But as I also explained in a post above, how does this crash the server with no tools in the game?
As you mentioned above - this is unlikely caused by crash executed by exploiter (since nobody was in gmae with you). The post was complete reply to @Hexcede . Let me repeat the latest request - Have you tried on 1 player server? Does the same happen on baseplate?
You can’t get in contact directly with particular Roblox engineers. The only thing you can do is post here after PA process. You could eventually try Support - Roblox
But my bet is that it’s purely customer (player experience) support, not developer one.
I’ll definitely try one player servers and publishing a baseplate next time the exploiter decides to crash my servers and I’ll get back to you with results.
The game owner, @SoulJem, and I have already emailed Roblox support regarding this issue. As you mentioned, they thought I was a player and sent SoulJem developer tutorials but didn’t forward us to any particular engineer or team member who would take on our case.
They won’t ever do that as engineers / team members are not related to Customer Support in any way.
I don’t know if this is still revelvant but a little while back saw this post, basically the OP was showed how servers were crashed using a program called wireshark. Again, I don’t know the legitimacy of this or if it is still relevant but the thread might be worth looking into.
This is incorrect. The weld kind of crashes happen due to an internal engine error (in this case presumably running out of memory/gc issues when removing a lot of instances at once) which doesn’t use as much bandwidth, while a DDoS attack requires a TON of speed, bandwidth and computers, not to mention roblox servers can (and probably do) temp-block IPs that send a lot of data too fast.
You can’t tell whether it’s a “soft crash” or a “hard crash” basing on the player count. If a server is overloaded/crashed, it can’t report back the current player list, so the site displays the last player list it received, eventually turning it into 0, soon after which the server disappears from the list. It has been the case for all kinds of server crashes for as far as I can remember.
I do not believe that this is related to this exploit. I believe these are two unrelated but similar crashes. As said above, nothing is outputted into the logs, and no players join. It would be impossible to perform this exploit without the player having a character, thus it could not be performed as quickly as it has been.
Saying this was a DoS or DDoS attack is misinformation. While booting a Roblox server used to be trivial, the amount of resources (and therefore money) it would take to do that now pretty much eliminates any chance that this is the case.
From what I can pick up on from this post, the exploiter(s) are doing this (whatever you think it is) many times. The sheer cost that would be accumulated by doing this would remove any point, especially when someone can target a much larger place.
The far more likely scenario is someone using another iteration of the age-old method of crashing servers. Almost anything character-based that replicates to the server has been used maliciously to crash a server and that is what’s happening here.
This is incorrect. Doing the method mentioned just above would be far more intensive to a game server than shooting packets at it. Spamming parts and/or welds will overwhelm physics and other aspects of the engine. Doing it enough will simply use up too many resources for the server to handle, thus crashing it.
The fact that a crash exploit was literally just leaked on Vermillion pushes my point that this isn’t a DDoS (or DoS) attack even more.
what would an exploiter exactly do?
This has already been said. Please read old posts and history before posting such message.
The site simply removes entries for servers that do not report data. The fact that the player count is shown as zero gauruntees that the server actually reported zero players, and additionally, it must have also reported server heartbeat which is used to display the “slow servers” message. You can view the heartbeat of any server using the same request the website makes, and the fact that servers are even shown shows that they are indeed reporting information, otherwise they’d be removed from the query. This may actually serve as a useful piece of info as it would give us a rough estimate of the server’s CPU usage. If this were a hard crash the last heartbeat reported would be 60, and the players in game would be reported as well, otherwise it would be very low.
@grilme99 Now that I’ve thought about it, it’s definitely true that DoSing a server definitely would take more resources than a crash in game might due to higher CPU usage on the server, however the timings vs data size for a DoS and replication would be similar to this situation based on my knowledge.
The issue with the V3rmillion crash is that it requires the player to have loaded their character. This takes about 3-5 seconds, and that’s 3-5 seconds for the player name to be logged not to mention the amount of errors which would be spammed. The speed at which the server crashes appears to be within a second or two based on discussion above.
I did not see what you were replying to, my bad. The explanation you gave isn’t how the exploit works though, it’s like pseudo code. The actual exploit you were explaining, is well, exploiting welds, but it shouldn’t use Clone or anything since this shouldn’t have the effect it is (otherwise Clone would be super broken) which is why seeing the actual script and what it does would be important in figuring out exactly what it’s doing to cause this weird replication crash.
One thing I’d like to mention is that sometimes after entering a fresh server while he’s attacking my game, the server can crash immediately after starting up and the server scripts don’t even have time to load up in the developer console, nothing outputs, the developer console is completely frozen with almost no information in it. Even with the information in the console it doesn’t show anything abnormal with the server.
What I’m saying is that sometimes it doesn’t even take 3-5 seconds to crash, it can crash almost instantly after you join the server with no evidence of another player joining which makes this an even more bizarre issue.
Good ol’ weld replication
Theres also a much more mass/chunky way of doing this, but for obvious reasons I won’t explain on that.
I would like to keep this thread alive as this is currently still a problem.
Even as I type the servers are getting crashed instantly.
As someone who is personally working on this, the response time of the crashing to the server being created is too fast for any abuse to be happening on the game itself that could be added in by user error or just a insecure remote as we already tried monitoring remotes for the crash. I would like to emphasize that the crashing doesn’t occur in private servers or when the game is private and they join the server, but the second the game is made public the response time of the crash from the newly created server when the game was private is about 1 second or less. I firmly believe this is some sort of API abuse, the only other possible cause is just a plain old DDoS attack which is unlikely. Emailing ROBLOX support proved no help asking us for “screenshots” of the issue like we already know what’s causing it.
It’s just a problem of figuring out which API is being abused, the people causing this are being very vague of what they’re using and the only thing they would response is a API surrounding UIs, of course we already scanned the game of all GetService for any oudated/unused services with no luck.
I’m also looking around for a fix on this. This same dude or group of dudes is just harassing community members and constantly crashing our servers. The game has had a much lower player count than usual over the past few days. Is there any reliable way to cut out a ton of spawned welds?
Exhibit A: What we believe to be the code used in the hack
You could do a child added on the status as according to that script that is where they put it.I don’t believe welds are put there naturally by roblox, so if one ends up in there it’s safe to assume they’re exploiting your game.
Couldn’t they just find out I’m only looking at Status and just put it in their LeftUpperArm or something?
I went ahead and wrote up a solution to the crashing problems.
I did some light testing with the weld spam crashing and so far it has worked. I haven’t tested the scenario of parenting the welds to someone else. But the IsDescendantOf check should cover that.
local Players = game:GetService("Players")
function GetPlayerByWeld(WeldObject)
if not WeldObject then return nil end
for i,v in pairs(Players:GetPlayers()) do
if v.Character and WeldObject.Part0 and WeldObject.Part0:IsDescendantOf(v.Character) then
return v
end
end
end
game.Workspace.DescendantAdded:Connect(function(Object)
if Object:IsA("Weld") and Object.Name == "RightGrip" then
local Player = GetPlayerByWeld(Object)
local WeldCount = 0
if Player then
Object.AncestryChanged:Connect(function()
if Object.Parent ~= nil and not Object:IsDescendantOf(Player.Character) then
Player:Kick("Ancestry")
Object:Destroy()
end
end)
for i,v in pairs(Object.Parent:GetChildren()) do
if v:IsA("Weld") and v.Name == "RightGrip" then
local Owner = GetPlayerByWeld(v)
if Owner and Owner == Player then
WeldCount = WeldCount + 1
end
end
end
if WeldCount > 2 then
Player:Kick("Max")
Object:Destroy()
end
end
end
end)