The highest hierarchy must have no parent so I guess the entire environment doesn’t exist 
Anyways nil has various use cases and is the same mechanism is actually used for :Destroy() except it breaks event connections. It still exists if there is a reference to it in a script.
Well i’m sorry to say, this is possible and it happens with the typical chat system. On-top of that, it uses the /e command to bypass the typical roblox chat text limit. At least so I assume.
- Yes
- Yes
The problem is the methods for doing so are few and far between. They get patched by exploit developers quickly and are easily bypassed by most exploiters. Your best bet is to rate limit chat messages from the server (or even better, queue a few requests to prevent slowdown while still allowing content).
Example:
local keeper = setmetatable({}, {
__mode = "k" -- This will allow players to be garbage collected when they leave preventing memory leaks
})
local queue = {}
local timeout = 0.1 -- Seconds between requests
local handleRemote
handleRemote = function(player, ...) -- Function to handle remote requests
queue[player] = queue[player] or {}
keeper[player] = (keeper[player] or 0) + 1 -- Increment keeper for player
if keeper[player] >= 5 then -- >= 5 requests in 0.5 seconds
table.insert(queue[player], setmetatable({...}, {__mode = "v"}) -- Add arguments to queue to recall this function
else
-- Your remote code
end
delay(timeout, function()
keeper[player] = keeper[player] - 1
if #queue[player] > 0 then -- Process a queue item
while #queue[player] > 8 do -- Remove extra queue items above 8 queued items (completely ignore them to prevent insane remote latency due to too many queued requests)
table.remove(queue[player], #queue[player])
end
local args = table.remove(queue[player], 1) -- Take the first item from the queue
handleRemote(player, unpack(args)) -- Call the handleRemote function again (it'll be requeued if others are queued)
-- Because this function gets called again the next queue item will be used after timeout
end
end)
end
remote.OnServerEvent:Connect(handleRemote)
2 Likes
This is an open discussion for everyone, including malicious users. Having direct access to the source is a privilege that should be entrusted to whom OP believes is trustworthy.
For cases like this I personally would only trust a verified white hat/black hat,a user with credible knowledge on exploitation I.e @Autterfly
2 Likes
The script you provided does not crash servers. It properly says “Your message exceeds the maximum length”.
Do you have another repro available?
EDIT: Also don’t even bother trying to detect exploiters client-sided, they just run the code directly in roblox’s VM. There’s nothing you can do.
If that’s the case then there’s no point of making games. I believe your statement is false.
Is there a point to making anything then?
When all these companies constantly have security breaches (even the forum software you’re using right now) nothing is fully secure, but ROBLOX gives you the tools to create a proper client-server model.