Hi,
A script was reported to me which can obtain users’ IP addresses if they enter the game. It works in both Filtering Enabled and non-FE games with normal script execution context (as a server script run from ServerScriptService)
It was submitted to me by Wravager
Whomever the script concerns (ROBLOX staff), please PM me. I’m not gonna post it on RBXDev.
edit: sent the script to @Mr_Root
Really interested in how it’s done.
Mind sharing it once it’s patched?
Yeah, when it gets patched I’ll post the script in this thread
that is scary
I have always wondered if this was possible.
Was this all done in ROBLOX Studio? Or did he connect it to an external server or webpage?
You used to be able to do this years ago(~2010-2011) with this:
Player = game.Players:getChildren()[5]
IP = game.NetworkServer:getChildren()[5].Name
just thought id post a pointless history
There was also NetworkServer.IncommingConnection that you could use.
They locked it, but I discovered they obviously forgot NetworkReplicator.Disconnection.
(which they patched shortly after it became popular in Anaminus SB)
Why is this even a concern anyway? Most services you use already have your IP to begin with.
Sure, but the end user should not be able to get your ip, thats the concern. I don’t care if roblox has my IP, but I do if some script kiddie with a ddos tool does.
Couldn’t this be done using packet sniffers/watching network feed/connections?
There’s no direct client to client communication in ROBLOX so there would be nothing to sniff. Or you must have access to the router that the other player is playing on, but in that case sniffing the IP address is completely worthless to you because you already have it… (your router)
@Lilly_S Why are we not allowed to get the users IP?
All other multiplayer games must know their users IP adress to function at all, why can’t roblox devs be trusted with IPs?
I’d really like to have an IP ban system to temporarily ban hackers using unlimited alts, but not if it’s illegal 
This is why…
Imagine, for example, if someone makes a tycoon, gets it to the front page and gets everyones IP adresses…!
You can also get someones position in the world from an IP adress which isn’t very safe and probably not allowed for a COPPA website.
An IP ban system won’t work, you can’t rely on the fact that someone’s IP address will always stay the same, and they can spoof it. Even worse, if the IP you banned is put back into rotation by the ISP and given to another router that happens to have a ROBLOX user behind them, then those users can’t join your game anymore. (slim chance, but not impossible) Also, proxy servers are a thing.
You can’t exactly. Its a very rough estimate. For example mine points to a city I don’t even live in.
Also just pointing out it takes a lot of power to actually ddos someone. dosing won’t really work. If they are really looking to shut someone down then they have a network of computers to handle it which is beyond what a ‘script kiddie’ can do. Otherwise they are paying someone online to do it for them.
… is that not the same problem?
Not the same thing as that. You can’t just download a ‘ddos’ tool and expect to shut someone’s internet down.
You can hire a botnet for like 8 dollars per hour though