How do I detect/prevent Lua injections on server
1 Like
There’s no good way you can do anything about it besides building secure code, making sure to secure all potentially dangerous events and using some anti-cheat solution - that’ll catch most people trying to do fishy stuff. Actually detecting cheats should be left to Cfx and its systems, there’s not much you can do there.
1 Like
Some ac’s can detect the injection of some lua menus (not all of them) through :
-
Scanning each client’s resources for fishy strings/functions, since most lua menus don’t create their own resource instead they inject into your server’s resources.
-
Blacklisting textures that are streamed by the menu
-
Some even use « OCR » which basically checks the text on player’s screen and you can ban them if there is blacklisted words
You can even detect some shitty menus just by banning the esx:getSharedObject xD
The best approach is OCR detection. Essentially, you take a screenshot of players every 5-10 seconds, and using Tesseract(or any other ocr engine), extract text from the image. You can then compare this text against a blacklist (though be careful, as small words might cause false bans). However, this method can significantly impact performance. If you’re new to FiveM development, I recommend setting up a local server for Tesseract checks to mitigate this issue.
All other detection methods won’t work properly or achieve significant success.
Apologies ahead of time for bumping an old thread. If you have full control over all your scripts, an easy way is to replace/override common natives. For example:
_PlayerPedId = PlayerPedId
function PlayerPedId()
TriggerServerEvent("my_resource:banMe")
end
Then you would replace all calls to PlayerPedId in your own scripts with the overridden _PlayerPedId. Any injected scripts that then run, will call the original native, which will trigger an event on your server allowing you to ban them.
1 Like