Script that gets players' IP addresses

Hi,

A script was reported to me which can obtain users’ IP addresses if they enter the game. It works in both Filtering Enabled and non-FE games with normal script execution context (as a server script run from ServerScriptService)

It was submitted to me by Wravager

Whomever the script concerns (ROBLOX staff), please PM me. I’m not gonna post it on RBXDev.

@zeuxcg

edit: sent the script to @Mr_Root

18 Likes

Really interested in how it’s done.
Mind sharing it once it’s patched?

3 Likes

Yeah, when it gets patched I’ll post the script in this thread

1 Like

that is scary

6 Likes

I have always wondered if this was possible.

6 Likes

Was this all done in ROBLOX Studio? Or did he connect it to an external server or webpage?

1 Like

Thanks for bringing this to our attention @Lilly_S

You used to be able to do this years ago(~2010-2011) with this:

Player = game.Players:getChildren()[5]
IP = game.NetworkServer:getChildren()[5].Name

just thought id post a pointless history

3 Likes

There was also NetworkServer.IncommingConnection that you could use.
They locked it, but I discovered they obviously forgot NetworkReplicator.Disconnection.
(which they patched shortly after it became popular in Anaminus SB)

4 Likes

Why is this even a concern anyway? Most services you use already have your IP to begin with.

2 Likes

Sure, but the end user should not be able to get your ip, thats the concern. I don’t care if roblox has my IP, but I do if some script kiddie with a ddos tool does.

20 Likes

Couldn’t this be done using packet sniffers/watching network feed/connections?

3 Likes

There’s no direct client to client communication in ROBLOX so there would be nothing to sniff. Or you must have access to the router that the other player is playing on, but in that case sniffing the IP address is completely worthless to you because you already have it… (your router)

3 Likes

@Lilly_S Why are we not allowed to get the users IP?
All other multiplayer games must know their users IP adress to function at all, why can’t roblox devs be trusted with IPs?

I’d really like to have an IP ban system to temporarily ban hackers using unlimited alts, but not if it’s illegal :confused:

6 Likes

This is why…

Imagine, for example, if someone makes a tycoon, gets it to the front page and gets everyones IP adresses…!

You can also get someones position in the world from an IP adress which isn’t very safe and probably not allowed for a COPPA website.

4 Likes

An IP ban system won’t work, you can’t rely on the fact that someone’s IP address will always stay the same, and they can spoof it. Even worse, if the IP you banned is put back into rotation by the ISP and given to another router that happens to have a ROBLOX user behind them, then those users can’t join your game anymore. (slim chance, but not impossible) Also, proxy servers are a thing.

5 Likes

You can’t exactly. Its a very rough estimate. For example mine points to a city I don’t even live in.

Also just pointing out it takes a lot of power to actually ddos someone. dosing won’t really work. If they are really looking to shut someone down then they have a network of computers to handle it which is beyond what a ‘script kiddie’ can do. Otherwise they are paying someone online to do it for them.

1 Like

… is that not the same problem?

2 Likes

Not the same thing as that. You can’t just download a ‘ddos’ tool and expect to shut someone’s internet down.

1 Like

You can hire a botnet for like 8 dollars per hour though

1 Like