Is there a possible way to limit the amount of messages you can type? The code is what exploiters use to crash servers via chat logs. Tried disabling :ping, :clean, :refresh and other commands but they can bypass with just spamming something else. Servers can still be crashed without needing admin so was wondering if there is any way to limiting the amount of messages you can send or have a fix for this.
local prefix = ":"
local msg = (prefix .. "prefix "):rep(10000)
for i = 1, 100 do
game.Players:Chat(msg)
end
I think you can make a custom chat so you can control how many things someone can say and more. If you will use remote events, remeber to use the debunce on the server, if not exploiters can crash the game.
This is why I don’t recommend using Kohl’s admin; I personally use Cmdr (this is however a framework not a full admin).
You can fix this by kicking them (parent them to nil first) if they chat a certain amount of messages too quickly (use .Chatted event to check this, lmk if you need help), but this won’t be a full solution. You also need to disable chain commands (multiple commands in one line) in Kohl’s source code which can be a bit complicated as the code is heavily obfuscated/minified.
There’s one way to manage it: To rate limit it, assure that you can disable and enable the connection when needed. Automatically disable the connection will cause the clients response to be invalid. Rate limit it to what seems to be human enough, let’s say 100 commands per minute for one server.
I agree with @TheTurtleMaster_2, when you make a custom chat, there can be less exploiters because your the one scripting the chat. And also no, I do not recommend using Khol’s admin because it has a lot of troll commands.
Make a custom chat, and make it so when the server detects that a player is chatting, use a debounce to limit the rate that a player can type at, and try to detect if the speed of which a player is typing at is way to fast (Like faster than humanly possible), than kick them from the game / ban them.
To be honest, just remove/edit the function which allows multiple commands per message. That will strip them off of their advantage of being able to run 10000 commands every time. If that’s still not enough, rate limit it as @Operatik suggested.
You could use the RegisterChatCallback method of the Chat service to stop messages being delivered to the client. However, this will not stop the Chatted event of the player being fired - which is what a lot of admin command systems use.
Personally, I agree with @TetraDev. Cmdr is a great framework for building your own admin command system. I’ve had issues in the past with other admin systems like Kohl’s where exploiters were able to spam commands and even managed to delete the entire map.
The function below would stop all messages being delivered to the clients (but not the server). You’d have to implement some sort of rate limit or something as @Operatik suggested here to stop spam messages being seen by the players. The ShouldDeliver property on the message object is what controls whether a message should be shown to the clients or not.
Personally, I think the best way to prevent people from abusing an open source admin system is to delete it and make your own which isn’t open sourced. You could also check the length of the message being sent on the server and if it is something ridiculously large then just kick/ban them.
