"Security timeout" in console and players crashing

Hi,

We’ve recently been experiencing reports of players freezing randomly in my game. The game simply freezes, no other popup is shown (the ROBLOX needs to quit) or the in-game grey box. Audio inside the game continues to play, but everything is frozen. There doesn’t seem to be a specific cause and it’s quite random. On the server-side, the server prints the message “Security Timeout for userid …” which is ROBLOX generated as I have nothing on my end that prints that to the console.

Additionally, we’ve checked the ROBLOX logs for disconnecting players and it only talks about a disconnect with error 266. No other errors in the console.

We’re wondering if anyone can shed insight into what the timeouts mean as well as what disconnect 266 stands for. We’ve got no clue why players are disconnecting, and it may potentially be exploiter-related as we have had some targeting our game recently (the idea of exploiters being able to crash players or entire servers is not unheard of).

4 Likes

As stated here, it’s nothing you should worry about. The crashes may be a separate issue and may be related in exploiters doing something.

By looking at the user ids , our disconnecting players are the same players experiencing a “Security timeout” in the console. There’s some type of correlation between freezing and the security timeout.

Nothing in Roblox itself does this. Check your game for backdoors.

This is mostly a backdoor or a server side that ability to Exploiters to exploit in you’re game, make sure to check your scripts for backdoor.

I’ve checked the game for hidden Scripts and there are none.

Some scripts could potentially be in hidden services from what I know ( unaware if this is still possible). I’d suggest investigating if there are any exploits built for your game that may be the source of the issue and try to get the source code or figure out how it works.

I’ve been a member of ROBLOX since 2008, developing for slightly less than that. I am well aware of what backdoors are and how to find them. This is not an issue specific to my game only. There are other recent reports of this happening.

Have you searched for all types of backdoors? Search all scripts with require, getfenv, etc?

Yes. Not all scripts with a require are malicious; I make use of many moduleScripts in my game. There are no requires with an asset ID. Same going for getfenv.

The hacky way you could figure it out is by removing certain scripts until it stops freezing players.

Have you tried looking into ScriptPerformance?

Thanks for the suggestion, how do I go about checking?

This is definitely not a script issue, and a exploiter booting the server shows a different disconnect message (I’ve had exploiters boot one of my games before). It seems like an issue with the clients or ROBLOX. How many players have been reporting this?

We’ve had an ex-member of our group with a booter target our game for a couple days, but the server just freezes for 20 seconds or so and then goes back to normal – it doesn’t crash completely. This issue that we’re facing now however is much more sporadic, it affects one or two people at a time (instead of everyone in the server) and at completely random intervals, and their client is completely frozen instead of resuming back to normal after 20s.

I’m leaning towards exploit-related but other games are also experiencing this issue so it may be part of a wider ROBLOX problem.

If it only freezes then it means their booter isn’t powerful enough. I’m pretty sure you need >300gbps booter to really boot a Roblox server. I’ve never really heard of people being able to individually disconnect clients since DOSSing is generally an attack that overloads the server.

Press Ctrl + Shift + F and search these keywords “getfenv” , “require” and see if there’s anything you don’t know it’s probably backdoor and you should remove it otherwise it might be a plugin

Yes. Not all scripts with a require are malicious; I make use of many moduleScripts in my game. There are no requires with an asset ID. Same going for getfenv.

See this reply.

yes but you should check if there’s anything malicious aka some scripts hidden in service’s etc or might be exploiter spamming bullets for example to make lag or some remote make players trigger anti cheat maybe you should log remotes that’s being fired by players and see if there’s someone spam specific remote

To try to combat this issue, I’ve created a script that monitors every remote in the game and prints the player who fires it and the name of the remote. There is nothing suspicious.

is that problem appear in private server as well ? if not it’s probably the booter joining and leave to grab info try to check whoever join and leave or catch the person otherwise maybe try to revert the version where this problem doesn’t appear that’s the only solution i know so far if it’s not the booter who does that