So basically my game has been getting a lot of DDoS attacks recently and most of them are automated. Which means they use a bot to automatically join my servers, grab the ip and DDoS it. What I want to do is use a hub that through it legitimate players would be able to join the actual servers of the game. the issue is that i dont know how to and it seems that anyone who gets the place id of the sub place can just go inside the servers without needing the hub
You will need to create a Place that is the Primary destination for new players joining, then teleport them to the actual game location.
game:GetService('TeleportService'):Teleport(placecode here)
end)
That’s what I’m already doing, my issue is that anyone could just join that server with the place id without needing the hub, easy access for bots
What you can do is make a place inside of the experience and have it as a ‘main menu’ kind of thing. Then you can do whatever checks are necessary from the main menu, and allow them to teleport to the main game if they are permitted to do so.
So as part of the teleport you could send a unique string known only to the servers. When the Player joins the new place, check if the string is sent, if not kick them.
You could also consider limiting joins based on player join date,.but I don’t know if that would as they may have lots of junk accounts of varying ago.
You’ll probably also want to do some sort of human verification, otherwise they can just automate joining the hub and then to your game. Also make sure the hub is limited to 1 player so they can’t make it difficult to join.
You would Have to join the Main Place to get to the Sub Places, They arent a Separate game
(technically they are but they arent really, If you get what I mean) so you cant join them like you can with the Main Place, so you would need to join the Main Place first, get Teleported to a Sub Place, then after that, wherever this Sub Place is, you would then teleport the Player again, but you can either Save a Data that Allows them to Pass with the usage of DataStoreService, or Send Data via Teleporter to Verify that they came from there.
My HUB is 1 player but as long as they can join the main servers without using the HUB they can bot the ip right? How do I counter that exactly? An instant kick if not joined through a teleport basically would do?
What function detects if the player came from a teleport from the HUB or not? Would an instant kick be enough for bots to not get the ip
Also I didnt get the double teleport part, u want me to teleport from the sub place to another then use datastore? A bit confused
Oh, I see. But would an instant kick be enough for the bot not to get the ip?
Fair point. As soon as the teleport service redirects them to the new server, they are going to get the destination servers IP and port number. It is this information that they use to DoS you, so might not be a goer.
So, I gues you then have to stop them at the hub by using the other suggestions of requiring player input to click a button to initiate the teleport. Perhaps a validation check on a datastore to see if the player was a returning one would allow an auto teleport. Just create the DS value once you had verified that they played for n minutes perhaps.
tbh you have a tricky problem, but others must have come up with a solution.
But how do I stop them at the hub while anyone could just join the sub place using its place id in the link without needing the hub. Thought that if i instantly kick them if i detect they didnt join from the hub they wont be able to get the ip in time or something. If they can, what exactly can I do to prevent it. Is there no way to make a sub place’s only entry through the main game. Its crazy if there isnt an option for that
As soon as the connection is made to redirect to the place, a hacker will instantly have the IP and port number recorded in the local log files (assuming they are using the Roblox client to connect).
You can see these logs yourself on Windows under C:\Users<your login name>\AppData\Local\Roblox\logs, as shown below:
Open one of these logs and search for “serverId”, which will show the connection info they use to DoS your game. If you watch a live log a your Roblox client connects, you can see this information slowly get populated.
Stopping at the hub can be done by metrics, such as friend count, join date the need for them to click a button to join the game etc. These can help but can probably never stop these attacks.
It also depends on the attack type. I would expect that once they have your game servers IP and port, they just feed the info into an attack for hire script which then launches the attack from a range of distributed sources (DDoS). UDMUX is supposed to stop these attacks, but not all locations have this enabled yet from what I understand.
I understand that manually getting the ip is pretty easy once you join a server, my question here is if there is an option to prevent joining sub places completely if not from the hub to prevent the use of bots to get all of the current server ips like how this guy did it:
If you make it a title screen (starter place in a game universe), they’ll have to go through the starting place first.
My hub is the starting place, all it takes to bypass it is take the place id replace it in the link section and you have full access to all current servers in the sub place
Joining those will force you to join the starting place anyway.
tbh this info looks like it might well be presented from the Roblox API, which is an open interface where you can query player and game info.
Nope, you just need the sub place’s id, replace it with the place id in your link tab and try to join one on of the servers
I just tested to confirm, and you do indeed join the starting place rather than the “sub” place.