Server addresses are needed for a server, server addresses are public and are easy to access since they don’t leak anything, ddosing is very simple and is only legally used to test if your website is reliable to attacks, the attacker can only ddos one server at a time, so if you shorten the max player joins, you will have more servers and it would take longer to ddos all of them; long story short, ddosing clogs one server at a time and each server requires a server address
My game is experiencing the same issue, major DDOS attacks.
6 Likes
How is the attack actually carried out? are they botting games? just sending packets to your servers? If its just servers being botted, i’d start out by cutting your max players down to half if possible, and doing some hotfixes to limit chats and command usages. Other than that, I’d focus on gathering information - the more information we have on how they are conducting these attacks the better we can defend against them. And like others have said, contact roblox support if possible.
1 Like
Yeah thats what I was assuming, unfortunately I think that means there isn’t much we as developers can do since we don’t really have access to things like requests to the server our games are running on (as far as I know, anyways). Hopefully the team at Roblox can find a fix for this.
1 Like
My game is experiencing the same issue but how you can know it’s DDOS and not an exploit script to crash the game?
Have only one event from client to server which sends the script name and the wanted function to use. The fired function should validate userID, if the script has permission to use the wanted function, if user did not overdo it (using some limits like X times per minute). If all is good, forward the event between the servers with a bindable. That’s what I do to prevent DDoS. Use limits with caution. Shooters may have more clicks per function in a timeframe, UI’s not so much. Also some logs about spamming are helpful with understanding which functions are more frequently used and their amount per timeframe.
1 Like
My game is also experiencing major DDoS attacks by a group of individuals asking for payment in order to stop.
We’ve been trying to contact Support, but unfortunately they do not have the right tools to handle these types of situations so all they can answer us with is copy-paste messages. Ever since support hasn’t been able to help us, we have0 been trying to contact Dev rel.
1 Like
There is a Not a very Effective Way to Protect Games by this Type of
Attacks, But I Will recommend you to contact the Support of The Game, I Recommend you doing this because 99% of the people having this problems tries to contact Dev Rel, So you will wait a lot of time until it gets Worse, And Yes they have their own tools to manage this. Good Luck with it!
There is a way to get a serverIP. I can get urs right now. It’s pretty easy. But, When a game shuts down, the ip get’s reseted, so they must have some kind of bot that keeps on getting your ip. Just lower the server size, so they can’t ddos all server’s.
It’s still pathetic that nothing’s been done after people have reported it.
2 Likes
I’m worried about this kind of thing happening down the road to a game I’m working on. Does the web api give potential attackers the IP and port for all running servers?
I’ve been wondering if you can basically segregate newer players in their own servers to prevent them joining games that are going to ruin the experience of established players. I was planning on having the main place be a hub that would then transport people to the server they belong in.
It uses NetworkClient. Documentation is here for what they use to get IP and Port, Roblox Broadcasts it to that function when you join the game.
Roblox Doesn’t care much about security anymore tbh.
1 Like
Hello, I have a TEMPORARY fix for your game, here’s the following steps.to temporarily take until they quit attacking your game.
1( We will head to game settings and go to places and create a place with the exact same name and description as your current attacked game.
2( We will now go to create tab and find the place that was just created, should not be hard to find as it should be first in the list of group creations in games section
3( We will publish the game to the newly created place (press publish to game as, go to group creations, press your current game (not the new place) and there should pop up 2 games (your current and the exact replica we earlier made, publish the game as you want to the exact replica)
4( We will now make a script in serverscript called TPS and include the following in it , PLEASE MAKE SURE NOT TO PUBLISH THIS TO THE EXACT REPLICA OR THERE WILL BE A INFINITE LOOP TELEPORT.
placeid = exactreplicaidherethatyougotfromcreatortab
game.Players.PlayerAdded:Connect(function(Player)
game:GetService("TeleportService"):Teleport(placeid,Player)
end)
5( We will set the playercount to 1, now your community will be able to play without anyone crashing but will not be able to choose which server to join as they will be teleported to the exact replica of game where gameplay will work normally (playercount will show fine but no servers). The reason we set playercount to 1 is so they can join and get teleported okay without the exploiter still crashing the servers they will try to join to teleport.
6( Wait out until the ddosers are tired and stop harassing you and your community.
3 Likes
Bumping this thread because after 6+ months, Roblox has still failed to fix this security issue. We cannot handle the security of the servers, that is Roblox’s responsibility and we’ve yet to see a resolution to the DDoS issue. These people keep DDoSing games and then messaging the game’s staff on discord that they have to pay (x) sum of Robux for the attacks to end. We have emailed Roblox (over 10 emails), contacted other parties who have also been affected and told them to report this issue, we have contacted Roblox admins, and to this day we’ve yet to hear any resolution.
7 Likes
It’s just not profitable for them to fix it because it only affects small games. If it would affect big games, they probably would fix it. If you were Roblox, you probably wouldn’t fix it as well. Take a look at it from the company view. Probably the only thing you can right now do is some sort of DDoS detection system which would teleport users from the attacked server.
2 Likes
This is so obviously fake, the panel literally has a video encoder option???
???
The panel is software you can download theres alot like it all you need is an ip and if you flood it with enough packets it will crash, its not roblox ui.
alright bro, lemme just quickly attack a server with a Digital Video Recorder 
Just thought the same thing you could probably check if the server was lagging by seeing the time between each heartbeat on the server and if that goes too high then save every players data and just send them to a different server
1 Like
Maybe not that image but the ddosing itself is true.