What can I do?
I couldn’t understand this looks more like an arguing xd.
Do you use the default chat, and have you looked into putting time catches on those?
I have the default chat
I’m just gonna copy paste this from another thread I posted to. RemoteEvents aren’t the only thing exploiters can use to crash your game.
- Backdoors (anything requiring a module you dont know about)
- OnServerEvent connections
- OnServerInvoke connections
- Touched events
- InvokeClient occurences (never do this, delete them)
- ClickDetector events
- GuiButton mouse events which are connected on the server (yes that works)
- Scripts that interact with Instance changes inside characters or player backpacks
- Scripts that interact with Humanoid properties and events including animations
- Scripts that interact with Accessories and Tools which are children of workspace
- Sound playback if RespectFilteringEnabled is disabled
I ain’t using Touched Event, either InvokeClient, ClickDetectors, Not at all, Backdoors, no, I scripted the whole game, unique free models are cars chassis, a chassis stune, RespectFilteringEnabled is set to true on sound service, I just give tools to player backpack, animation swouldn’t work if they ain’t mine.
This is why I hate the default chat, it creates from what is probably the ugliest code I have ever seen for exploiters to abuse - adding rate limits to these is very difficult when it creates 11 remote events and 3 remote functions in an obscure method.
I’m pretty sure you could cycle through constantly doing :FireServer() and :InvokeServer() to the same effect of one remote event.
Honestly, I would try making your own chat as a start - see if the chat is the route cause (which like most of the times it is).
I obviously can’t test this due to me stating my entire system pushes out all the remote events and remote functions aside from two.
I see. Picking up what @6Clu said, people like to spam the SayMessageRequest remote which can lag the server noticeably. You should be putting message length checks on it.
1 Like
I think with some of these however, you can get minor knockback on your own performance and as its very generic people usually always have range checks on the doors (and kick people who are doing it from 600 studs way).
Plus, you’d want a generic system which works for most servers - else exploiters wont really bother making them. This means you’d be relying on those things happening whereas if you want people to buy your exploiters off you - you want something which is reliable and works 99% of the time. To me, wouldn’t cycling through all the events in replicated storage (storing them) and then spamming then all constantly be a good method?
But lag would make my ping go to 5K MS?
When is game lag it takes memory not ms
It would if its got a lot to do, we’ve seen from demonstration as @NachtHemd said just the SayMessageRequest by itself can make a server lag.
Just tally up all your events, and how much of an effect you think they’d have singularly. And then multiply it.
2 Likes
Ping is the server response trip time so it can indicate lag on the server.
1 Like
I looked at the panel, the information on his screen doesn’t seem to correlate with any useful information.
He specifies the IP of the San Mateo, California server:
But then the port he chooses seems odd again as its the remote port (which is what a server farm will use to transfer from the remote application to its final destination). I’m guessing the third number is going to be duration of time to attack for. He also selected the Five M-TCP but then its clear its using the UDP protocol - just doesn’t seem viable?
Plus, you can’t really bet on him being honest with you cause if so you’d patch it / report it straight away.
1: make an account age limiter
game.Players.PlayerAdded:Connect(function(plr)
if plr.AccountAge < 15 --edit this then
plr:Kick(“Age restriction”)
end
end)
2: They wouldnt be able to get your ip as easy as you think, tho it is possible as WireShark is made for that specifically (Not via discord as discord got a MITM method to protect your IP)
If you want to, just change your IP ( Reset your modem or use a VPN)
Its most likely that they have your game’s server ip, which is accessible on the logs on the attacker’s computer
- Get wireshark, if you suspect that you are getting DDOS’ed, launch Wireshark then see where is the packages coming from, you’d see your IP on the destination column and the attack’s ip on the Source column
4: during the attack, first take measures to contain or dampen the attack. Next, call the service provider that provides Internet access for your network. Most hosting providers and ISPs post emergency contacts on their web sites and many include at least general contact numbers on bills. If you only have a general contact number, explain that you are under attack and ask the customer care agent to escalate (forward) your call to operations staff with the ability and authority to investigate.
5: this should help you
Hey, can you add me on discord, if I don’t annoy?
varjoy#4366
Technically it is possible to count how many remoteEvents comes from each client under a certain period of time. Establish a sanity check on the sheer amount vs the time which was required to pull this off. If there were too many, kick the player.
local remotesTable = {}
local THRESHOLD = 250
for _, v in pairs(remotes:GetChildren()) do
v.OnServerEvent:Connect(function(player)
local kv = {["plrName"] = player.Name, ["remoteName"] = v.Name}
table.insert(remotesTable, kv)
table.sort(remotesTable, function(a,b)
return a.plrName < b.plrName
end)
end)
end
while wait() do
local streak = 0
local prev
for _, v in pairs(remotesTable) do
if streak <= 0 then
prev = v.plrName
elseif streak > THRESHOLD then
for _, v in pairs(game.Players:GetPlayers()) do
if v.Name == v.plrName then
v:Kick()
remotesTable = {}
end
end
end
if v.plrName == prev then
streak = streak + 1
else
streak = 0
end
v.plrName = prev
end
end
Is this expensive, inefficient? Yes, incredibly so. I always advice game developers to aim higher, as long as your normal player base far outweighs the exploiters by sheer volume, it will hinder their motivation and it exponentially minimises the damage done to the game. An exploiter can only do so much. If the amount of servers is low, obviously it is going to damage the game a lot.
HOWEVER, if you’re still eager to do this… Test out how it works here.
Kickity.rbxl (19.2 KB)
3 Likes
If the guy is really ddosing the server then he would just need to look in his Roblox logs to find the server IP.
1 Like
Wouldn’t you just add a preventative method for spamming tools?
1 Like
Even if you put some sort of debounce on the remote event, that won’t stop an exploiter. What they do is fire the event from a remote place. The debounce will only help your OWN code from spamming an event. As of now, this guy might be spamming events instead of DDoSing. A tick() will also not help because it prevents ONLY your code from running the event too fast.
If he does spam a remote, even if you have a debounce or a time check, it will still overload the server with too many requests and most definitely lag your game.
1 Like