Exploiters have been attacking a friend of mines game, I have the script they have been using to crash the server. (Posted below, let me know if it’s against the rules to have it on the thread) I have also done some research on this and still haven’t figured it out.
local prefix = ":"
local msg = (prefix .. "clean "):rep(10000)
for i = 1, 100 do
game.Players:Chat(msg)
end
I’ve been trying to work in a patch to stop this but still haven’t succeeded. I was wondering if anyone had a solution or any tips because the servers are crashed around 25 times a day which really ruins the game and the player count. If you have any tips/questions please drop them below.
If your friend uses Adonis, Basic Admin Essentials, LuaModelMaker’s or any other related admin that has the :clean command, having them modify the command to be of higher permission level or removing it entirely should get rid of the problem.
This exploit script exploits the fact that these admins include a command available to everyone, even non admins. This command loops through all workspace children to clean tools and accessories that have been dropped.
Fun fact: it was made mostly because of personal servers and old obbies (around 2014-15~) where users would spam drop all of their tools and hats to lag the server, and :clean was the solution.
You should also limit the size of peoples chat, it’s bad design to allow really large chat messages anyway (in my view)
You can do string.sub(input, 1, 100) on the client, then on the server check if string.len(chat) > 100 reject it (assuming 100 char limit). Another thing you should do is limit how often players can call the remote.
Record timestamp using tick() of the last time the player called the remote, then if it was less than 0.5 seconds ago, reject it. (ensure its per-player)
Alternatively, ratelimits should be implemented as a precaution. This will prevent loops from unnecessarily run in the action of trying to abuse a command.