Exploiters crashing my servers, cause unknown

For the simple server-crash (the one that doesn’t take down all of your servers at once), what’s crashing the server isn’t the spamming of the welds. It’s the deletion of the welds.

It’s either one or the other. The patch provided with the weld crashing has stopped any and all attempts of crashing the server through welds.

Even if you kick the player, that’s still not fixing the problem of deleting the welds. As you know, you can’t delete an instance the exact moment it’s created, even via. ChildAdded, it’ll simply error, saying that something tried to parent the Instance to NULL as it was being parented to wherever.

Yes I am aware of the NULL issue.

all an exploiter needs to do is instead of loop-spamming instance creation, create the instances perfectly simultaneously, and let the server frantically handle attempting to destroy all of the instances.

That is a possibility but have you tested this yourself? Or is this just a theory?

They simply create the 60,000 welds, then let the script run and drop them in the void/ or get kicked by the game, and no matter what happens, the welds are deleted and this crashes the server. The only solution is through roblox preventing its replication.

They can’t instantly create the welds and drop them into the void, for it to work they have to parent it to their arm and the speed that they would need to clone and parent the welds would immediately get caught in the first place and I’m guessing if it was stopped and it was running with no yielding it would probably catch it between the 500-1000 mark.

For the one crashing all of your servers are once, I can guarantee it isn’t a backdoor though, it’s been used on Stickmasterluke’s ‘Fencing’, which hasn’t been updated in years, and hasn’t been worked on by anyone else. Other than that, can’t give any more input on this matter.

We were very confident that this isn’t a backdoor, but the information of it being used on the fencing game is new. But considering the input from the other posters it doesn’t seem a game being old comes in as a factor.

To verify the causing the server to crash anyway, could you join me into a Club Iris server and do it?
This isn’t me challenging you, it’s just me being curious at this point.

They simply create the 60,000 welds, then let the script run and drop them in the void/ or get kicked by the game, and no matter what happens, the welds are deleted and this crashes the server. The only solution is through roblox preventing its replication.

Just a update on that, I tested this myself on Club Iris and instantly gotten kicked. I checked on the servers state and was running nominal with no hiccups.

Felt like I’d make this public knowledge rather than making an entire thread (although I’ll probably end up going in to some more depth)

If you’re using admin commands you’re also at a high risk of your game being crashed, why’s this? Users can execute commands extremely quickly, and the amount of backend work that’s required for that to be detected is extremely intensive on the server, therefor it ends up turning the game off near instantly.

Adonis is currently the only script I’ve experimented with and created a patch with.

Just a disclaimer, I would recommend continuing to use Adonis if you already are, just be sure to fork it to add a delay to the commands (and make sure they’re not firing quickly)

Sorry if this should’ve been posted elsewhere but I felt it should be known while this thread has attention. I’m aware that your issue is welding but who knows. This may help someone else who is trying to find a reason for there game crashing and comes upon this thread.

Hi, everyone

In response to this, Club Iris currently uses a custom admin script with hardcoded moderators and administrators in the script itself. There isn’t any VIP commands or anything basically eliminating the possibility of command spam.

This is a good point though and I’m glad you brought this up, if anyone else is experiencing crashing issues I strongly recommend you write your own admin system and stay far from free modeled ones.

These admin systems have presented numerous issues in the past personally from what @NodeSupport mentioned, command spam & unwanted execution and on top of that vulnerabilities that you, the developer has no control over.

Be careful as to what you put in your game and if you don’t know how a script works, avoid using it or re-write it yourself. There is plenty of helpful posts and users on DevForum willing to assist you in doing so!

Would this possibly be your issue?

If you actually read the majority of the posts this isn’t weld replication abuse.

Sorry! I didn’t mean to offend anyone, just trying to help!

If we set the network ownership of a Right Grip to the LocalPlayer then if the LocalPlayer tries to spam the Right Grip it won’t replicated to the server because it only replicates to the LocalPlayer which I think would crash them instead of the whole server.

Again, I strongly believe weld spam isn’t the culprit in this specific case.

Moreover, I haven’t received any update on this issue in a while so hopefully it has been solved or at least alleviated. I will bump this thread if crashing occurs in the near future

Thank you all.

NetworkOwnership only works on BaseParts, and weld spam is highly unlikely to be the cause.

We have problems (crashes) on our sides too, our games activity is going down do to some exploiters, if there’s any patches available or method’s please share, thank you.

I can confirm that the cause has nothing to do with network ownership or parts. (Weld spam is not the cause)

Streamers I watch are constantly having problems related to servers they join crashing due to malicious players joining and crashing their server. My game is unique in the fact that NO players have a character and there are NO parts or models within my game, and only deals with RemoteEvents.

Exploiters are still crashing these servers. Any possible reasons for the crash must be due to commonalities between all our games, such as:

• Somehow abusing the default Roblox chat
• Abusing RemoteEvents
• Some other exception in Roblox replication which can cause an exploiter to add/remove new instances from the server
• Abusing the Roblox server directly

So hopefully we can agree that when these crashes happen the crash happens with no player/character present except the person monitoring the server.

Somehow abusing the default Roblox chat

ROBLOX Chat is a possibility maybe a loose end they didn’t fix up.

Abusing RemoteEvents

RemoteEvent abuse is unlikely considering our situation would require a player to load completely into a game.

Some other exception in Roblox replication which can cause an exploiter to add/remove new instances from the server

Another replication abuse doesn’t sound right due to the fact that the server performance didn’t drop during our crashes.

Abusing the Roblox server directly

Abusing the server sounds more realistic to our problem.

Don’t know if this is related, but in someone else’s game, in the server logs before a crash, it showed this:

Seems to be chat related.

Yep, looks like a chat spam exploit.

Already implemented a chat flood detector for all the chat remotes so this issue is not related.

However, if anyone is experiencing this I strongly recommend protecting your chat remotes via having a maximum chat length (e.g. >500 characters = kick) or detecting chat remote event spam.

Moreover, it seems as though the user has the ability to instantly cripple all of my game’s servers instantaneously.

How would the exploiter go about crashing multiple servers at the same time by chat flooding a single server?

This why I can’t wait for Typed-Lua, my guess is someone is sending values to your remote event and your remote event isn’t taking necessary precaution towards these invalid values.

I’ve already proven this false by removing all the remote events in the game and restarting all my servers and the crashing persisted.

The crashing is not currently occurring but this definitely wasn’t the reason why, I believe its something behind the scenes or a vulnerability that I have no control over.

even tho R2DA has good moderation like how you can get notified when you report using modcall

I suggest adding some exploits patches so exploiter can’t load their script to destroy the game