Exploiters crashing my servers, cause unknown

Hello DevForum,

I am the developer for a game called Club Iris (Club Iris - Roblox), and recently crashing has been occurring non-stop periodically. The user in question is crashing my game with exploits over and over again as a means to get him and his friends unbanned.

I’ve went through and checked for any backdoors, malicious scripts, or any flaws in my scripts’ security and have found nothing. Also, upon analyzing my plugins I’ve found nothing suspicious among their sources. Tools seem to have no contributing factor as the crashing persisted even after removing all tools.

As an attempt to narrow down the issues. I disabled elements of my game in increments to determine the root cause, to no avail. Finally, I went and disabled every single script and the crashing still occurred. Leading me to believe this might be a bigger issue/engine bug?

Moreover, it seems as though the user has the ability to instantly cripple all of my game’s servers instantaneously. As a test, I was the first to join a server and with just me in it, and the server crashed. I checked if anyone else joined and nothing showed up.

Before anyone mentions it, I have indeed taken a look at the developer console and nothing out of the ordinary appears before and after crashing, no ping spikes, no script activity spikes, and no network activity spikes. It just crashes out of nowhere and I can’t find a way to detect a source.

This user is taking my game for ransom and refuses to cooperate and stop this unless him and his friends are unbanned from my game. I’ve done everything in my power to stop this, after contacting other professionals and getting feedback and advice I’ve gotten nowhere and pointers in the wrong direction.

I’ve received reports of the same exact circumstance happening to another club game similar to ours yet neither clubs share any of the same scripts, there must be something I’m missing here?

Urgent assistance and guidance would be much appreciated,
Radiakk

I’d like to mention that when the servers crash, the whole server freezes and everyone gets the error “Please check your internet connection”, if you try to join any of the servers your Roblox client freezes and just blurs at the loading screen.

I witnessed something like this without exploitation involved but was a result of server overload. Sorry if it may not be much help but I think it is an idea to consider.

It’s an exploit abusing a certain replication property.

That isn’t really specific enough… could you elaborate on that?

I tried to join the game you linked, but I somehow lost my connection before the loading screen finished.

image1366×768 185 KB

Also, server list shows broken servers.

image1031×411 17.8 KB

There is one other game that I had this experience with, so this may be an issue only Roblox engineers can fix.

I had the same exact issue. An exploiter was crashing it as soon as they joined, and they did it non stop. They could do it to a completely empty baseplate as well.

They might be deliberately overloading the server so that it crashes?

Perhaps try checking any RemoteEvents/Functions you have and maybe putting a cap on what they can do?

local Cooldown = {}

function onServerEvent(player,parameter)
    if Cooldown[player.UserId] == true then return end
    Cooldown[player.Name] = true
    task.delay(1, function()
        Cooldown[player.UserId] = false
    end)
    -- Run Code
end


game:GetService("ReplicatedStorage"):WaitForChild("RemoteEvent").OnServerEvent:Connect(onServerEvent)

Now, I could have made a fatal error in that sample script, please let me know if I did, but otherwise, hope it helped.

After seeing the most recent posts, it may be a problem only ROBLOX Engineers can fix.

The possibility of a denial of service attack is a huge problem… Hopefully it is not Roblox’s network / servers actually causing the issue in which case it could affect everyone and rather your game is infected. If it was an issue with Roblox, I’m sure they will do everything in their power to fix it ASAP because the existence of such attacks is a huge threat to the income of their precious developers.

