I’m the Community Manager for Chaos Theory, a dinosaur based game which has been the subject of many attacks from people who want to see us fail (disgruntled ex-owner, rivals, etc). We’ve noticed people making multiple accounts after they’ve been banned when we use roblox’s own ban system for handling this and rejoining the game within 5 minutes to start violating the rules again.
Has anybody else experienced this, and are there any suggestions to reduce or eliminate this problem?
Apologies in advance if this is the wrong section, I thought this would be the best place to post this.
Your game has vulnerabilities, start by fixing those. An exploiter should never have enough power to cause harm.
I think the Roblox ban system is based on IPv6 checks that are often influenced by a device mac address. Therefore if an exploiter changes their device mac address, which is totally free and costs nothing, they can change their IPv6 and evade the ban.
The most obvious one is fix the problems they take advantage of. However if you really want to track them you can add your own fingerprinting system above the Roblox ban system. For example checking os related information, values from UserInputService, table addresses to determine if they use 32 or 64 bit clients, client versions, and the list goes on.
We fix them, it’s just a game of wack-a-mole. They’re also not major, just things like spamming or somebody figuring out how to noclip through a fence. The sort of things that aren’t game ruining, but are irritating to always be fixing.
That’s the problem there, roblox advertises this system as a “one stop shop to get rid of alts” but it’s easily bypassed with using a VPN. I’m aware of how stupidly easy it is to bypass, I tested it myself, I was just wondering if there was anything somebody created to identify and ban these players when they do evade the ban system.
This is interesting. I’ll play around with it in studio and see how we could integrate that into our current systems and upcoming major update. Thanks!
So, I’ve seen something with HD admin that you can IP ban users I’m not sure if it works (I will keep you updated) And a user age requirement can also work.
It is 2025 please stop acting like IP bans are effective. They are almost guaranteed to affect innocent users if you use them extensively. In professional software IP based enforcement is the punchline to several jokes about bad devsec ops. It’s like arresting someone based on their zip code.
I work in cybersecurity, and I always bang my head at people saying “well why don’t you just IP ban them?”. I share in your pain lol. (nordvpn ad intensifies)
My entire IP range is blocked from editing wikipedia (unless I create a login) because some latter day saints people got in an edit war on like a million different IPs.