VainLock v.1 [PUBLIC GAME HUB SYSTEM]

RenownHavoc · June 9, 2021, 11:43pm

INTRODUCTION

Hello everybody, among recent event’s that involves smaller game’s servers being crashed by malicious individuals who have access to botnet’s.

With some API system’s that essentially collect game server’s IP Addresses on ROBLOX - @Vainvorhayn & I have decided to release VainLock [v.1] which is an open-source Game Hub System.

EXAMPLE IMAGE:

HOW IT WORKS

Step 1 - Scroll down in “ServerHandler”, and change where it says GROUPIDHERE to your Game’s Group ID
Step 2 - Change the number next to it, to whichever role ID of the lowest ranked player you would like to allow to make new servers.

The above steps are to make it so only certain individuals can create new servers. Since there is currently no additional code which automatically deletes the servers after they are a certain age with no players, you will want to make sure it’s only highly trusted people. To prevent you from having an absurd amount of servers existing in your hub.

Step 3 - Change:

local placeId = 6924416661 to the placeId of the place you’d like them to be teleported to. (This would be the place that actually has your game located in it, not the hub itself.)

This is how you can create a new place:

BLACKLIST:

Know anybody that will certainly cause malicious actions against your game? Direct yourself to the Blacklist module script. From here you can change it such as so:

ORIGINAL:

return {
	players = {
		["playeryoudontlike"] = theirid,
	},
	groups = {
		["goupyoudontlike"] = groupid,
	},
		rankLock = 2
}

COMPLETED EXAMPLE:

return {
	players = {
		["ClockworkHavoc"] = 464097185,
	},
	groups = {
		["Fedora ®"] = 974432,
	},
		rankLock = 2
}

“rankLock” is irrelevant as it was a part of a system which would allow you to lock access to server’s to only players that are a certain rank within your community’s ROBLOX group. This may be implemented back into one of the future updates as an easy option to enable.

FURTHER INFORMATION:

It is important to note that this will not completely stop attacks on your servers, as they can still do this manually. However they would then need to join the server manually and then go through files in order to grab the server’s IP. Giving you time to ban their alt before they can rejoin the server. This is an ideal system in order to prevent the attack’s as much as possible.

As noted, servers do not delete themselves over time as they are just saved to the datastore. So please make sure you only give highly trusted individuals access to creating servers.

FUTURE UPDATES

Server’s automatically delete after x amount of time of having x amount of players or less in the server.
Better control’s including enabling/disabling certain blacklist features with ease.
Other features that may be suggested from this devforum post.

DOWNLOAD:

VAINLOCKV1.rbxl (57.7 KB)

CREDITS:

@Vainvorhayn for releasing the original copy of this.

@ClockworkHavoc for modifying the scripts to be compatible for open-source release.

@KleinFalkenhayn for originally providing the code of this to @Vainvorhayn

DISCLAIMER:

All developer’s that have coordinated with the release of this open-source game hub do not accept any donations, and do not intend on accepting any donations in the future for this release. This release is to help provide better security to game’s and protect developer’s work until ROBLOX can find an appropriate way to patch a lot of these issues that small-game developer’s have been experiencing.

PartShape · June 10, 2021, 12:05am

Thank you Clock, this is gonna help a lot of people out.

RenownHavoc · June 10, 2021, 12:06am

Couldn’t of provided this to the public if it wasn’t for @Vainvorhayn and @KleinFalkenhayn - they are the real ones to credit here in my opinion.

boeljoet · June 10, 2021, 9:41am

why not a script that measures the latency between the server and several clients.
if that latency grows too much you do a soft shutdown (teleport everyone to a temp private server then to a public server)

idk if you can ddos trough a character tho

RenownHavoc · June 10, 2021, 7:25pm

The problem with this is the unreliability compared to this system.

We have brainstormed a system like that, however if you haven’t experienced any of these attacks yourself - then you just don’t understand. Every single thing freezes up in game, including the scripts. Even to have it fire off and teleport everybody at a certain threshold wouldn’t quite work. When they hit servers, the ping spikes right off the bat and the next thing you know; you’re immobile.

