One of my friends had his game hijacked by a group of exploiters, they would crash his servers until he added a teleport to their game. He only told me how it looks like to other players, so I need your help in identifying the original script and/or seeing if you can prevent it.
This is how they described it as:
“person joined, stood still, and a thousand copies of a hair accessory spawned onto their avatar’s head at a very fast rate, which lagged the game out, rendered all of our commands useless, and we would just stand there. you could still walk and stuff, but the chat and admin commands were broken completely, so the server had to be shut down.”
Is it possible they could be spamming the accessory GUI? I know there’s a limit but maybe with some kind of bot or macro it might be possible to mess with it fast enough to slow things down.
It’s highly unlikely that it’s a backdoor. If it were, then the exploiters would’ve just made OP’s game teleport to their own game. Spawning thousands of hairs and taking the game hostage is what you come up with when it’s your only remaining option.
It is still possible that the exploit is specific to that place, that there’s a character customization-related weakness that doesn’t destroy the previous accessories. Otherwise the exploit would be commonly used or flexed outside this place.
Theres been accessory based btools going around too which has been used in several games that I know of
Its probably the same mechanism and Im sure roblox will get onto it sooner or later
You could do some research into accessory based btools, but all Ive found are obfuscated scripts
Ive semi cracked the obfuscation and am currently looking into leads into what mechanic is being abused to create these hats
I think I dumped a script that did this a few months ago which allowed me to see what services it used, but I don’t remember them. Though after when I dumped it, I released that it ip logged it’s users via a website and it sent that to a webhook, which me and my then friends spammed
This is my solution and I’m not sure whether this would work.
So, my solution is to connect a DescendantAdded event to workspace and add a debounce to it. So, if the limit is 10 hats per second (Make sure to set it to atleast 10 since the player’s character can contain Accessories) and there are 100 hats being added every second, kick the player.
(You could also check if the accessory type is hair)
I was right, it is easy to spam remote with hats.
I managed to make a huge list of accessories and when I launch the script I can equip accessories without limits. It slows down the chat a lot. You need to check amount of accessories on server side and also modify the script, since if you spam it, it will slow down the chat, no messages appear.