I just explained how to do that! Additionally, not that I recommend it but if you delete adhesive.dll from your FiveM installation and add +set sv_lan 1 to the launch arguments of your test server, the anticheat will be disabled but you will lose the ability to play on servers which are not set to LAN mode.
To join public servers again, close FiveM, delete caches.xml from your FiveM installation and open FiveM again. (This will force FiveM to check itself for missing components and, as a result, re-download adhesive.dll)
If you want to protect your server from cheaters, the best way is to, while making your own scripts, assume that everyone is able to cheat. Assume that everyone is able to start and stop the execution of whatever code they want, whenever they want and send event triggers arbitrarily to the server. Program your server around this where possible and where not, mitigate the effects it could cause. The only way to beat them is to make their tools useless.
I used GetRegisteredCommands() to whitelist all the actually valid commands registered automatically by FiveM and by the few other resources I’m currently using, and I replaced all the RegisterCommand() in my project with a custom method named RegisterCommandSafe(), which also adds them to the whitelist. Then every 1000 ticks, a script checks whether there are commands that aren’t on the whitelist, and bans the player if there are any.
Is this a good idea? I’m actually worried that different FiveM versions could run additional client scripts that are not in my whitelist.
This is the list I used:
Edit:
I didn’t read this message:
Additionally, not that I recommend it but if you delete adhesive.dll from your FiveM installation and add +set sv_lan 1 to the launch arguments of your test server, the anticheat will be disabled but you will lose the ability to play on servers which are not set to LAN mode.
To join public servers again, close FiveM, delete caches.xml from your FiveM installation and open FiveM again. (This will force FiveM to check itself for missing components and, as a result, re-download adhesive.dll )
I would recommend a blacklist for commands rather than a whitelist. The command system is quite variable and resources being started or a change in the client will cause false positives.
Amazing post, thank you!!! I have a question, sorry if it’s stupid, but all what I read is also possible to block people that try to “dump” (or stolen) complete server?
It is not possible to prevent someone from downloading the client-sided content of your server as it’s an entirely intended mechanism. In order for a player to join your server and have your client-sided code execute on their machine or have your custom car model show up on their screen, they must be able to read said data and hence, can simply save it as it comes across the network or retrieve it from the download cache after the fact. That being said, anything you don’t want a client to have access to, you simply move into a server script or deal with them being required to have access to it.
I dont know if people here faced the same problem as mine or not but in resources check code nowdays when someone joins ur server after being in another server without closing fivem there is some cache resource which will appear in that resource code ao i suggest the users to use GetResourceState() to ensure that this resource is started or starting on the client machine.
Also nowdays hacks can stop ur anticheat so i suggest u to use OnClientResourceStop inside any vital script and log which script is stopped and by which person so that u can see if the hack has stopped ur anticheat
Have you got any clue on how to block people from using client-side modded .meta files such as gunscripts which modify the damage of weapons, give them infinite ammo etc?
The files usually go in the citizen/common/ai folder; sometimes they edit their GTAV install with openiv directly.
I’ve managed a temporary solution by streaming the default weapons.meta & others with a resource, however it’s not a perfect solution; more of a band-aid since it doesn’t include all weapons etc.
So, TL;DR; how can we counteract client-side modding of .meta files ?
yup i have made script for this and put it in release but it didn’t got accepted till now ww-ammoguard.rar (2.5 KB)
this is the script for the infinite ammo with whitelisted config file and i made the weapon modifier too bec they also make modification to weapon component eg: clip they inc its dmg and make it one shot any friend ww-dmgmodifierguard.rar (2.1 KB)
this is it but the dmg modifier not tested 100% so enjoy <3
And yes the ammoguard one has full configurable config file to decide if using esx or not and to kick player or not and to withdraw weapon or not and discord log too
Now people are modifying the materials on GTA, allowing someone to shoot through cars, Peds, and some walls. No injection btw just a simple mod to put in your files. Totally allowed how fun