Exploiters crashing my servers, cause unknown

That isn’t really specific enough… could you elaborate on that?

8 Likes

I tried to join the game you linked, but I somehow lost my connection before the loading screen finished.

Also, server list shows broken servers.

There is one other game that I had this experience with, so this may be an issue only Roblox engineers can fix.

12 Likes

I had the same exact issue. An exploiter was crashing it as soon as they joined, and they did it non stop. They could do it to a completely empty baseplate as well.

5 Likes

They might be deliberately overloading the server so that it crashes?

Perhaps try checking any RemoteEvents/Functions you have and maybe putting a cap on what they can do?

local Cooldown = {}

function onServerEvent(player,parameter)
    if Cooldown[player.UserId] == true then return end
    Cooldown[player.Name] = true
    task.delay(1, function()
        Cooldown[player.UserId] = false
    end)
    -- Run Code
end


game:GetService("ReplicatedStorage"):WaitForChild("RemoteEvent").OnServerEvent:Connect(onServerEvent)

Now, I could have made a fatal error in that sample script, please let me know if I did, but otherwise, hope it helped.

After seeing the most recent posts, it may be a problem only ROBLOX Engineers can fix.

12 Likes

The possibility of a denial of service attack is a huge problem… Hopefully it is not Roblox’s network / servers actually causing the issue in which case it could affect everyone and rather your game is infected. If it was an issue with Roblox, I’m sure they will do everything in their power to fix it ASAP because the existence of such attacks is a huge threat to the income of their precious developers.

That being said, could you run this script in an empty place to get a table of scripts, and then run it again in the infected place with the list of scripts to find all scripts that are not present in a default place? You can then comb through those scripts to determine which are safe and which are questionable.

local function check(instance)
	return instance:IsA 'LuaSourceContainer'
end

local function scripts(instances, i)
	for i = (i or 0) + 1, #instances do
		local instance = instances[i]
		local success, result = pcall(check, instance)
		if success and result then
			return i, instance
		end
	end
end

local function printScripts()
	local names = {}
	for i, source in scripts, game:GetDescendants() do
		names[#names + 1] = source:GetFullName()
	end
	print('{["', table.concat(names, '"] = true;\n["'), '"] = true;}')
end

local function compareScripts(names)
	for i, source in scripts, game:GetDescendants() do
		local name = source:GetFullName()
		if not names[name] then
			warn('Unidentified script: ' .. tostring(name))
			source.Disabled = true
			-- If the script is already running,
			-- it may prevent itself from being reparented.
			source:Clone().Parent = workspace
			print('A copy of this script was placed in the workspace.')
		end
	end
end

-- Run this function on the command line in a new place
printScripts()

-- Then in the infected place, run this command with the names table replaced by the output of the run above
--local names = {}
--compareScripts(names)
15 Likes

Things of interest to keep in mind:
A similar method is used to bot games onto the front pages where many players don’t even show or spawn into games however the player count is increased.

I was originally thinking it could be a network ownership exploit but now I think it may be related to: Better server protection from DDoS attacks - #31 by XAXA

4 Likes

@Radiakk I recommend for now that you set the place to private and contact ROBLOX as soon as you can.

2 Likes

Hi all, thanks for the advice. Again, with all my server scripts being disabled and the game still crashing there is a pretty big possibility that this could be a DDoS attack or something along the lines of that. I see you guys are pointing me to contact Roblox regarding this but how would I go about that? I tried emailing but didn’t really get the response or attention I needed.

I did also try and making a report under #platform-feedback:engine-bugs, but it seemed to go unnoticed. Is there a long wait time to process engine bug reports?

6 Likes

Looks related to the bug I reported recently

3 Likes

This is not a DDoS attack. Roblox requests are proxied. This is caused by mass cloning RightGrip (weld existing when equipping tools).

This looks somehow like this (R6 presented here - pseudoscript)

local RightGrip = Character["Right Arm"].RightGrip
onRenderStepped:
   a = clone RightGrip
   a.Parent = Character["Right Arm"]
   spawn(function() a.Parent = Workspace end)
end

This will cause a lot of elements to be parented into workspace (and replicated to server). Exploiters make it about 60000 times a second which leads to crash (clients timeout). The objects do not clear after person leaves.

There is a way to prevent it. Track ChildAdded on Workspace then if child name is RightGrip (note they can’t change it), check it’s .Part0.Parent, get player from character, kick and clear up added welds. Works on R15 as well.

DDoSing is completely separate topic. Not related to the issue.

36 Likes

Hi, I’ve been made aware of this exploit before and already have weld spam detection in my anti-exploit. I have a workspace:DescendantAdded check to prevent burying of the welds and it’s been successful in preventing this type of exploit in the past.

What concerns me is that I’ve joined a server on Club Iris completely by myself with a join tracker enabled, nobody joined the server and it was just me in it, and it still crashed… thoughts?

4 Likes

Might be issue related to your game scripts. Have you set max slots to 1?

2 Likes

Do you use the default roblox chat? Numerous exploits have come out recently and in the past that use the “SayMessageRequest” remote to crash servers. This used to be the main way of doing it, recently i had a problem with it as well.

2 Likes

@Etheroit I haven’t tried that although when I joined a private server nothing happened so I can assume game scripts aren’t to blame… it has to be someone joining the server and manually crashing it but nothing shows up in my join tracker.

@kinkocat I’ve also patched SayMessageRequest spam and it seems as though it’s also been successful in stopping that particular type of exploit in the past aswell.

2 Likes

Denial of Service attacks or DoS can take many forms… some of which are distributed (DDos) and a coordinated attack by many computers. If the above statements about the cause are true then this is a DoS attack because it is preventing you from making your services available to players.

I would totally reach out to Roblox, and be sure to mention your average player base so they can prioritize correctly. Something like this hitting one developer strikes fear into the rest of us knowing that our games are so fragile.

7 Likes

Is there a script you don’t run in private server?
Could you try to run a 1-slot server to check if issue still persists?

PS: cheaters began to use the exploit about 1 day ago. Surprised you already have it fixed. Are you sure your DescendantAdded script is well implemented? Might cause a memory leak.

3 Likes

It seems as though the exploiter has taken a break on crashing the servers and I’m able to join the game normally as of right now. I’ll definitely try that out the next time he decides to hit off the servers and I’ll get back to you

In the meantime, alot of you are saying I should get in contact with Roblox themselves, but what would be the best way to do so?

2 Likes

I was told they were exploiting a deprecated service. I’m not sure exactly how because they “didn’t want to get it patched.”

LuaWebService | Documentation - Roblox Creator Hub

6 Likes

If it doesnt’t happen on 1 player server, them i may assure you that’s not DDoS - cheaters can’t retreive server ip and port then (by the website launcher). I would suggest tracking your scripts’ activity and server memory. I do not reject the DDoS idea but as said, that’s very unlikely.
Web request services are proxies for reference so those do not share the legit server ip as well.

2 Likes

YES, the exploiter himself admitted he was exploiting a old/deprecated service but assumed it was just to throw me off or send me in the wrong direction.

I’ll look into this and see if this applies to my specific use-case here.

3 Likes