I’m working on improving remote event secruity in my game and I have a question regarding this.
If there is a exploiter who is just coo coo and crazy and they decide to fire a remote a billion times in a second like so:
for i = 1, math.huge do RemoteEvent:FireServer() end
On the OnServerEvent connection on the server, if I kick them on the 100th call will the other calls drop or will the rest of the billion calls still be called in.
Also wanted to see if doing this was valid as someone else did this.
there is a remote cooldown in this script, if fired twice or more per second the player will be kicked:
1 Like
kylerzong
(kylerzong)
March 29, 2022, 1:50pm
#2
local RemoteCooldown = {}
--[[
Inside remote:
if RemoteCooldown[Player.UserId] ~= nil then
if (tick() - RemoteCooldown[Player.UserId][1]) < 1 then
RemoteCooldown[Player.UserId][1] = tick()
RemoteCooldown[Player.UserId][2] += 1
if RemoteCooldown[Player.UserId][2] >= 2 then
Player:Kick()
return
end
else
RemoteCooldown[Player.UserId][1] = tick()
RemoteCooldown[Player.UserId][2] = 1
end
else
RemoteCooldown[Player.UserId] = {tick(), 1}
end
--]]
game.Players.PlayerRemoving:Connect(function(Player)
RemoteCooldown[Player.UserId] = nil
end)
Valid
I believe Roblox does this automatically in this fix with a rate limiter in this one fix.
However for certain computational intensive events as mentioned below, then a custom rate limiter would be a good idea.
It will only cause lag if that remote event is doing expensive things on the server, as mentioned earlier ensure you implement sanity checks on the server to stop events from being processed incorrectly. Also, Roblox added a rate limiter to remote events to help prevent spamming : https://developer.roblox.com/en-us/resources/release-note/Release-Note-for-337 . In addition, if someone is firing a remote too frequently and you know this is not possible then you can kick and ban them from your game. …
Sorry for the necrobump but this was pretty high in my google search, so I’m sure others are seeing this as well. There is a single glaring misconception that should be addressed:
Remote queue exhaustion is per player; it isn’t a cumulative “pot” that each player takes from. An exploiter who sends 20k requests will only ever affect their own gameplay. This will simply cause the server to start dropping requests for that specific player and the game will function normally for all the other playe…