# Secure your server ### Handle citizen files on your server {% code overflow="wrap" %} ``` In order to protect your server from players who are playing with citizen files, the best solution is to use pure level 1. Use the following server command in your server.cfg file: ``` {% endcode %} ```bash sv_pureLevel 1 # disable citizen files ``` ### Handle entity creation on your server {% hint style="info" %} The anticheat resource is not the only resource responsible of spawning entities on the server from external sources. As the anticheat resource is a standalone resource, the anticheat resource does everything that is possible. It is important to design your server resources carefully in order to ensure security for your server. In order to protect your server, you can practice the following security measures. {% endhint %} {% code overflow="wrap" %} ``` In order to protect your server from spawning entities from external sources, it is recommended to shift the entity spawn from client side to server side directly from your server resources by creating a server side function in your framework that spawns the entity and use it instead the client side natives or directly use server side native for spawning entities and add to your server.cfg one of the lines below at your choice ``` {% endcode %} ```bash sv_entityLockdown relaxed #Blocks only client-created entities that are not owned by scripts. sv_entityLockdown strict #Prevents clients from creating any entities. ``` {% code overflow="wrap" %} ``` It is recommended to make tests before launching this shift. ``` {% endcode %} Create Vehicle () {% hint style="danger" %} Example of wrong usage {% endhint %} ``` Client side ``` ``` local vehicle = CreateVehicle(GetHashKey("adder"), coords[1], coords[2], coords[3], 200.0, true, false) TaskWarpPedIntoVehicle(PlayerPedId(), vehicle, -1) ``` {% hint style="success" %} Example of right usage {% endhint %} ``` Server side ``` ``` function tvRP.CreateVehicle(hash, x, y, z, heading, isNetwork, netMissionEntity) local source = source local user_id = vRP.getUserId(source) if source and user_id then local vehicle = CreateVehicle(hash, x, y, z, heading, isNetwork, netMissionEntity) Wait(100) if DoesEntityExist(vehicle) then SetPedIntoVehicle(GetPlayerPed(source), vehicle, -1) return NetworkGetNetworkIdFromEntity(vehicle) end end return nil end ``` ``` Client side ``` If you do not use any native on the spawned vehicle you can use: ``` local vehicle = vRPserver.CreateVehicle({GetHashKey("adder"), coords[1], coords[2], coords[3], 200.0, true, false}) ``` If you use any native on the spawned vehicle you can use: ``` vRPserver.CreateVehicle({GetHashKey("adder"), coords[1], coords[2], coords[3], 200.0, true, false}, function(nveh) vehicle = NetToVeh(nveh) -- rest of code end) ``` {% hint style="warning" %} Only if you are using CreateVehicle client native in a thread to spawn a vehicle on the server it may spawn a vehicle for each player on the server, so you should use only server side vehicle creation with CreateVehicle server native in order to create only one vehicle. {% endhint %} Create Ped () {% hint style="danger" %} Example of wrong usage {% endhint %} ``` Client side ``` ``` local ped = CreatePed(4, "s_m_y_construct_01", coords[1], coords[2], coords[3], 200.0, false, true) ``` {% hint style="success" %} Example of right usage {% endhint %} ``` Server side ``` ``` function tvRP.CreatePed(pedType, hash, x, y, z, heading, isNetwork, bScriptHostPed) local source = source local user_id = vRP.getUserId(source) if source and user_id then local ped = CreatePed(pedType, hash, x, y, z, heading, isNetwork, bScriptHostPed) Wait(100) if DoesEntityExist(ped) then return NetworkGetNetworkIdFromEntity(ped) end end return nil end ``` ``` Client side ``` If you do not use any native on the spawned ped you can use: ``` local ped = vRPserver.CreatePed({4, "s_m_y_construct_01", coords[1], coords[2], coords[3], 200.0, false, true}) ``` If you use any native on the spawned ped you can use: ``` vRPserver.CreatePed({4, "s_m_y_construct_01", coords[1], coords[2], coords[3], 200.0, false, true}, function(nped) ped = NetToPed(nped) -- rest of code end) ``` {% hint style="warning" %} Only if you are using CreatePed client native in a thread to spawn a ped on the server it may spawn a ped for each player on the server, so you should use only server side ped creation with CreatePed server native in order to create only one ped. {% endhint %} Create Object () {% hint style="danger" %} Example of wrong usage {% endhint %} ``` Client side ``` ``` local object = CreateObject(GetHashKey("prop_roadcone02a"), coords[1], coords[2], coords[3], true, true, true) ``` {% hint style="success" %} Example of right usage {% endhint %} ``` Server side ``` ``` function tvRP.CreateObject(hash, x, y, z, isNetwork, netMissionEntity, doorFlag) local source = source local user_id = vRP.getUserId(source) if source and user_id then local object = CreateObject(hash, x, y, z, isNetwork, netMissionEntity, doorFlag) Wait(100) if DoesEntityExist(object) then