There’s a new server crashing script that relies on the chat system to crash servers. Here’s a very simple fix for it. It’s very easy to patch it, but I’ve seen it never mentioned on the devforums (except for one instance.) It’s very dangerous and easily accessible, so I thought I’d write a patch for it.
Steps:
Fork ChatMessageValidator with this
If you’d rather not fork:
game.Players.PlayerAdded:Connect(function(plr)
plr.Chatted:Connect(function(msg)
if string.len(msg) > 300 then
-- kick player
end
end)
end)
Can be bypassed by using a higher or lower value or by changing the character used. I would just kick for any messages processed above 300 characters because the chat bar realistically allows only 200; the 100 is just extra padding in case a legitimate message gets processed that’s over 300 characters.
Better to be safe than sorry. Most chat crash exploits involve sending the server a massive amount of characters unsanitised. Interesting behaviour that it doesn’t crash with changed values though, I haven’t actually put it in Studio myself to repro.
This is a really bad ‘patch’ because it creates a 96MB(!) string every time a player chats. You could just get the length of the string and kick people based on that.
Example:
game.Players.PlayerAdded:Connect(function(plr)
plr.Chatted:Connect(function(msg)
if #msg > 100000 then
plr:Kick("Hacking")
end
end)
end)
Yeah, that was totally an oversight on my end. I’ve found a better solution in all to this, which doesn’t create any lag. I’ll edit it once I confirm it works.