Hey folks,
I’m the Co-Owner of this game and we’ve launched a huge update today.
A complete new map and new tech, after an hour or two of fixing bugs, weird events start occurring. People couldn’t get in the servers and server by server got the “Slow server” stamp.
We think our servers are being DDos’d by accounts that join the game, and then it just crashes due to it spamming a lot of requests. We’ve been checking all of our scripts and all of them are working fine.
Does anyone have a clue what we can do to prevent this? We already contacted Roblox and asked them if they could help us out. But is there something we can do in the meantime?
Please dont look up terms and use them > theres no ddosing a roblox game. All exploits are run client side. If anything its probably some free model you inserted
If they are bots, add a script where accounts must be a certain age to join, if they are players, find out how they are doing it and make a script stopping it from happening. Maybe check your models and make sure your developers are not adding exploits. It happened to me once. Also, check roblox.status.io to see if it was just Roblox.
no problem. I ran a game called “Dayron Grill” and some exploiters got into it. I understand how hard it is to deal with it. Especially when 20+ people are in your game.
Do you know what they are abusing to “DDoS” the game?
I’ve found generally that usually its the chat events and remote functions (especially .Chatted) are what most exploiters abuse. This is usually provided by Roblox, with people only overriding parts. I would definitely look at adding things like wait() to all your Remote Functions and Remote Events in the chat itself (by making a copy and then going through that).
Generally, any remote event / remote function can be used and abused. I adapted a one remote function and a one remote event system with my own custom chat - no issues from exploiters (and people have tried).
Your only other issue which you might want to look at is replication, you can crash a game by causing the physics service to crash the game for you (because its handling too much as someone spams your events in these manners).
All these bugs you’ve just listed have been patched for a very long time; so yes; a player can either run some skiddy PuTTY botnet or some crappy web-stresser and hit Roblox servers offline.
It depends what you mean by “anti”, I have found when I have tried to put limitations (capturing time difference etc) which kick players on my remote events / remote functions the server “crashes” before the game manages to kick the person.
To add, you also can’t trust the in-game script status if your being crashed - that doesn’t respond amidst being crashed.
We have literally no clue, since we don’t know who is executing it. Just some random accounts. We do believe it’s someone who is our competition.
We think it’s because they can’t stand us growing so fast-- and trying to stop that by ruining our launch of the update.
Not really. Those are just more exploiters who lag the game a lot by e.g abusing physics service or the chat. Here, they really just crash complete servers of 30+ players in 3 minutes. We literally have no clue how, but we are certain they are DDoS’ing us… We already contacted roblox, but this is costing us money & players…
That last one though, might be a bit helpful. We have a custom rendering system which prevents a lot of lag due to our huge map. They might be abusing this in some sort of way… I’ll add some statements to debug it and try to discover a pattern. Thanks for your help!
Well sorta. We used to use a free model Admin script which had the !clean command in it. Some people discovered this, and abused it. In our new update (same game) we have everything made custom and by ourselfs. There is no way there is a Free model in.
Actually I’ve dealt with the same situation I used to be apart of a military group. You are being attacked by a exploiter who can disconnect everyone in game. You need to find the user and ban immediate or changed the scripts to prevent this. Exploiters only get access to stuff like this depending on what scripts and models you perform on the game.
To be fair, you wouldn’t even need to do that - you just have to make too many requests from the client itself (spam a range of remote events / remote functions at the same time).
This might account for why my game hasn’t had a problem when people have tried - they are exploiting multiple events instead of singular ones?