You are correct. Hubs are not extra layers of security, they only make the process longer, as I explained previously. Also, I do not think programs like Wireshark work on ROBLOX. I am betting there are other ways to get the IP rather than the logs file and using a few lines of code. Mitigation is possible as well, as you can detect the client ping or FPS drop, and later on mitigate the attack.
There is no ignoring, because some of them do it out of passion, and some do it for ransom. It is hard to tell, usually, when they ask for ransom, you can ignore them, although, if it is out of spite, then their isn’t much you can do. It has been a couple days since this last occurred although, and the community itself seems to be rebuilding itself, which is of course fantastic.
1 Like
Wireshark can get the IP. I’ve gotten it in-game and compared it to Wireshark’s output. It gets put under Raknet protocol and is accurate.
Doubt this is a DDOS. Its probably just a backdoor or exploiters manipulating a remote
In your particular case, it might be hard to distinguish whether or not this is actually a DDoS attack. Just to be sure, you can try running a private server (a VIP server would work) where only trusted friends have access. Have it active and running for a good while and see how that server runs.
If this private server runs smoothly even with a lot of your friends actively playing the game, then it’s likely an issue caused by an outside source. That could mean a DDoS attack, but it could also just mean a vulnerability somewhere in the game’s code which can be fixed.
If you have a programmer on your team, you can have them run a few tests with the scripts to see what could be causing a vulnerability.
A few people replying think it’s unlikely for your game to experience a DDoS attack due to its popularity. This holds some truth to it, but there’s always the possibility of personal attacks motivated by personal reasons, so I don’t think it’s fair to rule an attack out.
I have witnessed many DDoSed attacks, mainly on my game itself and others I have worked for. It is definitely not due to exploiters or a backdoor. I’ve checked over a thousand times for backdoors or any vulnerabilities. It is most definitely due to DDoS attacks.
Yes, I am quite sure the Raknet protocol is being exploited.
I would put a foot down and try to do something if I could, and very firmly I would do it.
Too many years this has been a problem for such a small fractional part of the Roblox platform. I understand some of these other repliers are a bit skeptical to the whole situation, but that is because they simply do not come from the groups/guild/clan community. Had they have any background in that community they would understand that we have suffered a lot in the past years. And yet idly we all stand because a solution has not been found. Disappointing however when it’s a circumstance like this, where you have a small percent of people being affected majorly by a force they cannot control, typically no one will put an effort into helping. Either because they cannot see that people require help, they are too ignorant to understand helping other is a good thing, or some other bizarre theory. It does not make it right though. We are still a part of this platform, and this isn’t the first forum post that has been made about their game being ddos’ed due to personal-vendettas.
Seriously, can we get a darn solution already? I understand that the groups and clans are such a tiny fraction of this enormous platform, but where is the logic to explain how the neglect that we have been given is just? It isn’t right, none of this is right at all. People are destroying experiences and all the while it goes quietly into the dark only to repeat itself the next day and the next, until the individual being extorted gives up and gives in by paying the ransom, quitting their community, or quitting Roblox as a whole.
This injustice has gone on for far too long. Someone please help us, and OP–if a solution is not found I desperately urge you to keep trying.
5 Likes
I contacted Developer Relations via email about this issue and provided them with precise timestamps and logs; I received the normal “the engineers are investigating this issue” response and have not heard from them since. It’s been nearly a month with no response. This support experience is atrocious, and Roblox is effectively communicating that they don’t care.
Roblox is putting this weight on developers, who have no control over the servers on which Roblox runs. Developers who are criticised, developers who see their income and passion diminish. This has been going on far too long and it must come to an end. It’s beyond time for Roblox to step in and provide us with legitimate alternatives; despite the fact that it’s been years, they have yet to make a single comment about our options.
I’d be willing to pay Roblox for an improved server that includes DDoS mitigation, but that is not an option they provide.
26 Likes
This is an extremely accurate response. Such a small portion of this community relies on larger player counts with less servers for the game to work it was intended. This issue has been going on for years with numerous attempts to stop it to no avail. It is a disgrace that Roblox hasn’t done anything about this. If this happened to a larger game at scale, Roblox would sort it as fast as possible. Extremely disappointed in this.
1 Like
This is still an active issue. When trying to get in contact with the relevant team through Developer Relations, you’re just getting ignored. It’s not the first time I’ve mailed - for a good reason. This is preventing me from releasing my new game; it’s awful that Roblox has not given a timeframe for a potential patch to mitigate these attacks.
3 Likes
This is still an active issue. This is honnestly very “stupid”
This is still an issue. I’ve been suspecting it’s a plugin script for Synapse doing it. But it may very well be DDos attacks. Roblox doesn’t seem to care at all. I’ve told them exactly who is doing it and those users have not even been banned.
Edit: There’s lots of videos like this floating around that show it being done with Synapse: Lagging ROBLOX Servers - YouTube
FYI, this is a very complex issue. They’re not communicating with you because, no solution has been found. The client connects to the server via an IP and that IP has to maintain a level of traffic between the server and client to be able to function.
There’s no easy way to mitigate this that wouldn’t also affect the client from a worse experience. Everyone is at a loss here. Even Roblox. Those players that leave your game have the ability to spend money on what you create. If they don’t spend, you lose money and Roblox loses money through tax. Simple mitigation in a small scenario doesn’t always scale to millions of users.
Think about the bigger picture instead of spewing radical nonsense.
3 Likes
Roblox should still be communicating better with its game developers that are being targeted. Roblox should also help assist them monetarily for the damages. This is on ROBLOX to solve the problem. It’s their platform and they get a big cut for our work.
1 Like
Since then, I haven’t bothered to update this thread, but I have made a post on another. You are welcome to read my post here:
https://devforum.roblox.com/t/server-ddos-attacks-becoming-problematic/1072624/211?u=zeus
The issue was solved.
It’s quite frustrating to watch people like you, who have no understanding what they’re talking about, assert that I and many others are spouting radical gibberish.
Communication is critical, and Roblox’s priority should be to keep us informed.
6 Likes
My community has been affected by this too, I’m surprised that ROBLOX has not done anything to prevent this at all. It’s basically impossible to stop, no matter what you do.
Well a temporary solution like someone has already mentioned here would be creating a hub, a place where the players enters and clicks a button to get into the main game, that would stop bots from auto joining servers and sending the IP of servers with real players through a webhook, also make sure that the hub max players capacity is 1, I’d suggest doing that until Roblox implements a better solution for that, I just really hope roblox doesn’t end up having an exploit through this to get other users IP’s.
you are putting a band aid on a flesh wound
1 Like
there isn’t really any other way to go about it, he doesn’t have any access to the server that is hosting the game so he can’t do anything.