Exploiters keep finding ways to lag game. How are they doing it?

I personally kick users that go over my rate limit and ignore invalid requests. Though I do log such and check later to make sure they’re not invalid by my own mistake.

It still happens quite often despite all the anti exploit stuff Roblox has made. Remotes to watch out for are especially the remotes that do stuff that can build up on memory or replicates to other clients.

I’ve helped small games before who had no protection on scripts that ran Player:LoadCharacter() and calling it 500 times in a split second was enough to crash studio.

It usually is memory or network traffic issues if the effects aren’t that visible. In such a scenario all users might lose connection to the server at once. Or might experience a high ping or unresponsive behaviour.

If it’s lag where your frames drop; then it’s often too much effects on the client lagging the client.

Another thing thay could happen is a rare case scenario where your code has a bug that occurs rarely, but once it happens it’s destructive.
I had a case where I had a Base93 encoding algorithm, but inputting the number 0 would crash the server; any larger number into the millions wouldn’t and would just make the output string larger. But 0 happened in rare case scenarios. All thanks to me copying javascript code to luau and forgetting arrays start at 0 in javascript and at 1 in luau.