DDoSing servers is in fact a real thing on ROBLOX currently, I didn’t believe it myself at first. I have forwarded all of the information that I personally have regarding all of this to ROBLOX, and that’s the most I can do.

KleinFalkenhayn · June 15, 2021, 11:15pm

I would like myself removed from the credits; considering I never formally gave this hub’s source out to anyone besides the original owner of a group which was acquired by Vainvorhayn.

oxycontzn · June 16, 2021, 5:51pm

I am the original owner and am disgusted by this, imagine leaking my hub

oxycontzn · June 16, 2021, 5:56pm

You didnt change anything so stop pretending you did, Klein dmed me you did this, you cannot develop so stop trying

oxycontzn · June 16, 2021, 5:58pm

Tbh all you did was remove the group lock and settings banning people like vainvorhayn.

OrbitingTodd · June 16, 2021, 6:52pm

The thread creator should delete this or a forum staff member should delete it.

oxycontzn · June 16, 2021, 6:58pm

agreed, and they should refrain from distributing tech of me and klein

Vainvorhayn · June 17, 2021, 11:37pm

The issue here is that you do not own the rights for the HUB and I don’t believe it is a so-called ‘tech’. To be honest I cannot understand that you would even consider making a statement like that. I own the group to where the HUB is made and published.

oxycontzn · June 18, 2021, 6:02am

Don’t even start I never gave the rights to anyone, Klein made it and it belongs to Klein technically. Klein gave me rights and I never gave them to anyone. You are digusting.

Fifkee · June 18, 2021, 9:56am

Several things I’d like to debunk.

First off: What is this supposed to do? What’s preventing said “malicious users” from simply joining your server and supposedly “DDoSing” the game? If this is supposed to be a solution that effectively “thanos-snaps” denial of service attacks, you’re dead wrong and this resource does not serve it’s purpose. The only way you can prevent your game server from getting “DDoSed” is by somehow rerouting packets from a client to your own external server to Roblox.

Several things wrong with that:

You can’t.
You put your OWN server at risk, and when your middle man is at risk and eventually goes down due to a distributed denial of service attack, you lose the ability to reroute to Roblox - therefore, it’ll almost be the same as if there was no middle man at all.
What if your service reaches the end of its lifetime? What happens to all of your past consumers that actively use your product and service? What happens then?

However they would then need to join the server manually and then go through files in order to grab the server’s IP.

All you need is WireShark. There is no files.

THIS IS SO UNBELIEVABLY SIMPLE IT HURTS.

All this is simply doing is effectively recreating Private Servers before Private Servers were Private Servers - where you had to use SavePlaceAsync and CreatePlaceAsync in order to create a server for you and your friends to play in. Seriously, that’s all it is!

Not even - my apologies. All it does is reserve a new server:

	local serverInfo = {
		serverCode = teleportService:ReserveServer(placeId),
		serverCreator = player.Name
	}

This doesn’t have anything to do with “DDoS Protection” or whatever it may be. This resource advertises itself as a strong way to prevent servers from being crashed or lagged via “botnets” and the like. No. The ONLY entity that can do anything of the sort is Roblox itself. Not us as developers. Not a single chance.

The issue with your servers being “crashed” and “lagged to death” is a result from your game being insecure - likely from someone abusing the ability to spawn in items or some vulnerability that you’ve yet to uncover. This will not help with that.

This boasts about being able to “collect IP addresses,” which couldn’t be farther from the truth. The ONLY way this could even be close to collecting an IP address is by using HTTPService to obtain the server’s IP address. And guess what: It doesn’t.

Assuming this means “actually close the servers”

Server’s automatically delete after x amount of time of having x amount of players or less in the server.

It can’t even “close the servers” after N amount of seconds - first and foremost I don’t even think there even is an endpoint for that, but if there is, Roblox requires you to utilize your .ROBLOXSECURITY key, which most DEFINITELY is not in any script inside of this within the headers of the request, so - no, this doesn’t do anything regarding “closing servers” as it plans to “support.”

