Better server protection from DDoS attacks

development
security
server

#21

You actually paid these guys…why?

Just databan them


#22

@Azuc

What exactly is it like when they DDOS?

Does the game freeze? If so I don’t think they’re DDosing

I might have a solution.


#23

I’d just like to necro this to say its been almost three months and this is still an on going issue.

Had a guy crashing us all night tonight, I’ve talked to staff who always say report via the normal roblox method yet nothing ever happens because obviously they can’t use proof from someone admitting it/making threats on discord for moderation.

So whats the middleground here when Roblox won’t/can’t do anything about it and we can’t stop it our-self?


#24

Do you know how they’re crashing the game? Are you sure they’re being honest about how they’re crashing your servers?


#25

I’d rather not be specific but Roblox saves the ip of the server you join locally on your PC to a file in a certain location, you can take that ip and hit it with a large booter/botnet and the server will timeout.

Been a pretty well known issue for a while.


#26

Yeah, I get the basics of how a DDoS is executed. But have you actually tried to see if this works, or are you just taking the hacker’s word for it?

What I’m getting is that there are large games on the front page that don’t get DDoSed, yet your does. Are you sure it isn’t a vulnerability in your game that they’re exploiting and that the DDoS threat isn’t just a red herring?


#27

Owner of the group has had people on Discord screenshare and actually show him how its done to try and see if we could find our own workaround to the issue which is obviously not an option as we have no control over the roblox server itself.


#28

And you just… trust the hacker?


#29

I messaged you something that I didn’t want to post here publicly


#30

Something has to be missing here? If this is a real problem, then front page games would be getting attacked as well and more prominently


#31

Thank you for that. I checked out the service the user in the video is using, and it costs ~1.25$ USD for 10 minutes @ 500 Mbps. This would be cheap enough to take down games with low player counts.

Don’t submit to their threats (like wravager said), since it’s pretty profitable. If you can, try reporting the account of whoever you sent the funds to.


#32

https://devforum.roblox.com/c/platform-feedback/exploit-report
It’s suggested to a peak there to fully report that.


#33

It takes enough time to do it that you really cant make a noticeable impact on a game with lots of servers, we however usually only have 1-2 75 player servers so they can go back and forth between the two.


#34

It would be cool to see a staff response on whether just not saving the ip of the server on the client’s PC would stop this? (Unless the saved ip is used for something)


#35

Apparently it can be found via wireshark as well, I just feel like there are a lot of other games with servers that dont get crashed. There must be some kind of protection we can have on Roblox.