That’s crazy, does that explain the error code 277 thing that has been happening recently?
If you have an admin installed in-game, could you possibly check :chatlogs ?
There’s a server crash method recently that abuses the use of game.Players:Chat(message) and it doesn’t show up their bubble chat (however, it shows up in chatlogs)
If this is the case ^, then I might be able to help you with it.
They can also crash servers with admin systems suchas Adonis, Basic Admin etc, Via the :clean Command, They use the game.Players.Chat(":clean") Loop it which then crashes the server due to overload.
Yep, that’s another one I’ve seen, we have patched the ;clean command issue by adding a debounce for each request to the admin system regardless of the command they use.
I’m just trying that now astra_wr, I’ll let you know if it gives me any information in time before they crash the server and I will post what I find here.
What we’ve found so far is it may well be abuse of the !clean command after all, but in differing ways like stringing the commands together into one single line. HmmBilly also mentioned this, you were right.
Here’s the kind of script they use clientside:
Solutions include (courtesy of astra_wr):
- Disabling the !clean function entirely regardless of your admin system in game
- "The script has a certain pattern, so it looks something like “!clean !clean !clean !clean !clean !clean !clean” so having a check for this in particular and not allowing it to go through or be acknowledged at all by the admin system.
“On Chatted, you can use string:split(” “) and look for the patterns. If the pattern happens too frequently, then kick. (amateur method)” - " Limit how often players can call the remote. (SayMessageRequest remote under the ChatServiceRunner) – record timestamp using tick() of the last time the player called the remote, then if it was less than 0.5 seconds ago, reject it. (ensure its per-player)
(probably the best method)"
Thank you for the help with this, as it bypassed or overtook the chat spam checks we had, if this works over a period I will update again here to let you guys know.
3 Likes
Moved to Scripting Support for now since it looks like this was a game-specific issue and not a platform bug.
1 Like
After all of this the exploiter is still crashing game servers, I will keep you guys posted if I find anything.
1 Like
I reported this problem to Irreflexive already but the players name is the same as something in the workspace and it is getting the players name instead of the intended location. Hope this helped!
maybe this isnt the problem but it still is a bug
Did you try disabling the !clean command?
Adonis has a rate logger/limit for chat commands, remotes etc so I don’t believe your issue is going to be lie within its source code. (Testing the clean command and it successfully ruled out the excess calls)
That is a new feature implemented a week or two ago, I personally don’t think Kronos has it yet or if it will have it
My game is having this issue also (players dropped from 400 to 50 in a matter of minutes). I don’t think this is a game specific issue as I use few public frameworks and a lot of games in the same genre as mine are having the same thing happen to them. My game has anti-exploits for old crash methods such as RightGrip crash, Chat crash and Animation crash, but this seems to bypass it. My game has also gotten DDoSed via IP in the past, but this does not seem to be the case today as DDoS via IP tends to not instantly crash a server, plus this happens immediately once a user joins the game, whereas a DDoS can happen externally.
This is not admin chat crash. I fixed that in my game by removing the old admin and adding my own, and got someone to test the clean command crash. However today people seem to be able to crash again, I have logged chat aswell and I don’t see anything suspicious. I think it’s a platform wide issue.
It looks like OP fixed this by removing chain commands. My game doesn’t have an admin like this so I think I might be referring to a different issue.
My game had the same issue. Here is the script they use (obfusucated), I havn’t had time to look at it yet but I believe it spams the :Clone command. fastcrashh.lua (32.9 KB)
There is a post on this same issue. It seems like the server crashes due to exploiters creating localplayers, which confuses the client and crashes the server. This issue is still on going right now, but hopefully will get patched sooner or later.
Unlisting this since people are posting unrelated exploit reports to this topic