I agree, would solve a lot of issues.
1 Like
I’m going to quickly write a detector script for this. This should let everyone continue using sounds where they are, but when the attack begins, the script just removes all sounds. You should also amend the script to, say, log all current players in the server or something.
Alright, here it is. It’s not perfect but it does work with properly detecting when the exploit runs.
--Sound crash exploit prevention
--Written by TehIcyStar
---INFO: Detects when the sound spam crash exploit is excecuted by looking for sound playing spam. Deletes sounds and prevents further damage
---INSTALLATION: place as a regular script into Workspace or ServerScriptService
local changecount, threshhold = 0, 0
local allowence = 0.55 --magic number, trust me
--fires when spam is detected
function onDetect()
for i,v in pairs(game.Players:GetPlayers()) do
if v.Character and v.Character:FindFirstChild("Head") then
for o,b in pairs(v.Character.Head:GetChildren()) do
if b:IsA("Sound") then
b:Destroy()
end
end
end
end
--Insert code after this comment line to run some logging thing (discord message, Datastore logging, etc)
print("SOUND EXPLOIT DETECTED")
end
function onChange()
changecount = changecount + 1
end
--detects when the sound is destroyed to change the threshhold accordingly. Used with .AncestoryChanged because .OnRemoved doesn't exist
function onRemove()
threshhold = threshhold - allowence
end
--sound collection, should probahly be expanded to also include workspace sounds.
game.Players.PlayerAdded:connect(function (plyr)
plyr.CharacterAdded:connect(function (char)
char.Head.ChildAdded:connect(function (obj)
if obj:IsA("Sound") then
wait()
if obj.Looped then
print("Added "..obj.Name)
obj.DidLoop:connect(onChange)
obj.AncestryChanged:connect(function (arg1, arg2)
if not arg2 then
onRemove()
end
end)
threshhold = threshhold + allowence
end
end
end)
end)
end)
--threshhold checker
while true do
wait(1)
if changecount >= threshhold then
onDetect()
end
--print("Changecount: "..changecount) --debugging. changecount should NOT go over threshhold. Add a LITTLE bit to allowence in order
--print("threshhold: "..threshhold)
changecount = 0
end
the ONLY way to detect this exploit is to detect when looping sounds are looping. No other events fire when the malicious code is running, this includes .Changed
More info regarding this exploit:
Game is actually quite stable when executed with a low player count.
1 Like
We’re adding a mode to SoundService called “RespectsFilteringEnabled” which will do what you expect. It should be up on gametest2 right now.
Humanoid sound scripts depend on this bypass filteringenabled behaviour right now however (and those have not been modified to work with “RespectFilteringEnabled” yet).
8 Likes
I see this “RespectFilteringEnabled” property in Studio, however it doesn’t seem to do anything yet. Will you let us know when it goes live? Exploiters are daily using this to crash my servers.
next week
1 Like
its on
5 Likes
Not sure if this is still present, but it crashes my game, people play the default OOF sounds or the water sounds.
Please see spotco’s reply above that was marked as the solution of this thread. You will need to turn on RespectFilteringEnabled = true on SoundService to make player sounds not replicate to other clients. Keep in mind that this will turn off player sounds for all other characters except your own.
Will be fixed soon with a “RespectFilteringEnabled”-working humanoid sound scripts. Let me know if any of you out there have any workarounds you’re using.
Can you add a [ScriptWriteRestricted: [NotAccessibleSecurity]] tag to this member so it shows up in the API Dump?
sure. will do monday
Hey, I was just testing this property and it seems that all the humanoid sounds are replicating now except from the walking sound. Is walking sounds planned to be supported? Thanks.
3 Likes
@programeow I’ve gotten a report that walking sounds for humanoids do not replicate when filteringenabled + respectfilteringenabled. Any ideas?
2 Likes
Investigating. Will fix it soon.
1 Like
They’re now using this similar exploit to crash servers - it seems to work in games which sound respects filtering enabled as well as having that disabled.
Code
game:GetService’RunService’.Stepped:Connect(function()
pcall(function()
for i,v in pairs(game:GetService’Players’:GetPlayers()) do
if v.Character ~= nil and v.Character:FindFirstChild’Head’ then
for _,x in pairs(v.Character.Head:GetChildren()) do
if x:IsA’Sound’ then x.Playing = true x.CharacterSoundEvent:FireServer(true, true) end
end
end
end
end)
end)
What they’re ultimately doing is spamming the server with requests to replicate character sounds.
1 Like
For the time being, this Script could possibly be used in StarterCharacterScripts, as it seems really unlikely that any player would send requests to turn on sounds at a high rate.
-- Edit these to throttle the amount of events fired to a given sound RemoteEvent.
local LIMIT = 10
local DURATION = 1.5
-- Implementation
local char = script.Parent
local head = char:WaitForChild("Head")
local player = game:GetService("Players"):GetPlayerFromCharacter(char)
local counter = 0
local function soundEventFired(sender)
if sender ~= player then
sender:Kick("Nice try.")
else
counter = counter + 1
if counter > LIMIT then
sender:Kick("Nice try.")
end
wait(DURATION)
counter = counter - 1
end
end
local function soundAdded(obj)
if obj:IsA("Sound") then
obj:WaitForChild("CharacterSoundEvent").OnServerEvent:Connect(soundEventFired)
end
end
head.DescendantAdded:Connect(soundAdded)
for _, obj in next, head:GetDescendants() do
soundAdded(obj)
end
But definitely, it is an issue that should be handled for all games, and not just as the above hotfix.
5 Likes
Yeah,
as the game I work on doesn’t really benefit in any way from character sounds, I just went ahead and disabled the event all together, but I know some games can really benefit from these character sounds.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.