For people that STILL wish to use this resource, do not treat it as a end-all be-all for your game’s security. Because it isn’t. It simply is a game hub that looks nice with a few splattered particles here and there - as a matter of fact, the code isn’t even that great either:

table.foreach(currentServers, function(k,v)
	if v.serverCreator == player.Name then
		--hasServer = true
	end
end)

if not hasServer then
	if player:GetRankInGroup(PUTYOURGROUPIDHERE) >= 140 then
		currentServers[#currentServers + 1] = serverInfo
		globalDatastore.Set("servers", currentServers)
		clientAddServer:FireAllClients(serverInfo)
	end
end

Another thing I’d like to point out: In the event that this hub server crashes for some random reason, all the servers created by it within the datastore WILL BE LEFT WITHIN THE DATASTORE.

Furthermore, if DatastoreService is down for ANY REASON, this hub will be rendered useless.
As a BIGGER matter of fact, I don’t even believe this has the ability to purge servers that have no members - effectively meaning this NEVER clears unused data from the datastore.

As a developer whose pride and joy is derived from helping people become the best they can be through any means, this is so, so irritating. This product essentially pulls the wool over unsuspecting and/or up-and-coming developers and markets them a product that doesn’t do anything close to what it claims to do. This doesn’t do anything to any IP. This collects nothing. All this is is a middleman product that doesn’t even begin to utilize Packages to keep the product up-to-date like how these products should. This is not some kind of “Roblox Cloudflare.” It is simply a game hub. That is all.

I’d love for you to revise the subheader of this thread and advertise it with regards to what it actually does. Because you’re not. And it’s highly irritating that you aren’t. I’d also love for you to delete anything regarding distributed denial of service attacks, because this resource does nothing to mitigate the damage of said attacks. Advertise it for what it is: it is a game hub resource with a blacklisting / whitelisting feature that allows you to reserve private servers on the fly. That is it. Nothing more, nothing less. Feel free to capitalize and build off of what it does and provide more insight. More power to you - but please, PLEASE do not boast features that do not, cannot, and will not exist.

Regarding this:

Do not make baseless claims. If you wish to make a claim like this, please provide an original source. We have no proof that this is yours to begin with. Instead of attacking the creator of this thread for what seems to be no real reason, give us a means to believe that this is a copy of something you never wanted released.

Don’t say this. You could’ve simply provided the DM - there was no need to insult or question his ability to develop.

Give proof. How do we know who to trust at this point?

So, you admit that you never made it? Let the person who made it fight the fight.

This entire thread is disgusting. I wish this thread to be purged and to be never brought up again.

Farewell.

RenownHavoc · June 18, 2021, 8:26pm

As I stated, it does not completely prevent these attacks.

Because you’re unaware of how to fetch the IP, does not mean it’s impossible. ROBLOX has already responded to one of my DM’s with the Exploit Team stating that they are working on a long term solution towards this.

All this does is prevent them from using the typical Discord API bot’s they use to automatically take down servers. They can still get the IP manually, but only actual experienced individuals can handle this.

As for the rest, all I was aware of was that the one individual made the code. I asked for permission from whom I thought was the owner before providing this.

As stated AS WELL, we are aware it creates them in a datastore. The new version will be a lot better, despite your useless ramble. Sorry it disgusts you, the only purpose this serves is to try and help those who have been suffering these attacks. It has helped my game, it will help others. It is an open-source code for a reason, you can change it as need be. Sorry we didn’t provide you a super professional layout that you must had been expecting. Keep in mind not all of us are as talented.

Also if I’m correct, @JojiBakyl is the one who had been behind a bunch of these attacks. I have no reason to believe out of nowhere he “made this code.”

RenownHavoc · June 18, 2021, 8:37pm

Educate yourself a little more before coming in so confident on what you’re speaking about:

inevitable_kazumi · June 18, 2021, 8:38pm

inevitable_kazumi · June 18, 2021, 8:38pm