This morning, my studio received a Discord ticket demanding USD payment or they’d target our games with a DDoS system. This system does appear to be a functional DDoS, and does not rely on anything in-experience (i.e. remote event spam). They also claim this bypasses UDMUX.
Attached is a video sent by the user as proof this works:
This was reported by many users in our public servers, so was in fact occurring across the entire server. Additionally, they were able to replicate this across all games our studio owns.
A private message is associated with this bug report
4 Likes
Interesting, this didn’t come up on search.
Keeping this up as the information provided in Private Message may be useful.
1 Like
Upon review, this seems to be a separate issue.
The linked post seems to be an actual exploit, spamming remote events.
Our servers are not experiencing remote event spam. No user is joining to fire remote events. I was given a demonstration of the bot, and it works even on major front page games which, I presume, have properly secured events. From everything I can find, this seems to be a legitimate DDoS system which can bypass Roblox’s mitigation.
Additionally, our games have a pretty devoted group of exploiters that red team for us, and receive bounties when they flag vulnerabilities like unsecured remote events. None of them have been able to replicate this issue.
While this is all of course anecdotal, I’m not seeing anything to suggest this is Remote Event or Remote Function spam. We’ve dealt with that in the past.
3 Likes
Had a similar thing happen to my game, had to teleport all players to reserved servers so they can’t just scrape the player list to get all servers. They will move on to another game quickly since they only do this for money. That may not be an option for your game.
Hopefully roblox takes action here
1 Like