return NetworkGetNetworkIdFromEntity(object) end end return nil end ``` ``` Client side ``` If you do not use any native on the spawned object you can use: ``` local object = vRPserver.CreateObject({GetHashKey("prop_roadcone02a"), coords[1], coords[2], coords[3], true, true, true}) ``` If you use any native on the spawned object you can use: ``` vRPserver.CreateObject({GetHashKey("prop_roadcone02a"), coords[1], coords[2], coords[3], true, true, true}, function(nobj) object = NetToObj(nobj) -- rest of code end) ``` {% hint style="warning" %} Only if you are using CreateObject client native in a thread to spawn an object on the server it may spawn an object for each player on the server, so you should use only server side object creation with CreateObject server native in order to create only one object. {% endhint %} {% hint style="info" %} The content from above is just an example of a solution to create vehicles, peds and objects on server side. You can create your own functionality, such as a server event that will spawn vehicles, peds and objects on server side which is used in client side and then protect it with the anticheat event protection. {% endhint %} {% hint style="info" %} The server side functions for spawning entities have been provided as an example for the vRP framework. To use these functions within a resource, you also need to include the following tunnel in client side: {% endhint %} ```lua vRPserver = Tunnel.getInterface("vRP", "resourcename") ``` {% hint style="info" %} Our recommendation is to use server natives CreateVehicle, CreatePed or CreateObject only, instead of above functions, but in order to make a faster tranistion you can also use the functions showed as an example above. {% endhint %} {% hint style="info" %} Another solution to prevent spawning entities is through server side checks based on the entity coordinates. For example, the vehicles can be spawned only in specific areas (garage, job) or by permission (admin), the peds can be spawned only in specific areas (job), the objects can be spawned only in specific areas (jobs) depending on how your server has been created. {% endhint %} ### Handle weapons on your server {% hint style="info" %} In order to protect your server from spawning weapons from external sources there are two ways that can prevent such functions, more than anticheat resource can already do {% endhint %} Weapons from weapon wheel {% code overflow="wrap" %} ``` If you are using the weapon wheel on your server you can set Config.AntiSpawnWeapon to true, if it is set to false as it is by default and ensure that you do not have any script in your server that spawns weapon in your players' hand or not using the weapon wheel. More than this feature you can create in your server a script that will allow getting and using weapons only if you have a specific gun license item, group, faction or number of hours played on the server in order access weapons from gunshops. Unless the player does not have a specific gun license item, group, faction or number of hours played on the server in order to access weapons from gunshops and the player plays with weapons, the player can be banned. ``` {% endcode %} Weapons from server inventory {% code overflow="wrap" %} ``` If you are using an inventory script that allow using weapons only from inventory, you have to ensure that weapon wheel is disabled completely, even if the player is in the vehicle. In this case Config.AntiSpawnWeapon has to be set to false. In order to check if the player has a valid weapon in his inventory, you have to update the Config.FrameworkAntiWeaponsCheck function from the anticheat config that checks if the player has the weapon in inventory. Beside this check you can also use the same check as above (specific gun license item, group, faction, or number of hours played). Through these checks, if the player does not own the weapon in inventory and does not have a specific gun license item, group, faction or number of hours played on the server in order to access weapons from gunshops and the player plays with weapons, the player can be banned. In this scenario you have to take in consideration that trading weapon items can impact this check. ``` {% endcode %} ### Handle functions and events {% code overflow="wrap" %} ``` In order to protect your server from re-running functions or events, it is recommended to create the functions or events as much as possible on server side and contain various checks such as requiring permission (group, faction, level, played hours), requiring items, checking the number of items, location, cooldowns, duty (active task), number of attempts in a specific time. If you do not know how to make this kind of checks, you can use the event protection provided by the anticheat for the events you want to protect. ``` {% endcode %} {% hint style="info" %} If you use functions from server side to client side through tunnels, every function will generate an event in network event logger, so you can protect the generated event. {% endhint %}