Secure your server

Handle citizen files on your server

In order to protect your server from players who are playing with citizen files, the best solution is to use pure level 1. Use the following server command in your server.cfg file:

sv_pureLevel 1 # disable citizen files

Handle entity creation on your server

The anticheat resource is not the only resource responsible of spawning entities on the server from external sources. As the anticheat resource is a standalone resource, the anticheat resource does everything that is possible. It is important to design your server resources carefully in order to ensure security for your server. In order to protect your server, you can practice the following security measures.

In order to protect your server from spawning entities from external sources, it is recommended to shift the entity spawn from client side to server side directly from your server resources by creating a server side function in your framework that spawns the entity and use it instead the client side natives or directly use server side native for spawning entities and add to your server.cfg one of the lines below at your choice

sv_entityLockdown relaxed #Blocks only client-created entities that are not owned by scripts.
sv_entityLockdown strict #Prevents clients from creating any entities.

It is recommended to make tests before launching this shift.

Create Vehicle (https://docs.fivem.net/natives/?_0xDD75460A)

Example of wrong usage

Client side

local vehicle = CreateVehicle(GetHashKey("adder"), coords[1], coords[2], coords[3], 200.0, true, false)
TaskWarpPedIntoVehicle(PlayerPedId(), vehicle, -1)

Example of right usage

Server side

function tvRP.CreateVehicle(hash, x, y, z, heading, isNetwork, netMissionEntity)
    local source = source
    local user_id = vRP.getUserId(source)
    if source and user_id then
        local vehicle = CreateVehicle(hash, x, y, z, heading, isNetwork, netMissionEntity)
        Wait(100)
        if DoesEntityExist(vehicle) then
            SetPedIntoVehicle(GetPlayerPed(source), vehicle, -1)
            return NetworkGetNetworkIdFromEntity(vehicle)
        end
    end
    return nil
end

Client side

If you do not use any native on the spawned vehicle you can use:

local vehicle = vRPserver.CreateVehicle({GetHashKey("adder"), coords[1], coords[2], coords[3], 200.0, true, false})

If you use any native on the spawned vehicle you can use:

vRPserver.CreateVehicle({GetHashKey("adder"), coords[1], coords[2], coords[3], 200.0, true, false}, function(nveh)
    vehicle = NetToVeh(nveh)
    -- rest of code
end)

Only if you are using CreateVehicle client native in a thread to spawn a vehicle on the server it may spawn a vehicle for each player on the server, so you should use only server side vehicle creation with CreateVehicle server native in order to create only one vehicle.

Create Ped (https://docs.fivem.net/natives/?_0x389EF71)

Example of wrong usage

Client side

local ped = CreatePed(4, "s_m_y_construct_01", coords[1], coords[2], coords[3], 200.0, false, true)

Example of right usage

Server side

function tvRP.CreatePed(pedType, hash, x, y, z, heading, isNetwork, bScriptHostPed)
    local source = source
    local user_id = vRP.getUserId(source)
    if source and user_id then
        local ped = CreatePed(pedType, hash, x, y, z, heading, isNetwork, bScriptHostPed)
        Wait(100)
        if DoesEntityExist(ped) then
            return NetworkGetNetworkIdFromEntity(ped)
        end
    end
    return nil
end

Client side

If you do not use any native on the spawned ped you can use:

local ped = vRPserver.CreatePed({4, "s_m_y_construct_01", coords[1], coords[2], coords[3], 200.0, false, true})

If you use any native on the spawned ped you can use:

vRPserver.CreatePed({4, "s_m_y_construct_01", coords[1], coords[2], coords[3], 200.0, false, true}, function(nped)
    ped = NetToPed(nped)
    -- rest of code
end)

Only if you are using CreatePed client native in a thread to spawn a ped on the server it may spawn a ped for each player on the server, so you should use only server side ped creation with CreatePed server native in order to create only one ped.

