Need help stopping chat system RemoteEvent spam exploit

Just2Terrify · November 24, 2019, 5:25am

Hello, I have recently ran into a certain exploit that I want to stop from being a possibility.
So I went looking for it myself and luckily I was able to find it. Any suggestions on what I can do to prevent this?
I know it’s risky to post this on the DeveloperForum but I want to stop this script and any others that can be injected to ruin other peoples fun.

What this script does…

It consistently sends messages through the ChatSystem Event and sends a lag storm through.

The purpose of this script.

To lag and or crash servers for their own amusement.

My questions…

Is it possible to stop an injector, such as making it so it can’t inject anything?
Is there a way I can prevent these types of scripts from being entered?

The script.

This script goes on for lines among lines… I’ve shortened this entirely.

while true do
game:GetService("RunService").RenderStepped:Wait()
game:GetService("ReplicatedStorage").DefaultChatSystemChatEvents.SayMessageRequest:FireServer("/e REKT  REKT  
REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT  REKT ", "All")
end

This is able to be injected into any game I believe, not entirely sure… i’m not an exploiter so I don’t know how these injectors work.
Any help is always appreciated…

wevetments · November 24, 2019, 5:40am

Just to clarify, is this script injected on a client’s machine or the server itself?

Also where did you find it? In studio?

XlxLiveLivelyxlX · November 24, 2019, 5:41am

Can injections be made on the server?

Seems like it would be a remote event to the server that would allow this… Let me think.

zQ86 · November 24, 2019, 5:41am

I believe when the message request is sent, it’s filtered and shortened to fit the character limit. There is also a flood limit, so it shouldn’t cause much harm (unless i’m wrong).

XlxLiveLivelyxlX · November 24, 2019, 5:42am

Where is this script being created?

zQ86 · November 24, 2019, 5:43am

Exploiters most likely have an injector which is only client sided, because you can’t access server scripts from a client. I think the script would be parented to nil (because who would have an exploit script in the starter gui?)

Just2Terrify · November 24, 2019, 5:43am

It’s being injected through a client.
I found it through looking at exploit sites which took me a little bit to find it.

Just2Terrify · November 24, 2019, 5:44am

Nope, it bypasses it to send 18,000+ messages, hence the lag storm.

XlxLiveLivelyxlX · November 24, 2019, 5:44am

K where did you find the script?

Just2Terrify · November 24, 2019, 5:44am

It does cause a lot of hard, it by passes the limit and with this it also lags a server and if it’s done three times… it can crash the server.

zQ86 · November 24, 2019, 5:44am

Unusual. I would see how many times a player sends a message in under 1-2 seconds (or see how many times a message is sent in under a second). If it’s over some amount like 10 or 20, kick the player.

XlxLiveLivelyxlX · November 24, 2019, 5:45am

K. Well. I may have a solution depending on where you found the script tho

Just2Terrify · November 24, 2019, 5:46am

it sends 18,000 + lines of rekt at a time and after it sends the first one, it crashes them.

XlxLiveLivelyxlX · November 24, 2019, 5:47am

I understand what’s happening. Where did you find it?

Just2Terrify · November 24, 2019, 5:47am

Can’t reveal where I found it as I don’t want others to find it but my one friend verified that this is what people use to lag servers. It’s in a lua file so yeah.

wevetments · November 24, 2019, 5:47am

Working exploits for any Roblox system should be messaged privately to this group. Since this exploit harms the entire server and bypasses the Roblox default chat safety features, this must be reported immediately.

I’d also suggest removing the exploit script from your post to avoid other malicious players from taking advantage of the flaw.

Kindly message all the details to this group, including the source and the affected systems.

XlxLiveLivelyxlX · November 24, 2019, 5:48am

What?! That’s silly. You want us to help you but you won’t help the community? Lol

I hope I’m not coming off as rude, but if like to be able to prevent it myself.

And I have a solution but I don’t want to waste my time if it’s not found in a viable location

zQ86 · November 24, 2019, 5:49am

Okay. Here’s a good solution:
Make a .chatted function seeing if a message a player sent is over the limit of let’s say 500. If it is over that limit, kick the player. Should be very simple.

Just2Terrify · November 24, 2019, 5:49am

How would that be possible? I’ve never messed with it.

Just2Terrify · November 24, 2019, 5:50am

Nothing is ever a waste of time, not even exploits are a waste of time as they challenge people. You can post it and I’ll look into it.