We believe our experience has been the target of two or three DDOS attacks.
The most recent of these was today during a special event we held. The server instance where the event host was in-game was apparently taken offline and all players lost connection to it.
After the first apparent attack, I contacted Developer Relations to request UDMUX servers to protect against DDOS attacks. I believe this was done, but I never got confirmation about it so I’m not certain.
Is there a way I can be sure we are on UDMUX servers now, and if we are, is there something we can do to further protect against DDOS attacks?
I’m sorry you are getting DDoSed. It’s so annoying but luckily, there are more and more UDMUX servers reducing attack instances.
I’ve done a quick look-up and it appears all of your currently running servers are protected.
One way to check involves joining the server and then reading client logs, which at some point tell the UDMUX server and RCC server addresses. The network debug window (ctrl+shift+F3) should show the UDMUX IP as well.
I’m not too sure how to reliably recognize protected servers from the game scripts. Of course, HttpService requests are available, but most Roblox domains cannot be querried by game servers (to receive complete info). A request to a proxy should, again, return UDMUX address, but I haven’t seen a complete list of the protected servers. Some solutions need a manually written list of IPs and then check the network portion of the received address. Afterwards, they ask players to join different servers. I’m concerned this (especially if it involves kicking) could harm the player base.
Anyways, good luck, and hopefully you get a confirmation from Roblox too.
For what it’s worth, I’ve noticed that all Roblox servers seem to be using UDMUX protection now, rather than being only for some like it was a few months ago. All my past 35 game joins according to my logs folder shows that they were all connecting through UDMUX.
Are you certain that your game is being targeted by DDoS Attacks? As you said, in your most recent ‘attack’, there was an in-game event being held at your game. Do you believe in the possibility of the server Crashing due to the fact of all the players, presumably all in one area, partaking in this event? Or maybe an issue in the games code, which when exploited may cause the server to overcompute something and crash out the server?
Roblox has been pushing more and more for the use of UDMUX with most larger games using them by default now, so being able to send DDoS attacks and bypass UDMUX, despite being possible, is difficult, which is why it leads me to believe the server is crashing out. Perhaps try and use the micro-profiler and hold some more events, possibly with only Game Testers to find out the issue.
I’m having trouble finding any indication in the logs or the network debug window that we’re on UDMUX servers. However, after doing some searching I’ve noticed some people say that if your server’s IP address ends in .33 then that means it’s a UDMUX server, is that correct?
We’re not sure if it was an attack, but the circumstances really do point to it being an attack since it was during an event and it was the server instance where our dev was in-game at the time. Our game frequently has filled servers with all players in the same general area, so the conditions weren’t really much different overall.
If anyone knows of some clues in the log(s) that we could look for that could indicate whether it was a DDoS attack or not, that would be appreciated.
That really does seem to be a common pattern. The ending is just a host segment though, used to identify the host in the subnet. Maybe Roblox decided to generally stick to the convention to assign 33 to the UDMUX servers. It’s not a universal rule, because I’ve seen some protected servers with different endings, such as Amsterdam.
I suppose we can’t exclude small chances that 1. it wasn’t a DDoS but an exploitation of a bug in game (possibly on Roblox’s end) or 2. the DDoS somehow happened on a protected server.
After reading some other topics I’m fairly certain there’s not much we can do other than take care of the security on our end and leave the DDoS problem to Roblox. Contacting the Dev Relation was the right thing to do.
Sorry but we don’t have a client log from the time of the incident. If it happens again while we are in the game and are able to notice it, we’ll try to capture the client log for you.
If there is anything else we can do, or any resources you could point us to in order to be better prepared to detect and log evidence of DDoS attacks, that would be greatly appreciated.
I’m hoping there might be some telltale signs of DDoS attacks that we could look for either during an attack, or after they occur. Then we can at least confirm whether they’re occurring, or if it’s some other issue.
Since you’ve reported this issue we’ve updated DDoS protections that should help alleviate this issue. Please report back if you experience any further issues.
