It seems as though the exploiter has taken a break on crashing the servers and I’m able to join the game normally as of right now. I’ll definitely try that out the next time he decides to hit off the servers and I’ll get back to you
In the meantime, alot of you are saying I should get in contact with Roblox themselves, but what would be the best way to do so?
I was told they were exploiting a deprecated service. I’m not sure exactly how because they “didn’t want to get it patched.”
If it doesnt’t happen on 1 player server, them i may assure you that’s not DDoS - cheaters can’t retreive server ip and port then (by the website launcher). I would suggest tracking your scripts’ activity and server memory. I do not reject the DDoS idea but as said, that’s very unlikely.
Web request services are proxies for reference so those do not share the legit server ip as well.
YES, the exploiter himself admitted he was exploiting a old/deprecated service but assumed it was just to throw me off or send me in the wrong direction.
I’ll look into this and see if this applies to my specific use-case here.
I did go on a private server and it worked fine and I was able to join the game without disruption, maybe I could assume then it is infact a DDoS attack or some sort of secret server crashing method then?
Again its super bizarre that I can’t detect a person joining the server before it crashes though…
It could be a backdoor, but as you said, it doesn’t happen in private servers, which disproves this theory.
As said. Likely game scripts.
If that does happen on PUBLIC 1 player server, I can assure you this is not DDoS or any player activity.
Roblox uses the same protocols for years and it would be known before if it was an issue. Engineers really are aware of the security and there are probably appropriate join request payload sanity checks which prevent that. I am almost certain they use firewall on their servers.
They could check if it’s one player server to mislead as well.
That’s true. All of this is quite strange, I haven’t seen any other thing for any other game like this.
@Etheroit I will try out next time it’s crashing making a public 1 player server and seeing if the problems persist, but keep in mind trying this out in a private server where no one else could join essentially yields the same result as making a one player server and the crashing didn’t occur, this confirms its a player crashing my servers but the method is undetectable (personally) from a scripting point of view.
I can’t imagine theres a backdoor or vulnerability in my scripts as I’ve had multiple sets of eyes look through everything and confirm there isn’t. But I’ll definitely look into that deprecated service that @Patch linked above.
This issue has had my head spinning since Friday as I can’t find any solid lead myself, whats even more strange is a similar club reporting the same exact crashing issues and we had confirmation that it was indeed the same exploiter doing the same to their servers.
It seems to happen in any game that i joined, Exploiters just do the script and Boom server dies. (Wont post script in this Post) But from just reading it, It seems to spam skke attachment onto the players Arm then spam it over 600000 time in a second, I think its upto Roblox Staff to try and fix this issue, (it can crash any game)
Ive also noticed alot of server drops / creating in my games aswell (which havnt had exploiters till now)
I would recommend going through the post verification process to bring it to #platform-feedback:website-bugs for it to be noticed more(possibly the staff).
Well wouldn’t it be Exploit Reports team?
Based on everything here I’d say it’s definitely an exploiter. Website bugs would not be the proper place either because this is an engine bug or an exploit, and isn’t related to the website. Judging by the fact that he has a script which does crash servers, this is enough of a reason to make an exploit report even if the script isn’t the direct cause of the crashing occuring here.
This exploit script is public and can crash any server with tools, I do not know how it works because the source is obfuscated.
Would you mind DMing me the script? I could take a look at it and run it in my sandbox to see what it’s doing.
They have to leave the server and then the server dies trying to clear all the weld spam.
The issue is very much in small community games such as Clubs, Cafes and Sword Fighting Clans. The developers behind Custom Duels, a sword-fighting community game, has been reporting this for a very long time. The reason behind these crashes is distributed denial of service(DDoS) attack and I am quite aware of how this is done. Roblox stores the server’s IP on the player’s machine whenever they join a server which can be found quite easily and you know what’s next. These developers have been trying to reach out for help on this very issue and were assured many times that necessary steps will be taken to fix this. However, despite all the efforts, nothing has been done so far.
This was already suggested numerous times and it doesn’t appear that a backdoor is the issue. You should read prior replies.
Additionally this does seem to be a DDoS attack, like @Wasteds said, it’s not hard to find the IP of a Roblox server. In fact, you can do this through http without even launching the client once. After all, the client requires the IP to connect in the first place. An easy way I know of is to use the netstat command with the -o flag which shows the pid of the program with the active connection. You can simply match up the pid of the Roblox client and find which IPs it’s connecting to.
The fact that a private server did not crash is because these servers are impossible to list unless you have access to them. You can’t join them, you can’t query them, and you can’t get the IP without being teleported there.