It would be possible by doing a simple for loop check in the players service. Here’s a quick mockup I wrote that could solve your issue:
--Script is server-sided
local Players = game:GetService("Players")
local TextLimit = 500
function PlayerChat(Player)
Player.Chatted:Connect(function(Message)
if #Message > TextLimit then
Player:Kick("Your chat message is over the limit.")
end
end)
end
I’d just like to point out that kicking players is bad for user experience. It’s also a bad practice to patch exploits with band-aids. The best way to prevent exploits is attacking the source which is the system that fails to check for messages that are way over the chat text limit or how many chats that can be sent per minute.
Roblox does stop them, but there is always a workaround. Its been this way for years.
You can’t prevent it entirely only temporarily. They’ve gone far enough to simulate the Roblox environment to get the API working.
No and sort of. You can use server and client preventative measures to detect if some behavior you don’t want is occurring or some unknown object enters the environment.
You know, an idea would be to have an internal function that checks to see if a script existed initially or not. You can’t script at runtime anyway. So if there’s a new script (asset id doesn’t exist) just remove it.
I’m sure there are a variety of injections, but this would solve this one.
I only gave him a base of what he could do. He could go for the remote and make an OnServerEvent function that checks if the message is over a certain length. I understand kicking is bad, but it’s one of the only options that he could do aside from deleting the message (which from what i understand might require some scripting).
Developers cannot stop exploiters from injecting scripts into their machine. It’s beyond what we can do. If you insert a script with a nil parent, there’s no way to detect this with ChildAdded or any API event. Exploiters can also insert scripts/objects into RobloxLocked containers that developers can no longer detect. The most we can do is try to stop what these scripts are trying to execute.
It’s a very old security flaw that engineers at roblox are trying to patch and until now, there seems to be ways around their patches.
If that’s the case then what is the point of making games? If I kick someone or I have a script that kicks someone, it’s so they have a bad user experience. Even if I just wait for a patch, it will get fixed, i’d rather tarnish my games experience as it’s for a once a week thing for a very certain experience then wait for a patch.
Keep in mind it is not normally possible to ‘Inject’ scripts into a ROBLOX Server instance and have it execute server-side. Furthermore, :FireServer() is not available on the server.
If you found this in a toolbox model,There’s usually more ,Just search up “Script” in your Workspace or whatever,And it’ll show all the scripts in the game, Usually named "inject " ,“anti-lag”,“anti-exploit”,etc. just right click and delete it.
If the script was on the server, then I don’t think it would be possible to “sends a lag storm”. This is because the script would not be able to run and an error would be displayed, as FireServer() is a client only method.
This seems like an issue on Roblox’s part. It’s spamming a default remote event made by Roblox’s builtin chat system which gets spammed to have a user repeatedly say a phrase. I recommend you learn how to make custom modules with Roblox’s chat system and make a custom module to prevent spam or find one. From what I know Roblox does already prevent spam though?
that is not possible unless you use a custom chat system that does not use remoteevents.
the client chatbox sends a request to the server asking it to post that message using that remoteevent.
and then this is considered a problem in the backend.