The anticheat resource is not the only resource responsible of spawning entities on the server from external sources. As the anticheat resource is a standalone resource, it is important to design your server resources carefully in order to ensure security for your server. In order to protect your server, you can practice the following security measures.
Handle entity creation on your server
In order to protect your server from spawning entities from external sources, it is recommended to shift the entity spawn from client side to server side directly from your server resources by creating a server side function in your framework that spawns the entity and use it instead the client side natives for spawning entities and add to your server.cfg one of the lines below at your choice
sv_entityLockdown relaxed #Blocks only client-created entities that are not owned by scripts.
sv_entityLockdown strict #Prevents clients from creating any entities.
It is recommended to make tests before launching this shift.
function tvRP.CreateVehicle(hash, x, y, z, heading, isNetwork, netMissionEntity)
local source = source
local user_id = vRP.getUserId(source)
if source and user_id then
local vehicle = CreateVehicle(hash, x, y, z, heading, isNetwork, netMissionEntity)
Wait(100)
if DoesEntityExist(vehicle) then
SetPedIntoVehicle(GetPlayerPed(source), vehicle, -1)
return NetworkGetNetworkIdFromEntity(vehicle)
end
end
return nil
end
Client side
If you do not use any native on the spawned vehicle you can use:
local vehicle = vRPserver.CreateVehicle({GetHashKey("adder"), coords[1], coords[2], coords[3], 200.0, true, false})
If you use any native on the spawned vehicle you can use:
function tvRP.CreatePed(pedType, hash, x, y, z, heading, isNetwork, bScriptHostPed)
local source = source
local user_id = vRP.getUserId(source)
if source and user_id then
local ped = CreatePed(pedType, hash, x, y, z, heading, isNetwork, bScriptHostPed)
Wait(100)
if DoesEntityExist(ped) then
return NetworkGetNetworkIdFromEntity(ped)
end
end
return nil
end
Client side
If you do not use any native on the spawned ped you can use:
local object = CreateObject(GetHashKey("prop_roadcone02a"), coords[1], coords[2], coords[3], true, true, true)
Example of right usage
Server side
function tvRP.CreateObject(hash, x, y, z, isNetwork, netMissionEntity, doorFlag)
local source = source
local user_id = vRP.getUserId(source)
if source and user_id then
local object = CreateObject(hash, x, y, z, isNetwork, netMissionEntity, doorFlag)
Wait(100)
if DoesEntityExist(object) then
return NetworkGetNetworkIdFromEntity(object)
end
end
return nil
end
Client side
If you do not use any native on the spawned object you can use:
local object = vRPserver.CreateObject({GetHashKey("prop_roadcone02a"), coords[1], coords[2], coords[3], true, true, true})
If you use any native on the spawned object you can use:
The server side functions for spawning entities have been provided as an example for the vRP framework. To use these functions within a resource, you also need to include the following tunnel in client side:
