It points to a specific server box, not the Roblox server itself. A Roblox server as we see it, will have about 40 other servers also running on the same box.
It’s not really “stealing”, you need the server IP to connect to it / send data to it. This isn’t particularly impressive or crazy.
Thats for an actual server. Not a Roblox server. As I said, a server as we call it is not like a hardware server. If it was DDoSing the server box it would automatically deny the packet and block the VPN because you’d be addressing it all wrong as your trying to address the server box as its physical entity and not a single Roblox server running on its processing power.
If they are DDoSing then they’d firstly be trying to crash the entire server farm, and they’d also be trying to crash the power of the other 100 servers running on the same server box.
That’s not how NAT works. You can very well ddos a single roblox server behind a NAT by specifying the port, and I can assure I’ve seen it working successfully multiple times. The assumption that the router where NAT happens is filtering out non roblox packets is wishful thinking.
I’ve given up trying to explain, just going to let the engineers / admins handle this dilema.
If anyone has ever watched “The Worlds End”, I feel like the AI at the end of that.
Enough of all of this, it is entirely impossible for a DDoS attack to happen on a Roblox game, it is just an exploiter using some sort of exploiter to lag the entire game and fire random events, which is rare to see. Maybe it is possible since I never seen this happen before.
I wouldn’t call it “Ddos attack”, it is just a normal game raid/exploit that is common to many small games on the platform.
The best solution is to prevent a way to stop that, or close down the game and report it to the moderators on the platform to deal with it.
This thread and also this thread has some information about the same question you asked 2 times.
What makes it “entirely impossible”? PlayStation Network has been taken down numerous times for days.
I mean is it could be impossible/possible for someone to DDos one Roblox game and I wasn’t talking about PlayStation at all, don’t know where you got that from.
Your point somewhat illustrates what I am trying to say, it states in that you get the:
Which is going to be the gateway of the server farm, because that is technically what the world sees. I was considering mentioning the JobId before I obviously gave in - because I know this is what identifies the server as an individual. It would be relatively stupid to just hand a Roblox server (this thing:) its own IP if it has a JobId.
To technically DDoS a server, they’d have to do it to the server box - which is why I am saying it shouldn’t really be called this because they aren’t doing that - they are stopping a single “Roblox server” (so a single JobId) from having any processing time.
I mean yes, you could ddos the server box - would it work? Probably not unless you casually have more server power to handle the dishing out of the requests, and by that point the provider will probably realize they are being attacked and handle it themselves (all of this is money to them).
Yeah, I don’t think that was the right packet to point out. It definitely is correct that Roblox game servers run on multiple big servers (otherwise it would be ludicrously expensive).
It’s possible the proxies are being ddosed, but who really knows. It’s likely the person in OP’s screenshots is just trolling, but even then not really sure how firing to a remote a bunch of times can cause your ping to spike up a ridiculous amount, unless you’re doing something extremely taxing on the server.
At least we have another voice of reason - I’ve been constantly trying to say “they wont have their own server box”.
I mean the screenshots imply that all the events are constantly being spammed and hes complaining about ping.
I have a single remote event / remove function design - no one has crashed it so far and I know people have tried. And that exploiters are super unoriginal so the first thing they do is spread their exploit.
If you spam every event in Replicated Storage, you have about 14 chat events and then probably 10 other events which they can use and abuse. People put rate checks on, when in reality your best move is to attempt to at least save the server before you start going offensively to get the exploiter out. The protections wont save you when they finally outsmart you.
Its like they think the exploiters who sit back and find these methods go “damn, they patched my first attack - time to give up they too smart”.
they are not firing any remote event as I said, because I print when someone fires a event.
What can I do?
I couldn’t understand this looks more like an arguing xd.
Do you use the default chat, and have you looked into putting time catches on those?
I have the default chat
I’m just gonna copy paste this from another thread I posted to. RemoteEvents aren’t the only thing exploiters can use to crash your game.
- Backdoors (anything requiring a module you dont know about)
- OnServerEvent connections
- OnServerInvoke connections
- Touched events
- InvokeClient occurences (never do this, delete them)
- ClickDetector events
- GuiButton mouse events which are connected on the server (yes that works)
- Scripts that interact with Instance changes inside characters or player backpacks
- Scripts that interact with Humanoid properties and events including animations
- Scripts that interact with Accessories and Tools which are children of workspace
- Sound playback if RespectFilteringEnabled is disabled
I ain’t using Touched Event, either InvokeClient, ClickDetectors, Not at all, Backdoors, no, I scripted the whole game, unique free models are cars chassis, a chassis stune, RespectFilteringEnabled is set to true on sound service, I just give tools to player backpack, animation swouldn’t work if they ain’t mine.
This is why I hate the default chat, it creates from what is probably the ugliest code I have ever seen for exploiters to abuse - adding rate limits to these is very difficult when it creates 11 remote events and 3 remote functions in an obscure method.
I’m pretty sure you could cycle through constantly doing :FireServer() and :InvokeServer() to the same effect of one remote event.
Honestly, I would try making your own chat as a start - see if the chat is the route cause (which like most of the times it is).
I obviously can’t test this due to me stating my entire system pushes out all the remote events and remote functions aside from two.
I see. Picking up what @6Clu said, people like to spam the SayMessageRequest remote which can lag the server noticeably. You should be putting message length checks on it.
I think with some of these however, you can get minor knockback on your own performance and as its very generic people usually always have range checks on the doors (and kick people who are doing it from 600 studs way).
Plus, you’d want a generic system which works for most servers - else exploiters wont really bother making them. This means you’d be relying on those things happening whereas if you want people to buy your exploiters off you - you want something which is reliable and works 99% of the time. To me, wouldn’t cycling through all the events in replicated storage (storing them) and then spamming then all constantly be a good method?