Exploiters crashing my servers, cause unknown

Hi everyone,

The trend of replies here seems to be pointing to either a weld spam or DDoS attack against my game. In both scenarios, it’s impossible for me as a developer to mitigate or stop these attacks. I’ve already implemented in sufficient weld spam countermeasures and they’ve worked fine in the past so I’m not sure what method this exploiter is using.

How do I go about contacting Roblox about this? Emailing isn’t really an option and it seems as though my engine bugs report went unnoticed… maybe I didn’t wait long enough?

6 Likes

Out of curiosity, why aren’t more popular games targeted, or, if they are, why don’t they go down as easily as these games if this issue is shared across the platform?

5 Likes

Apparently this game is a target of these server crash exploits as well, no idea what’s going on.

2 Likes

I’ll try and expand my weld spam detection to places outside of the workspace and see if it stops these unknown attacks the exploiter is performing.

Again, I removed every single remote event from the game, rebooted all servers and the crashing still persisted, essentially ruling out remote event spam (which I already have detection for) so I’ll definitely try expanding my weld spam coverage and seeing if this is indeed the case.

The exploiter has taken frequent breaks so when he does start crashing the servers again I’ll post an update whether this worked or not.

If anyone else has another idea or advice I’ll be looking into it, thanks everyone.

3 Likes

Does the server instantly shut down (ie “This game has shutdown”) or does it take at least a few seconds and freeze everyone in place? Because if so, that definitely sounds like they’re replicating a bunch of welds (ie 60,000 of them) to lag out the server gradually.

2 Likes

The entire server freezes and activity ceases for about 3 or 4 seconds then everyone gets kicked with the message “Please check your internet connection and try again”.

If you try and rejoin said server it will freeze at the loading screen and blur as visualized in a post further up.

It seems as though he has the ability to take down all my servers almost instantaneously which is really strange.

9 Likes

If I had to guess it’s most likely due to their large server count. It’s extremely difficult (and I’m sure this would show up on Roblox’s radar if this happened) for servers to get taken down through a DDoS attack since they’re are just so many. I’ve heard of actual DDoS attacks happening on Roblox in small communities, and I’ve even seen software being developed by people for this specific purpose.

Also, @Meta_Data number one would mean that servers within the server list would quickly be gone, for number two a player would need to actually join, which has been proven to be incorrect as far as I’ve read, and same with three. The author of the original post said that they were logging player joins. If #2 was the case than player joins would show up. Additionally, we’re waiting on a one player server test to see if servers are going down with only one player, which would 100% verify a DDoS attack.

4 Likes

DDoSing a roblox game server would take a ridiculous amount of resources. Resources that no one would have.

It’s more than likely the tool crash script that was leaked a few days ago. And someone found a way to make the welds replicate without going in workspace. (bypassing the workspace.DescendantAdded check)

I also do not believe for a single moment that they can crash the server without being inside of it.

4 Likes

This is incorrect. DoSing a Roblox game server takes just as many resources as crashing the server from in game, such as Weld based crashes. (This would actually definitely take more resources, however I guess I meant that based on my knowledge this would take similar resources to the Weld crash). Additionally, this is a soft crash, not a hard crash. The server is clearly overloaded, and because it was reporting 0 players as shown above, the server did not simply crash, it’s heavily overloaded. Like I said, there have been numerous tools developed for the sole purpose of DDoSing a Roblox game server and they’ve existed for years. They aren’t common, but they exist.

Additionally, if you have the IP of the Roblox server you can send any data to it. There are projects which have reverse engineered the Roblox protocol and implement their own clients, proxies, etc. It’s entirely possible that someone has found a way to overload servers without initializing a player client, and this would really just be a DoS attack, or possibly a DDoS.

8 Likes

Yeah I always found it really odd that I was the first person to enter a server, had a player join detector, and even had a workspace:DescendantAdded detector and nothing showed up in either of them while the server crashed. Nothing even showed up in network stats, ping, or script activity…

If you go back and look at the server I was in it only shows me inside it but you can’t join it without freezing your Roblox client pictured above.

2 Likes

when you rejoin after getting this, does it say that you cant join cause your playing from another device?

1 Like

error

This is the error it displays when the server crashes.

If you try and rejoin your client freezes at the loading screen before an error screen can be displayed.

1 Like

So yeah my game is currently suffering from this. Was in-game looking at server output as it happened, some alt looking account joined the game and as soon as their character was spawned in, this happened:


(Full error text is "“Weld RightGrip will not replicate in the near future. This is probably due to some custom tool-weld script.”)

All players then disconnected and the server was consequently shut-down. My game doesn’t use RightGrip welds or Tool instances so I’m intrigued as to how this is replicating.

I’m currently trying to reproduce this error to get a fix implemented.

7 Likes

Yeah that’s definitely the tool crasher.

As for OP, if no one joins the game and can still crash it, then it definitely sounds like an emulated client + #1 of what I said. (There’s only a few people I know who do this)

I played around for a bit to try and parent the welds somewhere other than workspace / my character, and no where else would replicate.

If that’s the case, this is completely out of your control, a roblox engineer would need to investigate.

2 Likes

Yes this is infact an example of the weld spam exploit, although when my server crashes nothing shows up in the developer console and no players join as I previously stated.

My advice for you is try checking for rogue duplicate welds using DescendantAdded and kicking their Part0’s (exploiters hand) player to stop or mitigate these attacks. Also make sure you remove the weld to prevent your server slowing to an unusable state.

1 Like

this may or not be useful info, but when i play games sometimes, out of nowhere, i get the same error and when i try to rejoin, it says that i tryed joining the game while the same account is in another game. it may only affect me cause i play on mobile and in 2 different rooms where the internet connection is stable, and in the other room its stable and unstable.

heres a photo of the error message i get after getting disconnected and then trying to rejoin: Errorrare
photo is from the roblox wikia error messages page

2 Likes

I just have a question about this. If a game has no tools, can it still be attacked by exploiters?

Yes it can, as an example I removed all tools, remote events and server scripts from Club Iris, rebooted our servers, and it still got crashed. These are most likely the cause of most crashing issues yet with all of them disabled/deleted it still occurred.

4 Likes

You’re not wrong. I was thinking DoS as in the traditional skid uses a booter to take down the server, lol

It does sound like someone is using emulated client + sending bad packets now.

1 Like

This has also repeatedly happened to a small game I regularly play recently, as well as another small game that I develop for. I can only assume that they’re using the tool grip exploit for these games also, from what I’ve been reading.

1 Like