Technically it is possible to count how many remoteEvents comes from each client under a certain period of time. Establish a sanity check on the sheer amount vs the time which was required to pull this off. If there were too many, kick the player.
local remotesTable = {}
local THRESHOLD = 250
for _, v in pairs(remotes:GetChildren()) do
v.OnServerEvent:Connect(function(player)
local kv = {["plrName"] = player.Name, ["remoteName"] = v.Name}
table.insert(remotesTable, kv)
table.sort(remotesTable, function(a,b)
return a.plrName < b.plrName
end)
end)
end
while wait() do
local streak = 0
local prev
for _, v in pairs(remotesTable) do
if streak <= 0 then
prev = v.plrName
elseif streak > THRESHOLD then
for _, v in pairs(game.Players:GetPlayers()) do
if v.Name == v.plrName then
v:Kick()
remotesTable = {}
end
end
end
if v.plrName == prev then
streak = streak + 1
else
streak = 0
end
v.plrName = prev
end
end
Is this expensive, inefficient? Yes, incredibly so. I always advice game developers to aim higher, as long as your normal player base far outweighs the exploiters by sheer volume, it will hinder their motivation and it exponentially minimises the damage done to the game. An exploiter can only do so much. If the amount of servers is low, obviously it is going to damage the game a lot.
HOWEVER, if you’re still eager to do this… Test out how it works here. Kickity.rbxl (19.2 KB)
Even if you put some sort of debounce on the remote event, that won’t stop an exploiter. What they do is fire the event from a remote place. The debounce will only help your OWN code from spamming an event. As of now, this guy might be spamming events instead of DDoSing. A tick() will also not help because it prevents ONLY your code from running the event too fast.
If he does spam a remote, even if you have a debounce or a time check, it will still overload the server with too many requests and most definitely lag your game.
No, they basically have a server you connect to, not literally a man in the middle accepting calls lol
So unless they have access to that server, no, they wont have your IP
After making so research i found out that you might actually have a backdoor inside of your game, a backdoor is the only way they can get server-sided access to your game
I suggest you check out your plugins, check out this post made by @Sudden_Demise for more information:
you’re not really able to stop this on your end, only roblox are able to stop this, and regards of how they’re doing it, it’s rather easy to get the port and IP of a roblox game server, and then they use a DDoS tool, and they just overload your servers, or they use a traditional exploit based server lagger.
A denial-of-service (DoS) attack is when one computer attacks a target.
A distributed-denial-of-service (DDoS) attack is when multiple computers among many different internet connections attack a target, hence “distributed.”
I’m almost sure it will take more than an amplifier to take down the roblox servers completely, and will probably cost the person launching the attack more money to launch it than what it’d cost roblox.
I do cyber security, and I’d have to say you might be a little confused, a DOS attack isnt distributed so the attack would come from 1 single host with no botnets and a DDOS attack is distributed, so it’d come from more than one host and would often use botnet. So in simple terms. DOS is from one host and DDOS comes from multiple hosts or devices.
I would suggest extending player age to 3 months and just banning all of his alts. Also to my knowledge only one server can be ddosed at a time so if the game grows it wont be that big of a deal.
I can tell you that they are spamming some sort of RemoteEvents, even if they are secured they can still use it, someone once told me that the :Connect() function will lag the game servers cpu at one point since you’re always connecting it new everytime you use it, i haven’t found any way to use multiple arguments with: RemoteEvent.OnServerEvent:Wait()
but i know it is possible