Is it possible to make an anti-DDoS?

Pretty much, I own a pretty large group.

My game is currently being attacked by someone who is using a botnet to exploit the game into crashing it. Which gives the prompt “Please check your internet connection and try again.”

Before I shell out the money to patch this, I’m wondering:

A. Is it possible to create an anti-DDoS script, or something similar to that.

B. How does someone even make the game crash like that, is it really DDoSing, or is it just some bug being abused to crash the server?

11 Likes

If its an actual DDoS attack then you could have 2 places
The first place is the place you join, The second place is the actual place.
When a player joins the first place they get teleported to the second place, If the player is banned, don’t teleport him.
This way the player does not get access to the ip of the server that all of the players are in

It could also be a issue with the game itself as mentioned by Kiriot22

5 Likes

If it is a DDoS attack, there is nothing you can do to prevent it, sadly. Accepting / rejecting requests is up to Roblox to handle. As @The_PieDude mentioned, you could create a joining place where new players come, and then teleport them to the right sever when they want to join.

EDIT: Also, it’s good that you don’t pay the ones doing this, as they are doing this for gaining funds. Giving them money will not give you a guarantee for them to stop, and it will only let them continue doing this to you and others.

7 Likes

Please never pay someone to stop abuse. Paying someone gives them a reason to try to do it again. You have ways of fighting back. Roblox has a team of staff dedicated to reviewing abuse reports, and Bitcoin has a database for abuse reports (look up Bitcoin Abuse, easy to find).
I can not stress enough how important it is to get authorities on the matter involved. Financial threats are a serious matter.

Hardware based attack solutions

As for how to prevent this abuse in the future. If it was a DDos attack (on the hardware side), and the entire cluster of servers use the same hardware, than you’d have a way to check. When this occurs, have you tried joining different servers of your game? If you can’t connect to any, that would be a good indication of this type of attack. You can’t do anything about this. Roblox would need to incorporate better load balancing in person to handle this (or use a third party solution; for example, Cloudflare for the website).

Software based attack solutions

A DDos attack is just a denial of service. Although it is common to achieve this by spreading malware in order to use other people’s computers to overload a server, there are other ways to achieve this effect. You could for instance have a RemoteEvent that performs a very expensive operation (computationally), regardless of how often it is called. RemoteEvents and RemoteFunctions are very easy to abuse if unprotected.
If you have any sort of analytics system in place, such as Google Analytics, check to see if it supports custom events. You could track when these kinds of endpoints (connections between clients and the server) are invoked, and than when the server becomes unresponsive (if pings stop being relayed), than you have something to investigate further.
A temporary solution would be to just kick the user. The Player:Kick() method works by forcefully disconnecting them from the server. They could still do some harm, but it would be short lived. Just be sure you avoid yields (such as wait()) as much as possible with any script that does this.

3 Likes

It’s not appropriate to call specific people out on a thread the way you have in the OP, just saying. If you have an issue with a specific user, filter it through the appropriate channels.

That being said, there is almost definitely a vulnerable point in your code. There are already popular games and they don’t suffer server closure attacks. The appropriate thing to do is to check all your code and ensure that there are no points at which a client can take advantage of.

There isn’t a method you can use to prevent this other than to fix your game.

So;

A. No.
B. It’s a flaw in your code.

3 Likes

@colbert2677 and @Amiaa16 are 100% correct. If it was a DDOS attack then they would need a lot of power on their hands to start slowing others connections since they would be DDOSing Roblox. The easiest way i can see someone doing this is by spamming your remote events. As long as you add checks and prevention’s for nil or impossible values being sent through you should mostly be fine. However if you know who is doing it, or write up a check that detects if someone is spamming remotes or anything you can make a blacklist to prevent the player doing this and any alt’s they feel like adding in.

1 Like

It’s most likely a Remote Event being spammed by someone’s client. Try printing the player’s username every-time they call an event, perhaps you could track down and find who’s spam-calling the event using the Developer Console.

1 Like

This is pretty pointless. If someone has the knowledge to DDoS your game, they can easily create an alt account to get your servers IP.

It’s probably one of your events that does something taxing without any checks, such as raycasting, spawning models, etc…

My game gets ddosed multiple hours a day, and creating a game lobby like you mentioned is exactly what I did in order to prevent it. However, the ddosers found a workaround after a while, copying the placeid of the teleport destination and joining it directly (this is easy to get, game.PlaceId can be read by the client, which is accessible from exploits). If you attempt this, you’ll get the message “Illegal teleport destination”, but despite this, the IP will still be logged in your logfiles.

What I currently do is create a new place for every server using CreatePlace (every place now has an unique PlaceId) and add an age limit to the game hub, but the ddosing still happens because they use old account leaks to find accounts that pass the age restriction. Roblox could just stop logging the IP in the logfiles, but as they haven’t replied to any of the countless emails I’ve sent them regarding the situation I doubt anything will happen. Besides, if the server IPs stopped getting logged in logfiles, they could likely be found using network sniffing, but that would require significantly more effort and couldn’t be automated as easily.

The sad part about having an age limit like that is that the average concurrent players in my game nearly dropped by 50%, but it was the only thing I could do as the ddosers wanted to completely kill the game off and nearly did so.

4 Likes

Can’t you just do that with the Resource Monitor in task manager anyways? If this is actual DDoSing and not events, it’s in Roblox’s hands to handle. I’d say it’s probably on your end or else wouldn’t huge games like Jailbreak get DDoSed nonstop?

Nah, it’s not remoteevents or anything “software based” like that as they have hit off empty places containing no scripts. The server IP is actually ridiculously easy to get, all you have to do is join a game then look in the most recent .txt file in %localappdata%\ROBLOX\logs, it contains both the server IP and port. They’ve also sent me a video of how they ddos like this.

The ddosers of my game organized themselves and made a python script that grabs the game’s IP and Port, then attacks the IP using an external booter, all automated, so they could e.g. leave it running over night.

How games like jailbreak don’t get affected, I do not know, but I have been told by a ddoser that his external booter wasn’t powerful enough for jailbreak (perhaps Roblox uses different servers for front page games)

5 Likes

Probably because jailbreak has thousands of servers which you can’t realistically all shutdown. So it just isn’t worth trying, as opposed to a small game with one 100 player server.

Edit: LOL 3 years later mb didn’t see how old this was. Roblox still hasn’t fixed this issue…

2 Likes

DDOS is a constant issue in the sword community. It’s a pretty uncommon issue gunfighting community. But, ddos software providers are very expensive, they use advanced botnets and can let a user shut down multiple servers at once in some providers. It’s lame we’re powerless against it.