How does one effectively stop RemoteEvent spam

Recently, I’ve seen a lot of talk about preventing “DoS” attacks, or more like RemoteEvent spam.

Exploiters use remote event spam a lot to just kill servers, and its pretty OP for them if they wanna just ruin the experience.
I’m not necessarily a programmer myself, but I want your feedback on how a person can prevent their remotes from being consistently spammed.

I’ve been in numerous games where their servers have been victims of this.

I do not have any examples on hand, but if you search up “Remote Event Spam V3rmillion” you will find multiple results. If you don’t know what V3rmillion is, it’s a hub for exploiters and they post their scripts there and sell scripts etc.

I really hope that this post can help out people having issues with this! Feel free to argue with each other and etc. in the replies, I really wanna see a effective product for this, as it’s being utilized way too much in the ROBLOX Exploiting scene. Thanks!

A typical thing to do is to track the rate that each player is firing remotes. For example if a remote that is normally expected to be fired every few seconds has been fired multiple times in the last second they’ll know that user is spamming.

Thats an interesting way of doing it, I’ve never heard that way.

or I’m just not understanding what other people say lol.

On the server side where you’re receiving the event, make a dictionary with every player in it with their name as their index (just use PlayerAdded/PlayerRemoving to add and remove from it), and set each one to tick().

The when the remote is fired, on the server side you subtract the index in the table from tick(), and if it’s greater than your specified cooldown time, grant access to the remote and run the code, and set the player index in the table back to tick() so that it resets.


Confusing for me not being a coder, but I think I get it. Another great way to accomplish this.


1 Like

Sorry I couldn’t provide an example, but basically the concept of this works like this: tick() is always a moving value, it’s the current number of seconds from the epoch (Jan 1 1970). But when you set something to tick(), the value of that becomes tick() at the current time and doesn’t move anymore. I used to be really confused about this and thought it still moved. So, knowing that we could so something like this:

local var = tick() -- this becomes tick()'s current value at the time the variable is being set to it, and doesn't move

wait(3) -- wait for 3 seconds to pass, tick() would now be 3 seconds more because it's always moving

print(tick() - var) --> would be about 3

So basically how you would use this method to stop remote event spam would be like this (This is all being done in a server script):

local playerTable = {} -- create an empty table to store an index for everyone in
local someRemoteEvent = game.ReplicatedStorage.RemoteEvent -- an example event
local cooldownTime = 4 -- used 4 seconds as an example

    if not playerTable[player.Name] then -- if there isn't an entry for the player already
        playerTable[player.Name] = tick() -- Create a new entry in the table for each new player, and make the index their name so we can access it later

    if playerTable[player.Name] then -- if there's an entry of the player in the table
        playerTable[player.Name] = nil -- remove it from the table

    if tick() - playerTable[player.Name] > cooldownTime then -- If the time is greater than the cooldown time (so if more than 4 seconds have passed since the last time you set the player's index in the playerTable to tick()
        playerTable[player.Name] = tick() -- set it back to tick() so it resets
        -- run your code

Just made a quick tutorial.


You could also do this with boolean values instead of calling the tick() function