the way, the part with looking for new posts (it stays online waiting for a new post) doesn’t work, so you have to do everything manually.

1 Like

Hm? I don’t reallt understand. It works quite perfect for me. It checks every few seconds about new posts.

When I use it, it logs in, deletes any relevant posts and logs out. It doesn’t stay logged in and wait for new posts as it’s supposed to.

1 Like


We can discuss this in more detail over Discord. :+1:

1 Like