Torna alla Documentazione| Platform | Support | Notes |
|---|---|---|
| Linux | ✅ Native | Recommended |
| Windows | ✅ Native |
FiveM servers are frequent targets of DDoS attacks, exploits and abuse. This guide collects essential measures to protect your server and players.
sv_requestParanoia: Anomalous Request Filter
sv_requestParanoia is a native FiveM parameter that controls how aggressively the server filters suspicious requests. It's the first line of defense against exploits that send malformed packets.
# server.cfg
sv_requestParanoia 3
| Value | Behavior |
|---|---|
0 | No filter (default) |
1 | Filter clearly malformed requests |
2 | Filter anomalous requests with tolerance |
3 | Aggressive filter: recommended for public servers |
With sv_requestParanoia 3 the server blocks known exploits like the PMA-Voice DAY0 exploit that caused player crashes. Always set this value on public servers.
Official documentation: docs.fivem.net/docs/server-manual/server-commands/#sv_requestparanoia-newvalue
Essential server.cfg Configuration
# Limit number of players to actual server max
sv_maxclients 32
# Require a license (blocks invalid clients)
sv_licenseKey "your_key"
# Set a hidden endpoint instead of 0.0.0.0
# (use server's specific IP)
endpoint_add_tcp "1.2.3.4:30120"
endpoint_add_udp "1.2.3.4:30120"
# Anomalous request filter
sv_requestParanoia 3
# Disable direct IP join if using Cfx.re Connect
# (force passage through Cfx system)
sv_enforceGameBuild 3095
DDoS Protection with Provider
If your plan includes Advanced DDoS Protection (like DeluxHost's), you can request activation of anti-botnet filter with high aggressivity by opening a support ticket.
This protection operates at network level, before traffic reaches your server, and is particularly effective against:
- UDP flood
- Amplification attack (DNS, NTP)
- Distributed botnets
IP Whitelist for RCON Console
# server.cfg: limit console access to trusted IPs only
rcon_password "secure_password"
# Block RCON from internet via firewall:
# ufw deny 30120/tcp (if using different port for RCON)
Protection from Resource Injection and Client-Side Exploits
-- Add to a base resource (server.lua)
-- Kicks clients trying to execute unregistered events
AddEventHandler('__cfx_internal:commandFallback', function(cmd)
local src = source
if src > 0 then
DropPlayer(src, 'Unauthorized command: ' .. tostring(cmd))
end
end)
Block Unauthorized Resources
# server.cfg
# Explicit whitelist of allowed resources (optional but recommended)
# ensure resource_name
Monitoring and Logs
# Real-time FiveM server logs (Linux)
tail -f /home/fivem/server-data/server.log
# Filter only errors and kicks
grep -E "dropped|kicked|error|exploit" /home/fivem/server-data/server.log
# Monitor active connections on FiveM port
watch -n 2 "ss -u | grep 30120 | wc -l"
FiveM Security Checklist
Many exploits are patched in FiveM artifacts. Keep server updated. Check recommended version at runtime.fivem.net/artifacts/fivem.
- [ ] sv_requestParanoia 3 in server.cfg
- [ ] Server port is not default 30120 (obscure the port)
- [ ] RCON protected by strong password and not exposed on internet
- [ ] Advanced DDoS protection active on VPS
- [ ] Proxy in front of real server
- [ ] Server updated to latest artifact
- [ ] No unverified third-party resources installed
- [ ] Automatic backup of configuration and database
Tips & Tweaks
Essential server.cfg Convars
Critical security and performance convars:
| Convar | Purpose | Recommended |
|---|---|---|
sv_requestParanoia | Request filter aggressiveness | 3 |
sv_maxclients | Server slots | Match your plan |
sv_licenseKey | License authentication | Required |
sv_enforceGameBuild | Minimum game version | 3095+ |
sv_lan | LAN mode (no auth) | 0 |
sv_useSSL | TLS encryption | 1 |
sv_master | Master server ping | enabled |
sv_scriptHookAllowed | Allow external scripts | 0 |
Example security-focused server.cfg:
# Server Identity
sv_serverName "My FiveM Server"
sv_maxclients 32
sv_licenseKey "your_cfx_license"
# Security
sv_requestParanoia 3
sv_enforceGameBuild 3095
sv_useSSL 1
# Network
sv_lan 0
sv_endpointPrivacy 1
# Gameplay
rcon_password "very_strong_password"
sv_charaset utf8
# Monitoring
sv_logFile "console.log"
Resource Load Order Strategy
Proper resource execution order prevents conflicts:
# server.cfg - proper order
# 1. Core dependencies first
ensure statebag
ensure baseevents
# 2. Framework (if using one)
ensure es_extended # ESX
# or
ensure qb-core # QBCore
# 3. Database/logging
ensure mysql-async
ensure ghmattimysql
# 4. Admin/moderation tools
ensure txAdmin
ensure anticheat
# 5. Gameplay features
ensure banking
ensure jobs
ensure shops
# 6. Custom resources last
ensure myframework
Load only necessary resources:
# Bad: loads 50+ resources
ensure everything
# Good: load what's needed
ensure core-features
ensure job-system
txAdmin Commands and Monitoring
txAdmin is the FiveM admin panel. Common commands:
# Access at: http://SERVER_IP:40120 (default port)
# Set password in txAdmin interface
# Via console or txAdmin:
refreshResources # Reload all resources
restart resource_name # Restart specific resource
stop resource_name # Stop resource
start resource_name # Start resource
# Player management
kick player_id "reason"
ban player_id "reason"
unban steam_id
warn player_id
txAdmin best practices:
Performance Monitoring with resmon
Built-in FiveM resource monitor:
-- In server-side Lua
-- Enable in resources: ensure resmon
-- Access via console:
-- /resmon (shows resource CPU/memory)
Monitor these metrics:
Example problematic resource:
expensive-script: 25ms per frame (HIGH)
├─ 8 MB memory
├─ 150+ handles (leak?)
