Back to Docs| Platform | Support | Notes |
|---|---|---|
| Linux | ✅ Native | Recommended |
| Windows | ✅ Native |
FiveM servers are frequent targets of DDoS attacks, exploits and abuse. This guide collects essential measures to protect your server and players.
sv_requestParanoia: Anomalous Request Filter
sv_requestParanoia is a native FiveM parameter that controls how aggressively the server filters suspicious requests. It's the first line of defense against exploits that send malformed packets.
# server.cfg
sv_requestParanoia 3
| Value | Behavior |
|---|---|
0 | No filter (default) |
1 | Filter clearly malformed requests |
2 | Filter anomalous requests with tolerance |
3 | Aggressive filter: recommended for public servers |
With sv_requestParanoia 3 the server blocks known exploits like the PMA-Voice DAY0 exploit that caused player crashes. Always set this value on public servers.
Official documentation: docs.fivem.net/docs/server-manual/server-commands/#sv_requestparanoia-newvalue
Essential server.cfg Configuration
# Limit number of players to actual server max
sv_maxclients 32
# Require a license (blocks invalid clients)
sv_licenseKey "your_key"
# Set a hidden endpoint instead of 0.0.0.0
# (use server's specific IP)
endpoint_add_tcp "1.2.3.4:30120"
endpoint_add_udp "1.2.3.4:30120"
# Anomalous request filter
sv_requestParanoia 3
# Disable direct IP join if using Cfx.re Connect
# (force passage through Cfx system)
sv_enforceGameBuild 3095
DDoS Protection with Provider
If your plan includes Advanced DDoS Protection (like DeluxHost's), you can request activation of anti-botnet filter with high aggressivity by opening a support ticket.
This protection operates at network level, before traffic reaches your server, and is particularly effective against:
- UDP flood
- Amplification attack (DNS, NTP)
- Distributed botnets
IP Whitelist for RCON Console
# server.cfg: limit console access to trusted IPs only
rcon_password "secure_password"
# Block RCON from internet via firewall:
# ufw deny 30120/tcp (if using different port for RCON)
Protection from Resource Injection and Client-Side Exploits
-- Add to a base resource (server.lua)
-- Kicks clients trying to execute unregistered events
AddEventHandler('__cfx_internal:commandFallback', function(cmd)
local src = source
if src > 0 then
DropPlayer(src, 'Unauthorized command: ' .. tostring(cmd))
end
end)
Block Unauthorized Resources
# server.cfg
# Explicit whitelist of allowed resources (optional but recommended)
# ensure resource_name
Monitoring and Logs
# Real-time FiveM server logs (Linux)
tail -f /home/fivem/server-data/server.log
# Filter only errors and kicks
grep -E "dropped|kicked|error|exploit" /home/fivem/server-data/server.log
# Monitor active connections on FiveM port
watch -n 2 "ss -u | grep 30120 | wc -l"
FiveM Security Checklist
Many exploits are patched in FiveM artifacts. Keep server updated. Check recommended version at runtime.fivem.net/artifacts/fivem.
- [ ] sv_requestParanoia 3 in server.cfg
- [ ] Server port is not default 30120 (obscure the port)
- [ ] RCON protected by strong password and not exposed on internet
- [ ] Advanced DDoS protection active on VPS
- [ ] Proxy in front of real server
- [ ] Server updated to latest artifact
- [ ] No unverified third-party resources installed
- [ ] Automatic backup of configuration and database
Tips & Tweaks
Essential server.cfg Convars
Critical security and performance convars:
| Convar | Purpose | Recommended |
|---|---|---|
sv_requestParanoia | Request filter aggressiveness | 3 |
sv_maxclients | Server slots | Match your plan |
sv_licenseKey | License authentication | Required |
sv_enforceGameBuild | Minimum game version | 3095+ |
sv_lan | LAN mode (no auth) | 0 |
sv_useSSL | TLS encryption | 1 |
sv_master | Master server ping | enabled |
sv_scriptHookAllowed | Allow external scripts | 0 |
Example security-focused server.cfg:
# Server Identity
sv_serverName "My FiveM Server"
sv_maxclients 32
sv_licenseKey "your_cfx_license"
# Security
sv_requestParanoia 3
sv_enforceGameBuild 3095
sv_useSSL 1
# Network
sv_lan 0
sv_endpointPrivacy 1
# Gameplay
rcon_password "very_strong_password"
sv_charaset utf8
# Monitoring
sv_logFile "console.log"
Resource Load Order Strategy
Proper resource execution order prevents conflicts:
# server.cfg - proper order
# 1. Core dependencies first
ensure statebag
ensure baseevents
# 2. Framework (if using one)
ensure es_extended # ESX
# or
ensure qb-core # QBCore
# 3. Database/logging
ensure mysql-async
ensure ghmattimysql
# 4. Admin/moderation tools
ensure txAdmin
ensure anticheat
# 5. Gameplay features
ensure banking
ensure jobs
ensure shops
# 6. Custom resources last
ensure myframework
Load only necessary resources:
# Bad: loads 50+ resources
ensure everything
# Good: load what's needed
ensure core-features
ensure job-system
txAdmin Commands and Monitoring
txAdmin is the FiveM admin panel. Common commands:
# Access at: http://SERVER_IP:40120 (default port)
# Set password in txAdmin interface
# Via console or txAdmin:
refreshResources # Reload all resources
restart resource_name # Restart specific resource
stop resource_name # Stop resource
start resource_name # Start resource
# Player management
kick player_id "reason"
ban player_id "reason"
unban steam_id
warn player_id
txAdmin best practices:
Performance Monitoring with resmon
Built-in FiveM resource monitor:
-- In server-side Lua
-- Enable in resources: ensure resmon
-- Access via console:
-- /resmon (shows resource CPU/memory)
Monitor these metrics:
Example problematic resource:
expensive-script: 25ms per frame (HIGH)
├─ 8 MB memory
├─ 150+ handles (leak?)