That being said, could you run this script in an empty place to get a table of scripts, and then run it again in the infected place with the list of scripts to find all scripts that are not present in a default place? You can then comb through those scripts to determine which are safe and which are questionable.

local function check(instance)
	return instance:IsA 'LuaSourceContainer'
end

local function scripts(instances, i)
	for i = (i or 0) + 1, #instances do
		local instance = instances[i]
		local success, result = pcall(check, instance)
		if success and result then
			return i, instance
		end
	end
end

local function printScripts()
	local names = {}
	for i, source in scripts, game:GetDescendants() do
		names[#names + 1] = source:GetFullName()
	end
	print('{["', table.concat(names, '"] = true;\n["'), '"] = true;}')
end

local function compareScripts(names)
	for i, source in scripts, game:GetDescendants() do
		local name = source:GetFullName()
		if not names[name] then
			warn('Unidentified script: ' .. tostring(name))
			source.Disabled = true
			-- If the script is already running,
			-- it may prevent itself from being reparented.
			source:Clone().Parent = workspace
			print('A copy of this script was placed in the workspace.')
		end
	end
end

-- Run this function on the command line in a new place
printScripts()

-- Then in the infected place, run this command with the names table replaced by the output of the run above
--local names = {}
--compareScripts(names)

Things of interest to keep in mind:
A similar method is used to bot games onto the front pages where many players don’t even show or spawn into games however the player count is increased.

I was originally thinking it could be a network ownership exploit but now I think it may be related to: Better server protection from DDoS attacks - #31 by XAXA

@Radiakk I recommend for now that you set the place to private and contact ROBLOX as soon as you can.

Hi all, thanks for the advice. Again, with all my server scripts being disabled and the game still crashing there is a pretty big possibility that this could be a DDoS attack or something along the lines of that. I see you guys are pointing me to contact Roblox regarding this but how would I go about that? I tried emailing but didn’t really get the response or attention I needed.

I did also try and making a report under #platform-feedback:engine-bugs, but it seemed to go unnoticed. Is there a long wait time to process engine bug reports?

Looks related to the bug I reported recently

This is not a DDoS attack. Roblox requests are proxied. This is caused by mass cloning RightGrip (weld existing when equipping tools).

This looks somehow like this (R6 presented here - pseudoscript)

local RightGrip = Character["Right Arm"].RightGrip
onRenderStepped:
   a = clone RightGrip
   a.Parent = Character["Right Arm"]
   spawn(function() a.Parent = Workspace end)
end

This will cause a lot of elements to be parented into workspace (and replicated to server). Exploiters make it about 60000 times a second which leads to crash (clients timeout). The objects do not clear after person leaves.

There is a way to prevent it. Track ChildAdded on Workspace then if child name is RightGrip (note they can’t change it), check it’s .Part0.Parent, get player from character, kick and clear up added welds. Works on R15 as well.

DDoSing is completely separate topic. Not related to the issue.

Hi, I’ve been made aware of this exploit before and already have weld spam detection in my anti-exploit. I have a workspace:DescendantAdded check to prevent burying of the welds and it’s been successful in preventing this type of exploit in the past.

What concerns me is that I’ve joined a server on Club Iris completely by myself with a join tracker enabled, nobody joined the server and it was just me in it, and it still crashed… thoughts?

Might be issue related to your game scripts. Have you set max slots to 1?

Do you use the default roblox chat? Numerous exploits have come out recently and in the past that use the “SayMessageRequest” remote to crash servers. This used to be the main way of doing it, recently i had a problem with it as well.

@Etheroit I haven’t tried that although when I joined a private server nothing happened so I can assume game scripts aren’t to blame… it has to be someone joining the server and manually crashing it but nothing shows up in my join tracker.

@kinkocat I’ve also patched SayMessageRequest spam and it seems as though it’s also been successful in stopping that particular type of exploit in the past aswell.

Denial of Service attacks or DoS can take many forms… some of which are distributed (DDos) and a coordinated attack by many computers. If the above statements about the cause are true then this is a DoS attack because it is preventing you from making your services available to players.

I would totally reach out to Roblox, and be sure to mention your average player base so they can prioritize correctly. Something like this hitting one developer strikes fear into the rest of us knowing that our games are so fragile.

Is there a script you don’t run in private server?
Could you try to run a 1-slot server to check if issue still persists?

PS: cheaters began to use the exploit about 1 day ago. Surprised you already have it fixed. Are you sure your DescendantAdded script is well implemented? Might cause a memory leak.