Help on Chat Exploit Spam

Help and Feedback Scripting Support
#1

Hi there, I’m a developer at Solera Resort, a social group on Roblox.
We would usually have 100-150 players everyday until the exploiters would spam lag our servers with a script similar to this:

> game:GetService("ReplicatedStorage"):WaitForChild("DefaultChatSystemChatEvents")
> while true do                
> 	wait()
> while true do            
> 	wait()
> for i=1, 100 do 
> local msg = "/e "..string.rep("                                   It so laggy why it so laggy omggggggg",351056)
> game:GetService("RunService").RenderStepped:Connect(function()
> 	game:GetService("ReplicatedStorage").DefaultChatSystemChatEvents.SayMessageRequest:FireServer(msg,"All")
> 	wait()
> end)
> end
> end
> end

After this had happened, our player counts are now at 90-110. I have tried fixing this multiple ways-
using tick(), checking if a message is over 500 characters, and even have patched other methods, such as weld spam and sound spam.

I am currently using this script to attempt to stop this

game:GetService("ReplicatedStorage"):WaitForChild("DefaultChatSystemChatEvents").SayMessageRequest.OnServerEvent:Connect(function(player,message,all)
	if string.len(message) > 500 then
		player:Kick("Your chat message is over the limit.")
		print(player.Name.." kicked for chat spam exploit")
	end
end)

I would appreciate any help on this. Thank you!

2 Likes
#2

Are you sure your game is still being crashed through this chat exploit? It seems you have protected against this so there shouldn’t be an issue. It may be the another exploit causing your server to crash or there may be a memory leak in your code.

Do you have protection against the RightGrip exploit?

Is server memory usage very high before the server crashes?

#3

The RightGrip exploit was already patched by Roblox.

Sever memory usage is unusually high before the server crashes.

1 Like
#4

You likely have a memory leak somewhere in your code then. Generally, these are created when data you are storing in memory doesn’t get deleted by garbage collector. Try to make sure you disconnect unused events and aren’t saving tons of information into arrays or variables faster than it is being removed.

You can find more information about memory leaks in the following posts:

1 Like
#5

A very similar exploit to what you have posted is very similar to an issue plaguing a social community I am in, I am going to assume they are the same exploit.

Exploiters have became more and more clever with how they get around anti chat spam measures, so using a character count is inefficient. While the exploit you posted has a line that looks like this:

local msg = "/e "..string.rep("                                   It so laggy why it so laggy omggggggg",351056)

What is more common now-a-days is something that looks like this:

local msg = "/e "..string.rep("!clean ",71)

This creates a string that is < 500 characters but causes lag through abusing the fact that there is no built in delay to admin commands on a majority of public admin scripts. There are a few solutions I can think of but none of them aside from removing open source admin scripts themselves that will be 100% efficient.

Solution 1

The first solution is self explanatory, remove the admin script and/or disable any non-admin commands that come packaged into the admin script if you are able to.

Solution 2

You can check for repetition in the message, i.e:

local function findAll(str, sub)
	local found = 0
	local positions = {}
	while(found)do
		found = found + 1
		found = str:find(sub, found)
		table.insert(positions, found)
	end
	return positions
end
local SpamTable = findAll(PlayerChatMessage,"!clean")
if #SpamTable >= 50 then
-- Kick/Punish, etc
end

This is probably going to be your best bet at countering the exploit if removing/editing your admin script is not a viable option.

I hope this helps just a little bit, but no exploit is truly going to have a 100% effective patch until ROBLOX decides to put their foot down and patch it internally.

3 Likes