Create Object (https://docs.fivem.net/natives/?_0x2F7AA05C)

Example of wrong usage

Client side

local object = CreateObject(GetHashKey("prop_roadcone02a"), coords[1], coords[2], coords[3], true, true, true)

Example of right usage

Server side

function tvRP.CreateObject(hash, x, y, z, isNetwork, netMissionEntity, doorFlag)
    local source = source
    local user_id = vRP.getUserId(source)
    if source and user_id then
        local object = CreateObject(hash, x, y, z, isNetwork, netMissionEntity, doorFlag)
        Wait(100)
        if DoesEntityExist(object) then
            return NetworkGetNetworkIdFromEntity(object)
        end
    end
    return nil
end

Client side

If you do not use any native on the spawned object you can use:

local object = vRPserver.CreateObject({GetHashKey("prop_roadcone02a"), coords[1], coords[2], coords[3], true, true, true})

If you use any native on the spawned object you can use:

vRPserver.CreateObject({GetHashKey("prop_roadcone02a"), coords[1], coords[2], coords[3], true, true, true}, function(nobj)
    object = NetToObj(nobj)
    -- rest of code
end)

Only if you are using CreateObject client native in a thread to spawn an object on the server it may spawn an object for each player on the server, so you should use only server side object creation with CreateObject server native in order to create only one object.

The content from above is just an example of a solution to create vehicles, peds and objects on server side. You can create your own functionality, such as a server event that will spawn vehicles, peds and objects on server side which is used in client side and then protect it with the anticheat event protection.

The server side functions for spawning entities have been provided as an example for the vRP framework. To use these functions within a resource, you also need to include the following tunnel in client side:

vRPserver = Tunnel.getInterface("vRP", "resourcename")

Our recommendation is to use server natives CreateVehicle, CreatePed or CreateObject only, instead of above functions, but in order to make a faster tranistion you can also use the functions showed as an example above.

Another solution to prevent spawning entities is through server side checks based on the entity coordinates. For example, the vehicles can be spawned only in specific areas (garage, job) or by permission (admin), the peds can be spawned only in specific areas (job), the objects can be spawned only in specific areas (jobs) depending on how your server has been created.

Handle weapons on your server

In order to protect your server from spawning weapons from external sources there are two ways that can prevent such functions, more than anticheat resource can already do

Weapons from weapon wheel

If you are using the weapon wheel on your server you can set Config.AntiSpawnWeapon to true, if it is set to false as it is by default and ensure that you do not have any script in your server that spawns weapon in your players' hand or not using the weapon wheel. More than this feature you can create in your server a script that will allow getting and using weapons only if you have a specific gun license item, group, faction or number of hours played on the server in order access weapons from gunshops. Unless the player does not have a specific gun license item, group, faction or number of hours played on the server in order to access weapons from gunshops and the player plays with weapons, the player can be banned.

Weapons from server inventory

If you are using an inventory script that allow using weapons only from inventory, you have to ensure that weapon wheel is disabled completely, even if the player is in the vehicle. In this case Config.AntiSpawnWeapon has to be set to false. In order to check if the player has a valid weapon in his inventory, you have to update the Config.FrameworkAntiWeaponsCheck function from the anticheat config that checks if the player has the weapon in inventory. Beside this check you can also use the same check as above (specific gun license item, group, faction, or number of hours played). Through these checks, if the player does not own the weapon in inventory and does not have a specific gun license item, group, faction or number of hours played on the server in order to access weapons from gunshops and the player plays with weapons, the player can be banned. In this scenario you have to take in consideration that trading weapon items can impact this check.

Handle functions and events

In order to protect your server from re-running functions or events, it is recommended to create the functions or events as much as possible on server side and contain various checks such as requiring permission (group, faction, level, played hours), requiring items, checking the number of items, location, cooldowns, duty (active task), number of attempts in a specific time. If you do not know how to make this kind of checks, you can use the event protection provided by the anticheat for the events you want to protect.

If you use functions from server side to client side through tunnels, every function will generate an event in network event logger, so you can protect the generated event.

PreviousServer crash prevention NextAnti aimbot

Last updated 1 month ago

hashtagHandle citizen files on your server

hashtagHandle entity creation on your server

hashtagHandle weapons on your server

hashtagHandle functions and events

Handle citizen files on your server

Handle entity creation on your server

Handle weapons on your server

Handle functions and events