I currently work for a group that has a widespread of games and we have recently been getting DDOSED by multiple people. We have a picture of the panel that they are using but we are unsure as to how they are getting our “SERVERIP” and how we can find an efficient fix to it. I’m still wondering how other popular games prevent these attacks but for some reason we can’t seem to do so. Here is a photo of the UI Element used to Attack the server, does anyone know how we can prevent the exploiter from doing this?
6 Likes
Best thing to do is lower player max joins and wait for roblox service by contacting them
1 Like
I haven’t really used anything called “RobloxService”, I’m not sure if that is a service. If you could show me what you mean in the form of a code example that would help.
1 Like
Roblox staff service i meant sorry for the confusion
1 Like
Alright, thank you. Have a good day, if anyone else has any suggestions it would be greatly appreciated.
One of my games has had a problem for the past 2 days. We thought it was an attack on one of our systems. Do you know what is being attacked so I could possibly link this with your problem confirming it is a 3rd part issue and not one of ours.
We aren’t too sure what’s getting attacked. Apparently the group owner has “come to terms” with the exploiters (which can easily change), I’d still like to know what is happening.
Our team over on our group have been struggling to pinpoint what is is. We though it was an attack on remotes with just constantly spamming but the issue has residue even when the exploiter leaves. We have been monitoring out micro profiler trying to pinpoint what is exactly being attack but have been failing to do so, was just hoping this could possibly provide us a step forward.
I contacted ROBLOX about it, waiting on a response (or a fix)
Tbh, I’m confused as to why the client can even access the SERVERIP
Not sure where you got the UI nor am i concerned about how its possible. Im just trying to confirm if its an us issue or a roblox issue because we are just at a lost at what it could be
Server addresses are needed for a server, server addresses are public and are easy to access since they don’t leak anything, ddosing is very simple and is only legally used to test if your website is reliable to attacks, the attacker can only ddos one server at a time, so if you shorten the max player joins, you will have more servers and it would take longer to ddos all of them; long story short, ddosing clogs one server at a time and each server requires a server address
My game is experiencing the same issue, major DDOS attacks.
6 Likes
How is the attack actually carried out? are they botting games? just sending packets to your servers? If its just servers being botted, i’d start out by cutting your max players down to half if possible, and doing some hotfixes to limit chats and command usages. Other than that, I’d focus on gathering information - the more information we have on how they are conducting these attacks the better we can defend against them. And like others have said, contact roblox support if possible.
1 Like
Yeah thats what I was assuming, unfortunately I think that means there isn’t much we as developers can do since we don’t really have access to things like requests to the server our games are running on (as far as I know, anyways). Hopefully the team at Roblox can find a fix for this.
1 Like
My game is experiencing the same issue but how you can know it’s DDOS and not an exploit script to crash the game?
Have only one event from client to server which sends the script name and the wanted function to use. The fired function should validate userID, if the script has permission to use the wanted function, if user did not overdo it (using some limits like X times per minute). If all is good, forward the event between the servers with a bindable. That’s what I do to prevent DDoS. Use limits with caution. Shooters may have more clicks per function in a timeframe, UI’s not so much. Also some logs about spamming are helpful with understanding which functions are more frequently used and their amount per timeframe.
1 Like
My game is also experiencing major DDoS attacks by a group of individuals asking for payment in order to stop.
We’ve been trying to contact Support, but unfortunately they do not have the right tools to handle these types of situations so all they can answer us with is copy-paste messages. Ever since support hasn’t been able to help us, we have0 been trying to contact Dev rel.
1 Like
There is a Not a very Effective Way to Protect Games by this Type of
Attacks, But I Will recommend you to contact the Support of The Game, I Recommend you doing this because 99% of the people having this problems tries to contact Dev Rel, So you will wait a lot of time until it gets Worse, And Yes they have their own tools to manage this. Good Luck with it!