# Secure your server ### Handle citizen files on your server {% code overflow="wrap" %} ``` In order to protect your server from players who are playing with citizen files, the best solution is to use pure level 1. Use the following server command in your server.cfg file: ``` {% endcode %} ```bash sv_pureLevel 1 # disable citizen files ``` ### Handle entity creation on your server {% hint style="info" %} The anticheat resource is not the only resource responsible of spawning entities on the server from external sources. As the anticheat resource is a standalone resource, the anticheat resource does everything that is possible. It is important to design your server resources carefully in order to ensure security for your server. In order to protect your server, you can practice the following security measures. {% endhint %} {% code overflow="wrap" %} ``` In order to protect your server from spawning entities from external sources, the best solution is to use anticheat entity lockdown feature or make your own server side checks inside your server for entity creation based on your server scripts ``` {% endcode %} {% code overflow="wrap" %} ``` It is recommended to create a backup of your server files before you make any change ``` {% endcode %} {% hint style="warning" %} We don't recommend usage of fivem entity lockdown using sv\_entityLockdown relaxed (Blocks only client-created entities that are not owned by scripts) or sv\_entityLockdown strict (Prevents clients from creating any entities), as the entities will not reach server side at all in order to be checked and there is a chance to face potential crash players methods from cheats that involve entity creation. {% endhint %} {% code overflow="wrap" %} ``` For each type of entity, we propose to create entity creation checks on server side based on the following ``` {% endcode %} Vehicles 1. Whitelisted vehicle model (Example: Allow whitelisted vehicles spawn anywhere) 2. Whitelisted areas (Example: Allow any vehicle spawn in whitelisted area) 3. Check vehicle model (Example: If there is a vehicle model that is not used on your server, prevent the entity creation. For sure there are a lot of GTA 5 vehicle models that are not used on your server, so you can create a check if the vehicle is from GTA 5 and not a whitelisted GTA 5 vehicle model to prevent the vehicle creation) 4. Check players coordinates (Example: Coordinates between player and garage. If the player is far away from the garage/job, prevent the vehicle creation) 5. Check vehicle coordinates (Example: Coordinates between vehicle and garage. If the vehicle is far away from the garage/job, prevent the vehicle creation) 6. Check vehicle ownership (Example: If the player tries to spawn a vehicle that does not own, prevent the vehicle creation) 7. Whitelist players (Example: Staff members) 8. Others based on your server functionality {% code overflow="wrap" %} ``` Combining all of these checks, your server will prevent any harmful vehicle spawn ``` {% endcode %} Peds 1. Whitelisted ped model (Example: Allow whitelisted ped spawn anywhere) -> already in the anticheat configuration 2. Whitelisted areas (Example: Allow any ped spawn in whitelisted area) 3. Check player coordinates (Example: Coordinates between player and ped spawn location. If the ped is far away from the player, prevent the ped creation) 4. Prevent any ped creation if you don't have scripts that spawn peds (don't take in consideration the non-networked peds that spawn on player spawn from scripts similar to okokTalkToNPC) 5. Others based on your server functionality {% code overflow="wrap" %} ``` Combining all of these checks, your server will prevent any harmful ped spawn ``` {% endcode %} Objects 1. Whitelisted ped model (Example: Allow whitelisted object spawn anywhere) -> already in the anticheat configuration 2. Whitelisted areas (Example: Allow any object spawn in whitelisted area) 3. Check player coordinates (Example: Coordinates between player and object spawn location. If the object is far away from the player, prevent the object creation) 4. Others based on your server functionality {% code overflow="wrap" %} ``` Combining all of these checks, your server will prevent any harmful object spawn ``` {% endcode %} {% hint style="info" %} The content from above is just an example of a solution to create vehicles, peds and objects on server side. {% endhint %} ### Handle weapons on your server {% hint style="info" %} In order to protect your server from spawning weapons from external sources there are two ways that can prevent such functions, more than anticheat resource can already do {% endhint %} Weapons from weapon wheel {% code overflow="wrap" %} ``` If you are using the weapon wheel on your server you can set Config.AntiSpawnWeapon to true, if it is set to false as it is by default and ensure that you do not have any script in your server that spawns weapon in your players' hand or not using the weapon wheel. More than this feature you can create in your server a script that will allow getting and using weapons only if you have a specific gun license item, group, faction or number of hours played on the server in order access weapons from gunshops. Unless the player does not have a specific gun license item, group, faction or number of hours played on the server in order to access weapons from gunshops and the player plays with weapons, the player can be banned. ``` {% endcode %} Weapons from server inventory {% code overflow="wrap" %} ``` If you are using an inventory script that allow using weapons only from inventory, you have to ensure that weapon wheel is disabled completely, even if the player is in the vehicle. In this case Config.AntiSpawnWeapon has to be set to false. In order to check if the player has a valid weapon in his inventory, you have to update the Config.FrameworkAntiWeaponsCheck function from the anticheat config that checks if the player has the weapon in inventory. Beside this check you can also use the same check as above (specific gun license item, group, faction, or number of hours played). Through these checks, if the player does not own the weapon in inventory and does not have a specific gun license item, group, faction or number of hours played on the server in order to access weapons from gunshops and the player plays with weapons, the player can be banned. In this scenario you have to take in consideration that trading weapon items can impact this check. ``` {% endcode %} ### Handle functions and events {% code overflow="wrap" %} ``` In order to protect your server from re-running functions or events, it is recommended to create the functions or events as much as possible on server side and contain various checks such as requiring permission (group, faction, level, played hours), requiring items, checking the number of items, location, cooldowns, duty (active task), number of attempts in a specific time. If you do not know how to make this kind of checks, you can use the event protection provided by the anticheat for the events you want to protect. ``` {% endcode %} {% hint style="info" %} If you use functions from server side to client side through tunnels, every function will generate an event in network event logger, so you can protect the generated event. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.reasonanticheat.net/resources-documentation/reason-anticheat/secure-your-server.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.