Hide PLAYERS.JSON, DYNMANIC.JSON AND INFO.JSON

Clashplayer-PROTECT · May 16, 2021, 10:05am

The main attacks on fivem are done on a web attack so layer7.

But there is a line in the server.cfg for the total stop!

This line is not well known on french servers because often people who have this command want to Be careful if you spam with the URL /players.json with a simple refresh of the page several times your IP will be blocked from your server for a certain time.

At the first connection in the URL /players.json you will have the list of users with their ping but after a refresh you will have the message Nope

So I decided to share on my github.

d0p3t · May 16, 2021, 11:53am

If you don’t allow someone to query that endpoint, they will just query any endpoint right? Even root. Removing this helps nothing against attacks. Better is to implement tcp rate limits and such.

Clashplayer-PROTECT · May 16, 2021, 1:01pm

The problem is that often these are L7 attacks