└─ Recommendation: optimize or replace
Network Optimization in server.cfg
# Bandwidth settings
sv_syncrate 30 # Server update frequency
sv_netcode 2 # Network model (2 = latest)
# Rate limiting
sv_minrate 20000
sv_maxrate 1000000
# Connection settings
sv_connectionTimeout 30
sv_connectionName "FiveM"
Exploit Prevention Checklist
Essential protections:
# server.cfg security checklist
# 1. Block known exploits
sv_requestParanoia 3
# 2. Require valid license
sv_licenseKey "your_key"
# 3. Whitelist resources only
ensure only_needed_resources
# 4. Secure console
rcon_password "very_complex_password"
sv_rconPassword "different_rcon_password"
# 5. Monitor traffic
sv_logFile "console.log"
# 6. Restrict script hook
sv_scriptHookAllowed 0
# 7. Keep updated
# Update artifacts weekly from runtime.fivem.net
Resource Performance Optimization
Identify slow resources:
-- Add to main resource (server.lua)
SetTimeout(60000, function()
local resources = GetNumResources()
for i = 0, resources - 1 do
local name = GetResourceByFindIndex(i)
local cpu = GetResourceKvpFloat(name .. ':cpu')
if cpu > 5 then -- Alert if > 5ms
print('^1HIGH CPU: ' .. name .. ' (' .. cpu .. 'ms)^7')
end
end
end)
Common bottlenecks:
Admin Commands via txAdmin or Console
| Command | Effect |
|---|---|
list | Show players |
status | Server stats |
refresh resource | Reload resource |
restart all | Restart all resources |
loadscript script.lua | Execute Lua script |
say <msg> | Server broadcast |
playermode | Debug mode |
Monitoring and Logs
# View live server logs
tail -f /path/to/server.log
# Monitor resource CPU/memory
# In-game: /resmon (if enabled)
# Check console output
ps aux | grep FXServer
# Monitor network activity
ss -tulnp | grep FiveM_port
# Common log patterns to watch
grep -i "error\|exploit\|kick" server.log
Backup and Disaster Recovery
# Backup server config and database
tar -czf ~/fivem-backup-$(date +%Y%m%d).tar.gz \
/path/to/server-data/ \
/path/to/database/
# Automate daily backup at 3 AM
0 3 * * * tar -czf ~/backups/fivem-\$(date +\%Y\%m\%d).tar.gz /path/to/server-data/
Regular Maintenance Schedule
Weekly:
Monthly:
Quarterly:
- Change default port (40120) for security
- Use strong password
- Set IP whitelist for admin access
- Enable 2FA if available
- Monitor active resource list
- CPU usage: per-resource breakdown
- Memory: heap size per resource
- Frames: client FPS impact
- Handle count: memory leak indicator
- Database queries in loops → batch queries
- Repeated file reads → cache in memory
- Large export calls → reduce frequency
- Unoptimized timers → increase interval
- Update FiveM artifacts
- Review bans/exploits in logs
- Check resource versions
- Full backup
- Security audit of resources
- Performance report (resmon)
- Database optimization
- Framework update (ESX/QBCore)
- Plugin compatibility check
- Disable unused resources
Related articles
CS2
How to install and configure a Counter-Strike 2 dedicated server on Linux VPS with SteamCMD
Palworld
Create a dedicated Palworld server on Linux with SteamCMD. Configuration, ports and automatic startup.
Rust
Install and manage a Rust server (Facepunch) on Linux with SteamCMD. Includes automatic updates, Oxide plugins and optimizations.
DeluxHost, founded in 2023, offers high-quality hosting solutions for various digital needs. We provide shared hosting, VPS, and dedicated servers with advanced security and global data centers.
