generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: Reply to 'Bye Bye Bytecode'

Previous Thread :: Next Thread 
Seranok is online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
03 Aug 2012 08:27 PM
> httpGet would allow someone to DDoS ROBLOX.com using our own game servers

In what alternate universe? Doesn't the author realize that sending HTTP GET requests from clients/servers has always been possible and is quite frequently used? Example:

Decal.Texture = "http://www.roblox.com/"

Congratulations, you have just sent a GET request to the ROBLOX server! Does this mean you can DDoS the site? No!
Report Abuse
Flickerdo is not online. Flickerdo
Joined: 08 Oct 2010
Total Posts: 5011
03 Aug 2012 08:28 PM
*facedesk*

your a genius, seranok.
Report Abuse
HardDrive500GB is not online. HardDrive500GB
Joined: 21 Apr 2011
Total Posts: 82
03 Aug 2012 08:29 PM
^
*faceslammed*
Report Abuse
Flickerdo is not online. Flickerdo
Joined: 08 Oct 2010
Total Posts: 5011
03 Aug 2012 08:31 PM
*rejected*

anyways, my mind is a special thing
the voices in my head told me why this is valuable knowledge
Report Abuse
Seranok is online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
03 Aug 2012 08:32 PM
Note: The URL I have provided should have been "http://www.roblox.com/asset" because of the URL filters. But my argument does not change.
Report Abuse
HardDrive500GB is not online. HardDrive500GB
Joined: 21 Apr 2011
Total Posts: 82
03 Aug 2012 08:38 PM
It's funny how only 2 users have replied to this with no information at all on how to respond to what Ser wants in return.
Report Abuse
funman1111 is not online. funman1111
Joined: 24 Oct 2010
Total Posts: 221
03 Aug 2012 08:47 PM
i cant beleave this i just spent ten mins on typeing and the felter dloxed it and said it broke the rules but ther was not a singel word in it volateing rules i am mad
Report Abuse
1234321 is not online. 1234321
Joined: 07 Nov 2007
Total Posts: 257
03 Aug 2012 08:47 PM
I'm pretty sure flick only read the "httpGet would allow someone to DDoS ROBLOX.com using our own game servers" part.
Report Abuse
ArceusInator is not online. ArceusInator
Joined: 10 Oct 2009
Total Posts: 30553
03 Aug 2012 08:47 PM
Lol seranok fangirls
Report Abuse
Flickerdo is not online. Flickerdo
Joined: 08 Oct 2010
Total Posts: 5011
03 Aug 2012 09:08 PM
fangirl squeallllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
03 Aug 2012 09:11 PM
while true do
wait(0.3)
a = coroutine.create(function() while true do wait(0.3) decal.Texture = "assetid" end)
a.resume()
end
end

simple takedown is simple
Report Abuse
Seranok is online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
06 Aug 2012 08:51 PM
Does anyone have any legitimate counterarguments to this? I'm not sure if all HttpGets rely on the ContentProvider's threadpool, but in any case I don't think it would be possible to DDoS this site using the game servers.
Report Abuse
mew903 is not online. mew903
Joined: 03 Aug 2008
Total Posts: 22071
06 Aug 2012 08:53 PM
Multiple HttpPost calls might slow the site down a bit.
Report Abuse
Seranok is online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
06 Aug 2012 08:59 PM
@mew903

All we need is game::HttpGet.
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
06 Aug 2012 09:00 PM
HttpPost is locked?

Although, Seranok is right - things that use asset IDs actually don't cache, meaning....

for i = 1, e do
e = e++ -- possible in Lua? ehh you get the point
decal.TextureId = "http://roblox.com/asset/id?=" .. i
end

There you go. A working DDoSer.

I hope I don't get sued for this.
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
06 Aug 2012 09:01 PM
@Seranok

RBXPri modifies Studio so your command bar gets level 7 access (StarterScript level), so there's your game:HttpGet() and game:HttpPost()

Report Abuse
Seranok is online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
06 Aug 2012 09:02 PM
> There you go. A working DDoSer.

Just because you can send GET requests doesn't mean you can DDoS a site...
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
06 Aug 2012 09:04 PM
"Just because you can send GET requests doesn't mean you can DDoS a site..."

Actually, it does. That's basically what a DDoSer does. It sends instructions to its clients (most likely gotten through malware, running a server so it can accept instructions) and the clients basically while true do packet sending filled with useless headers and data.
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
06 Aug 2012 09:06 PM
The point of a DDoS is to fill up the server's allocated buffer size, so any more packets will not have space to be put in, effectively crashing/rendering the service unusable for everyone else.
Report Abuse
Seranok is online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
06 Aug 2012 09:06 PM
No, I'm saying that it's not sufficient ammo to take down a site. You need a lot more than that. Even if I put that Script into every one of my Catalog Heaven servers the effect on the site wouldn't be noticeable.
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
06 Aug 2012 09:11 PM
"No, I'm saying that it's not sufficient ammo to take down a site. You need a lot more than that. Even if I put that Script into every one of my Catalog Heaven servers the effect on the site wouldn't be noticeable."

Well, of course - for a site as big as ROBLOX, anyways. But say you kept that script going forever - which, by the way, it already does - the more servers that are running, the more packets the server is receiving...
Now, think on an even bigger scale. You have the script running on 40-60 servers, now...make an autoupdating model. Say that hundreds of people take it (which, considering you're famous, is very likely) - now, include that script with the model.

You now effectively have about 60 - 300 servers (even more if a famous place includes it) sending packet requests to the site PLUS the regular traffic it gets from its users.

Even that may not cause a total shutdown, but it would certainly make 503 errors less rare and slow down the site to a near standstill.
Report Abuse
jAlternate is not online. jAlternate
Joined: 02 Dec 2011
Total Posts: 234
06 Aug 2012 09:44 PM
@techboy6601

Even 300 servers would probably not have much of an impact. You know, ROBLOX has a very complex infrastructure and it's not like you'd be able to slow down Amazon's servers so easily.
Report Abuse
mew903 is not online. mew903
Joined: 03 Aug 2008
Total Posts: 22071
06 Aug 2012 09:49 PM
I remember I made a little HTTP flooder using POST requests. It could take down a site w/o flood protection in a matter of seconds.
Report Abuse
Seranok is online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
06 Aug 2012 09:50 PM
It couldn't be any page. It would have to be a page that took a lot of server-side resources to render each time. And it couldn't be cached by the server.

The closest thing to that is the image creator URL that ROBLOX had up a while ago. They let you make huge images (like literally in the gigabytes) because they didn't check to make sure the images were a certain size. But they recently patched it.
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
07 Aug 2012 01:05 AM
Since we're talking about HttpGet here...

It has access to offsite sites, too. So you have 300 servers sending massive packet spam to a (potentially not as powerful as ROBLOX's) server, which could in effect bring it down.

Shedletsky was right, he just used the wrong wording. While it can't be used to DDoS a major site like ROBLOX, it can in fact render smaller sites useless. But the IPs in the logs will be ROBLOX's, and they will no doubt get sued if it is a medium sized corporation.

Basically that sentence translates into this:
"We're blocking offsite access so people can't do illegal things using our game servers which will essentially make some people out there think we're out to get them"
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image