Hey! I’m wondering if theres a way to prevent ddos attacks. There’s someone duplicating items/assets in my game with a ddos attack and I’m not sure how we can prevent this. We have session locking and everything and yet it still works. Any ideas?
add remote sanity checks for example if player is firing the remote too fast you could kick them from the server
This isn’t what’s causing the ddos attacks. We already have systems like this in place, it’s not the cause.
Duplicating items has nothing to do with “DDOS” but rather a remote vulnerability, like what @Bakonowychlopak123 suggested you should do a sanity check on the server to detect multiple remote calls and mitigate it from there.
If you are sure that this is DDoS, then, alas, nothing can be done. No scripts will help. This is a roblox problem. They have secure servers, but there are few of them and they are most often in popular games (Adopt Me, etc.)
Im guessing someone is getting server IP via wireshark and then ddosing it with google VPS or something like that. Contact roblox support. (yes I know it sounds really painful but we cant do anything about that)
You certainly can dupe by ddosing a server. I’ve seen it in many games (pet simulator x, trade tower …)
I am going to be fully honest with you, what you are experiencing is not a DDOS attack. I don’t think players can target specific game servers. Nonetheless, if your game is not safely coded, exploiters can abuse some security breaches. Furthermore, if someone has full control over your game, it is probably caused by a backdoor. Backdoors are hidden scripts that can give players access to the server.
Anyway, if you are fully certain that there are no backdoors, you might want to check the integrity of your code and make sure there are no missing security checks.
The power of Ddossing is in slowing down servers/crashing them. You cannot simply gain control of Roblox’s servers just by slowing down a game. What you can do is abuse that lag caused by the attack to bypass some security checks or abuse some misconceptions.
We’ve gotten the dupe script. The issue is it’s using a loadstring, and the code isn’t visible. We can’t go to the link it’s using, because it’s protected by game:GetService('RbxAnalyticsService'):GetClientId()
, and i’m not sure how we can proceed.
dont bother and provide us with the full protected source
might try cracking it? cuz why not??
This is most likely an exploit that spams every remote in the game in an attempt to crash it. Here’s how you can detect if people are spamming your RemoteEvents (and kick the player):
count=0 -- ignore this
maxCount=math.random(20,35)
for i, v in pairs(game:GetDescendants()) do
if v:IsA('RemoteEvent') then
v.OnServerEvent:Connect(function(plr)
print(""..v.Name..' fired by '..plr.Name)
if count>maxCount then
print("!⚠! RemoteEvents are being overloaded/spammed!")
plr:Kick('Spamming RemoteEvents.')
end
end)
end
end
while true do
wait(1)
count=0
end
Place the script in ServerScriptService. If you’re constantly getting messages in the console saying that remotes are being spammed, it means they’re spamming remoteevents to crash the servers, which then i’d recommend to add remote sanity checks, such as debounce.