The possibility of a denial of service attack is a huge problem… Hopefully it is not Roblox’s network / servers actually causing the issue in which case it could affect everyone and rather your game is infected. If it was an issue with Roblox, I’m sure they will do everything in their power to fix it ASAP because the existence of such attacks is a huge threat to the income of their precious developers.
That being said, could you run this script in an empty place to get a table of scripts, and then run it again in the infected place with the list of scripts to find all scripts that are not present in a default place? You can then comb through those scripts to determine which are safe and which are questionable.
local function check(instance)
return instance:IsA 'LuaSourceContainer'
end
local function scripts(instances, i)
for i = (i or 0) + 1, #instances do
local instance = instances[i]
local success, result = pcall(check, instance)
if success and result then
return i, instance
end
end
end
local function printScripts()
local names = {}
for i, source in scripts, game:GetDescendants() do
names[#names + 1] = source:GetFullName()
end
print('{["', table.concat(names, '"] = true;\n["'), '"] = true;}')
end
local function compareScripts(names)
for i, source in scripts, game:GetDescendants() do
local name = source:GetFullName()
if not names[name] then
warn('Unidentified script: ' .. tostring(name))
source.Disabled = true
-- If the script is already running,
-- it may prevent itself from being reparented.
source:Clone().Parent = workspace
print('A copy of this script was placed in the workspace.')
end
end
end
-- Run this function on the command line in a new place
printScripts()
-- Then in the infected place, run this command with the names table replaced by the output of the run above
--local names = {}
--compareScripts(names)
Things of interest to keep in mind:
A similar method is used to bot games onto the front pages where many players don’t even show or spawn into games however the player count is increased.
Hi all, thanks for the advice. Again, with all my server scripts being disabled and the game still crashing there is a pretty big possibility that this could be a DDoS attack or something along the lines of that. I see you guys are pointing me to contact Roblox regarding this but how would I go about that? I tried emailing but didn’t really get the response or attention I needed.
I did also try and making a report under #platform-feedback:engine-bugs, but it seemed to go unnoticed. Is there a long wait time to process engine bug reports?
This is not a DDoS attack. Roblox requests are proxied. This is caused by mass cloning RightGrip (weld existing when equipping tools).
This looks somehow like this (R6 presented here - pseudoscript)
local RightGrip = Character["Right Arm"].RightGrip
onRenderStepped:
a = clone RightGrip
a.Parent = Character["Right Arm"]
spawn(function() a.Parent = Workspace end)
end
This will cause a lot of elements to be parented into workspace (and replicated to server). Exploiters make it about 60000 times a second which leads to crash (clients timeout). The objects do not clear after person leaves.
There is a way to prevent it. Track ChildAdded on Workspace then if child name is RightGrip (note they can’t change it), check it’s .Part0.Parent, get player from character, kick and clear up added welds. Works on R15 as well.
DDoSing is completely separate topic. Not related to the issue.
Hi, I’ve been made aware of this exploit before and already have weld spam detection in my anti-exploit. I have a workspace:DescendantAdded check to prevent burying of the welds and it’s been successful in preventing this type of exploit in the past.
What concerns me is that I’ve joined a server on Club Iris completely by myself with a join tracker enabled, nobody joined the server and it was just me in it, and it still crashed… thoughts?
Do you use the default roblox chat? Numerous exploits have come out recently and in the past that use the “SayMessageRequest” remote to crash servers. This used to be the main way of doing it, recently i had a problem with it as well.
@Etheroit I haven’t tried that although when I joined a private server nothing happened so I can assume game scripts aren’t to blame… it has to be someone joining the server and manually crashing it but nothing shows up in my join tracker.
@kinkocat I’ve also patched SayMessageRequest spam and it seems as though it’s also been successful in stopping that particular type of exploit in the past aswell.
Denial of Service attacks or DoS can take many forms… some of which are distributed (DDos) and a coordinated attack by many computers. If the above statements about the cause are true then this is a DoS attack because it is preventing you from making your services available to players.
I would totally reach out to Roblox, and be sure to mention your average player base so they can prioritize correctly. Something like this hitting one developer strikes fear into the rest of us knowing that our games are so fragile.
Is there a script you don’t run in private server?
Could you try to run a 1-slot server to check if issue still persists?
PS: cheaters began to use the exploit about 1 day ago. Surprised you already have it fixed. Are you sure your DescendantAdded script is well implemented? Might cause a memory leak.
It seems as though the exploiter has taken a break on crashing the servers and I’m able to join the game normally as of right now. I’ll definitely try that out the next time he decides to hit off the servers and I’ll get back to you
In the meantime, alot of you are saying I should get in contact with Roblox themselves, but what would be the best way to do so?
If it doesnt’t happen on 1 player server, them i may assure you that’s not DDoS - cheaters can’t retreive server ip and port then (by the website launcher). I would suggest tracking your scripts’ activity and server memory. I do not reject the DDoS idea but as said, that’s very unlikely.
Web request services are proxies for reference so those do not share the legit server ip as well.
YES, the exploiter himself admitted he was exploiting a old/deprecated service but assumed it was just to throw me off or send me in the wrong direction.
I’ll look into this and see if this applies to my specific use-case here.
I did go on a private server and it worked fine and I was able to join the game without disruption, maybe I could assume then it is infact a DDoS attack or some sort of secret server crashing method then?
Again its super bizarre that I can’t detect a person joining the server before it crashes though…
As said. Likely game scripts.
If that does happen on PUBLIC 1 player server, I can assure you this is not DDoS or any player activity.
Roblox uses the same protocols for years and it would be known before if it was an issue. Engineers really are aware of the security and there are probably appropriate join request payload sanity checks which prevent that. I am almost certain they use firewall on their servers.