Hey, we’ve encountered a problem that has cut our concurrent playercount down to a third. I’m wondering how I can log remote events easily to figure out how it’s being done.
There’s sketchy players joining servers and allegedly shutting them down with exploits. Right after they join, the servers they join show that (!) Slow Game indicator in the server list. We’re not sure how to stop this attack and it seems to be multiple accounts doing it.
I’m wondering how I can log remotes easily without adding code to each remote in the game, if possible, and if not, possibly get support elsewhere on how to stop this attack.
EDIT: We’ve observed some users with seemingly auto-generated usernames, sketchy avatars that are very similar to exploiters that have been seen in the past, and more. This is really hurting our revenue and in these times it’s what we rely on. Any help is greatly appreciated.
EDIT 2: I’m securing remotes that were not too secure that were implemented by other developers. If I knew about these non-secured remotes, I’d have fixed them much sooner. So far, the attack is still going.
You can try looping through all remote events and adding a debug handler.
for _, places in ipairs(StorageLocations) do
for _, object in ipairs(places:GetDescendants()) do
if object:IsA("RemoteEvent") then
object.OnServerEvent:Connect(function(client, ...)
print("Remote fired", "name:", object.Name, "client:", client.Name, "data:", ...)
end)
end
end
end
To account for RemoteFunctions: (Be careful here, as you could be running this before your functions are attached! Try using GetPropertyChangedSignal or just wait for some time before doing this)
elseif object:IsA("RemoteFunction") then
local old = object.OnServerInvoke
object.OnServerInvoke = function(client, ...)
print("Remote invoked", "name:", object.Name, "client:", client.Name, "data:", ...)
return old(client, ...)
end
end
StorageLocations will be a list of places you keep your remotes in, such as Workspace or ReplicatedStorage.
You can do this for any remotes that are added afterward too by using the DescendantAdded() event.
This will let you debug information in console from all remote events that are fired from clients.
To log them outside of the console, you can use the HTTP service or datastores to upload logs, but if you are in a game while it happens, then it will be the easiest to debug, especially since you might not be able to upload logs before the game crashes or shuts down.
There is however a potential that remotes are not related to the actual cause or root of the problem, so I still recommend a good amount of research.
This is most likely from this method which has been around for a while I don’t know why it hasn’t been patched but somebody leaked it or something in the exploiting community v3rmillion and since then game servers have been crashing left and right and ROBLOX needs to fix this fast. So basically how the crash method works is before the character is created the exploiter will spam the script or will put it in the autoexecute folder of the exploit. Here the script is:
Roblox is actively working on deploying a fix for this exploit. In the meantime, there is indeed no known way to stop or mitigate the damage and we’ll have to hold through until Roblox releases their fix.
This is terrifying and I’m really not sure that we’ll be able to take a hit like this.
Thanks for informing me of this problem. I didn’t know if it was our game’s security or something like was mentioned. It eases my mind a little but I’m definitely on edge for a while until it’s patched.
This is only a temporary fix, smarter exploiters will be able to bypass this easily and still breach your main game, crashing it and rendering your servers frozen.
Try, for the time being, to ban these exploiters by UserId, implement an account age check, and funnel everyone through a one person start place. Might mitigate the damage a little.
What would be ironically funny was if the banlist is not an actual banlist, but instead shoots all exploiters off to a secret private server so they can only crash eachother and dont feel like making alt accounts.
That’s why you use a dummy server to check the banned state. If they crash the dummy server, all the actual players are safe in the real place while the dummy server that checked the exploiter goes down.
Yes you are correct because they do it before there character is even created and before they are basically loaded in the game so you really can’t do anything about this.