[No longer supported] SSecurity: The ultimate anti-bot model

SubtotalAnt8185 · October 16, 2022, 2:44am

SSecurity is no longer supported. Version 0.63+0.14 will automatically uninstall the data stores for you.

The reason for this inevitable discontinuation is ultimately the work of three factors:

SSecurity is obscure, and it has a lack of user feedback. This has been the case since 2020.

Anti-bot systems are not very useful in 2023.

Due to a few issues with the encryption/decryption method, SSecurity would prevent users from joining the target place.

How to Uninstall SSecurity

If you’ve used SSecurity in the past, or are still using SSecurity, follow these steps to completely uninstall it:

Insert the loader (if not inserted already). It can still be obtained from joining the verification place.

Publish the place (if not published already).

Join the place. SSecurity will teleport you to the verification place.

Follow instructions given by the verification place.

The verification place redirects you back into the target place.

Wait for a message in the server output that says “SSecurity has been successfully uninstalled.” If there is an error saving to the data store, rejoin the place and try again.

Remove the loader from the place and publish. SSecurity is now completely uninstalled.

Note: If you have SSecurity installed on multiple places in an experience, only one of the places needs to be used to uninstall SSecurity.

Alternatives

There is no direct successor to SSecurity. However, ScreenQuiz might be able to accomplish a similar method of “captcha verification” if configured correctly. I’d recommend not using either and instead relying on the common sense of the player. After all, bots do give you more visits.

The Archived Original Post

Has your game been infested with bots that chat irrelevant statements? I have a solution!

SSecurity, or ScreenSecurity, is an anti bot model that will eliminate all chat bots (if it doesn’t let me know immediately and I’ll fix it).

SSecurity was also one of the first successful anti-bot models. It started out as just a plain script in 2019, now it is a MainModule.

FAQ:

What does it do?

SSecurity will teleport everyone who enters the game into an external place to verify themselves.

What verification types does it have?

SSecurity currently has captcha verification (text-based), an account age limit, and a color test.

How secure is SSecurity?

Very secure. Everything that can possibly be run on the server is run on the server. Additionally, captcha verification has a rate limit so the bot would need to type the keys one by one.

What happens when the user doesn’t pass?

The user is kicked from the game and required to wait a number of minutes until they can verify again. I’m planning to add this as an option to the configuration, but TeleportData isn’t secure as we all know.

How will SSecurity be updated?

Updates will include bug fixes and new features only.

I don’t want to use the SSecurity verification place, what can I do?

An option in the configuration, customPlace, can specify a custom place for SSecurity to teleport the user to.

I don’t want SSecurity to teleport me back to the original place, what can I do?

An option in the configuration, customTeleport, will teleport the user to another place once verification is finished.

How performant is the verification place?

It is as performant as possible. Most of the default player scripts are removed, and the server takes most of the load.

It’s your choice to use this- SSecurity is meant for very controlled userbases. New players might not know how to use it and might just dislike your game.

Get the model

If you don’t own the SSecurity model, you can get it by clicking “Get SSecurity now!” at the bottom left of your screen.

To get SSecurity, you can conveniently join the verification place.
Get SSecurity
It will prompt you to get the free model upon clicking the button.

However, I know how annoying it is to hunt for the MainModule and Loader, so I provided them here as well.

If you have any feedback or further questions, please reply below.

Edit 8/22/2023: Reports of SSecurity’s encryption not working. This may be due to a Roblox update. I’ll work on a fix later as I have more important things to do right now.

R0bl0x10501050 · October 16, 2022, 2:49am

TeleportData can be modified by exploiters. You should not be using this for security purposes.

Please refrain from using deprecated objects, this should be a simple console log/warn, not a fullscreen effect.

SubtotalAnt8185 · October 16, 2022, 2:57am

Update #1: MainModule:
Version 0.12

Additions

Supports customPlace.
Will now mute the player immediately instead of waiting for the teleport.
PrintStartupMessage property for printing the version of the MainModule.

Fixes

Revamped the module, should work with TextChatService as well.
Verified the starter place was the same as customPlace.

This release could possibly be buggy, please report any issues with it.

Update #2: Loader:
Version not applicable

Additions

PrintStartupMessage property for printing the version of the MainModule.

Changes

Changed info text.

Update #3: SSecurity Verification:
Version 0.61

Additions

Added version log.
Added deprecated loader warning.

Fixes

Fixed a memory leak when the player leaves the game while a prompt is still open.
Fixed an issue when the go back button would act as the Continue button when joining.

Many more bug fixes.

Changes

SSecurity has minor text changes.

This is true, and I considered this when making SSecurity. Configurations are mostly internal, and I’m currently working on a GUID verification system using MemoryStore. Exploiters could not bypass SSecurity, they would need to go through it first. They could possibly bypass the account age limit but this will soon be implemented into the MainModule.

The issue has been resolved as part of the new MainModule update.

uwuCulturist · October 16, 2022, 4:05am

I respect your effort, but I personally don’t believe the most effective solution to chat bots is to put players through a captcha system

I’m not in the target audience here, so I know I’m biased when I say this, but I believe using a regex pattern, and refusing to send messages if they flag it would work much more efficiently

If the bots get around this pattern, you can also use regex (yeah I’m unoriginal) to detect botted usernames; They are usually in similar groups or based on some name generation algorithm, so you could try to detect those and kick them before they even join.

Obviously you can do whatever you want to, and there may be a reason you chose to go with a captcha, but if someone was really dedicated enough, they could solve the captcha and the chatbot problem would remain

SubtotalAnt8185 · October 16, 2022, 4:24am

The issue with this is that it eliminates some of the users and messages. We want users to still be able to play the game or send messages, for example “don’t fall for free robux scams” should be sent as a message.

If you don’t prefer this method of anti-botting, you can look at this thread for more details:
Spam Bots In Games - Development Discussion - DevForum | Roblox
Bots are joining my game with the Console device, even though it’s not available on Console - Bug Reports / Engine Bugs - DevForum | Roblox

uwuCulturist · October 16, 2022, 2:21pm

This does make sense, I’d just personally prefer not be able to send certain messages, rather than doing a captcha every time I join

SubtotalAnt8185 · October 16, 2022, 11:35pm

A security update was released.
This update will improve the security of your SSecurity installation.
Update:

SSecurity now uses RSA256 encryption on the server for sending important teleportData messages. SSecurity needs your private key in order to do this, so the first user to join with SSecurity installed will transmit the private key. After that, the private key will no longer be sent.

I realized this was an issue after @R0bl0x10501050 responded to my post.

Important note:
You need to join your game after installing SSecurity to complete the encryption setup, and send the private key. SSecurity will show a window, saying “Thank you for using SSecurity!” if this was successful.

If this update causes any issues, please notify me through a DM or reply to this post.

BIGHEAD_RIPOFF · October 18, 2022, 2:57pm

Nice system. However I partly agree with @uwuCulturist’s point you can add more security to your system by detecting if a player has a random string username when they completed the captcha once kicking them sounds a bit too far fetched if they get it wrong once I would recommend that the player has to beat the captcha again in order to play the game with 3 attempts if they get the captcha wrong 3 times than kick them on the server to make sure they don’t bypass it using anti-kick scripts.

SubtotalAnt8185 · October 18, 2022, 10:10pm

Even if they aren’t kicked, it still will not teleport them to the target place with the encrypted key.

How would I do that?

I’m thinking of making this a configuration option within the next few updates.

Thank you for the feedback.