Exploiters crashing my servers, cause unknown

We have problems (crashes) on our sides too, our games activity is going down do to some exploiters, if there’s any patches available or method’s please share, thank you.

I can confirm that the cause has nothing to do with network ownership or parts. (Weld spam is not the cause)

Streamers I watch are constantly having problems related to servers they join crashing due to malicious players joining and crashing their server. My game is unique in the fact that NO players have a character and there are NO parts or models within my game, and only deals with RemoteEvents.

Exploiters are still crashing these servers. Any possible reasons for the crash must be due to commonalities between all our games, such as:

• Somehow abusing the default Roblox chat
• Abusing RemoteEvents
• Some other exception in Roblox replication which can cause an exploiter to add/remove new instances from the server
• Abusing the Roblox server directly

So hopefully we can agree that when these crashes happen the crash happens with no player/character present except the person monitoring the server.

Somehow abusing the default Roblox chat

ROBLOX Chat is a possibility maybe a loose end they didn’t fix up.

Abusing RemoteEvents

RemoteEvent abuse is unlikely considering our situation would require a player to load completely into a game.

Some other exception in Roblox replication which can cause an exploiter to add/remove new instances from the server

Another replication abuse doesn’t sound right due to the fact that the server performance didn’t drop during our crashes.

Abusing the Roblox server directly

Abusing the server sounds more realistic to our problem.

Don’t know if this is related, but in someone else’s game, in the server logs before a crash, it showed this:

Seems to be chat related.

Yep, looks like a chat spam exploit.

Already implemented a chat flood detector for all the chat remotes so this issue is not related.

However, if anyone is experiencing this I strongly recommend protecting your chat remotes via having a maximum chat length (e.g. >500 characters = kick) or detecting chat remote event spam.

Moreover, it seems as though the user has the ability to instantly cripple all of my game’s servers instantaneously.

How would the exploiter go about crashing multiple servers at the same time by chat flooding a single server?

This why I can’t wait for Typed-Lua, my guess is someone is sending values to your remote event and your remote event isn’t taking necessary precaution towards these invalid values.

I’ve already proven this false by removing all the remote events in the game and restarting all my servers and the crashing persisted.

The crashing is not currently occurring but this definitely wasn’t the reason why, I believe its something behind the scenes or a vulnerability that I have no control over.

even tho R2DA has good moderation like how you can get notified when you report using modcall

I suggest adding some exploits patches so exploiter can’t load their script to destroy the game

your not thinking about core remote events though, like the ones for animations.

people can inject their own scripts and abuse the core remote events.

Animations are primarily handled by the client, animations are replicated directly to the server without needing to use a Remote. This is not a core remote abuse as we already stated that these crashed happen WITH NO PLAYER in the server except the person monitoring the server. There were no signs of a memory leak or a spike of activity in the server during these crashes. Obviously abuse of a remote event would show clear signs of a spike in activity which there isn’t.

Bump, this is still occurring to my game. Looks like the crashing over and over has returned. I heard they’re releasing a weld spam patch soon so that might stop this problem once and for all…?

Edit: As of now at 6:45PM EST it has ceased but the exact issue outlined in the OP was occurring for around 5 minutes straight…

Hey, I’ve heard from a few sources @sowlitary found a way to patch this. You should most likely contact him or seek if he can reply to this post with how to patch this. Again this is rumors, I am not sure if this is true.

Best of luck with patching this, I will edit this message if I have anything else to add!

Update! It appears the crash method that has been used on our games has been leaked to the exploiting community and matched our description of these crashes.

This crash method requires it to be executed before LocalPlayer is created which means it has to be ran before PlayerAdded is fired. I’m sure the engineers are already aware of this issue and are on it. This crash method is extremely powerful when a group of exploiters work together, some refined the method to be extremely lightweight and has the potential to bring down frontpage games in a few hours if a group were to work together.

I’m not going to speak details on how the crash method works because it seems like talking about it is a taboo to the devforum staff and will get your thread/post deleted.

It’s already patched. Don’t bother.

Well aren’t you a ray of sunshine?

Idk if Im too late, but my game also gets crashed by the exploiters. the game just freezes after some minutes.

image959×433 571 KB

that looks like the CoreGUIs crashing.

I’m also still experiencing the same problem after adding in a patch for weld spam, sound spam, and even chat spam.

Have you tried checking if players are spamming remotes? This part is usually overlooked and comes back to bite developers back because of that.