└─ Recommendation: optimize or replace
Network Optimization in server.cfg
# Bandwidth settings
sv_syncrate 30 # Server update frequency
sv_netcode 2 # Network model (2 = latest)
# Rate limiting
sv_minrate 20000
sv_maxrate 1000000
# Connection settings
sv_connectionTimeout 30
sv_connectionName "FiveM"
Exploit Prevention Checklist
Essential protections:
# server.cfg security checklist
# 1. Block known exploits
sv_requestParanoia 3
# 2. Require valid license
sv_licenseKey "your_key"
# 3. Whitelist resources only
ensure only_needed_resources
# 4. Secure console
rcon_password "very_complex_password"
sv_rconPassword "different_rcon_password"
# 5. Monitor traffic
sv_logFile "console.log"
# 6. Restrict script hook
sv_scriptHookAllowed 0
# 7. Keep updated
# Update artifacts weekly from runtime.fivem.net
Resource Performance Optimization
Identify slow resources:
-- Add to main resource (server.lua)
SetTimeout(60000, function()
local resources = GetNumResources()
for i = 0, resources - 1 do
local name = GetResourceByFindIndex(i)
local cpu = GetResourceKvpFloat(name .. ':cpu')
if cpu > 5 then -- Alert if > 5ms
print('^1HIGH CPU: ' .. name .. ' (' .. cpu .. 'ms)^7')
end
end
end)
Common bottlenecks:
Admin Commands via txAdmin or Console
| Command | Effect |
|---|---|
list | Show players |
status | Server stats |
refresh resource | Reload resource |
restart all | Restart all resources |
loadscript script.lua | Execute Lua script |
say <msg> | Server broadcast |
playermode | Debug mode |
Monitoring and Logs
# View live server logs
tail -f /path/to/server.log
# Monitor resource CPU/memory
# In-game: /resmon (if enabled)
# Check console output
ps aux | grep FXServer
# Monitor network activity
ss -tulnp | grep FiveM_port
# Common log patterns to watch
grep -i "error\|exploit\|kick" server.log
Backup and Disaster Recovery
# Backup server config and database
tar -czf ~/fivem-backup-$(date +%Y%m%d).tar.gz \
/path/to/server-data/ \
/path/to/database/
# Automate daily backup at 3 AM
0 3 * * * tar -czf ~/backups/fivem-\$(date +\%Y\%m\%d).tar.gz /path/to/server-data/
Regular Maintenance Schedule
Weekly:
Monthly:
Quarterly:
- Change default port (40120) for security
- Use strong password
- Set IP whitelist for admin access
- Enable 2FA if available
- Monitor active resource list
- CPU usage: per-resource breakdown
- Memory: heap size per resource
- Frames: client FPS impact
- Handle count: memory leak indicator
- Database queries in loops → batch queries
- Repeated file reads → cache in memory
- Large export calls → reduce frequency
- Unoptimized timers → increase interval
- Update FiveM artifacts
- Review bans/exploits in logs
- Check resource versions
- Full backup
- Security audit of resources
- Performance report (resmon)
- Database optimization
- Framework update (ESX/QBCore)
- Plugin compatibility check
- Disable unused resources
Articoli correlati
CS2
How to install and configure a Counter-Strike 2 dedicated server on Linux VPS with SteamCMD
Palworld
Create a dedicated Palworld server on Linux with SteamCMD. Configuration, ports and automatic startup.
Rust
Install and manage a Rust server (Facepunch) on Linux with SteamCMD. Includes automatic updates, Oxide plugins and optimizations.
DeluxHost, fondata nel 2023, offre soluzioni di hosting di alta qualità per diverse esigenze digitali. Forniamo hosting condiviso, VPS e server dedicati con sicurezza avanzata e datacenter globali.
