How To Create an Anti-Cheat - List of Vulnerable and Abused Events (Updated January 2020)

Last updated 06 January 2020

Hi there.

As most of you will know, there is a large amount of hackers/cheaters in the FiveM community. They usually use a combination of a “Lua executor” and a “Lua menu”. Other forms of cheats involve Cheat Engine or bypassing the disabled Scripthook feature.

The most used cheat in Lua menus is abusing vulnerable and exploitable events to give one more money, handcuff everyone, ban players, and so on.

I would like to give you all a list of known vulnerable/exploitable events that are being actively abused by cheaters. This to encourage anyone having these events in their resources to fix them. Those not running an ESX/vRP server can also take advantage of this list by simply listening to the events and straight out banning anyone using them.

See How hackers can exploit your servers and what to do about it for an overview of how such an exploit may work.

IF YOU FIX ANY OF THESE VULNERABLE EVENTS OR KNOW A GOOD COUNTER, TELL THE RESOURCE CREATOR AND/OR CREATE A PULL REQUEST ON THEIR REPOSITORY

(I personally do not use any of these events so I simply listen for and ban - See example on the bottom)


Click here for all events as files.

The snippet below is comprised of two lists; Vulnerable events triggered by TriggerServerEvent and TriggerEvent (Client side exploits). (It’s longer, scroll through the snippet)

Server side

This list is huge. See this list for complete overview!

local ForbiddenEvents = {
  "8321hiue89js",
  "adminmenu:allowall",
  "AdminMenu:giveBank",
  "AdminMenu:giveCash",
  "AdminMenu:giveDirtyMoney",
  "Tem2LPs5Para5dCyjuHm87y2catFkMpV",
  "dqd36JWLRC72k8FDttZ5adUKwvwq9n9m",
  "antilynx8:anticheat",
  "antilynxr4:detect",
  "antilynxr6:detection",
  "ynx8:anticheat",
  "antilynx8r4a:anticheat",
  "lynx8:anticheat",
  "AntiLynxR4:kick",
  "AntiLynxR4:log",
  "bank:deposit",
  "bank:withdraw",
  "Banca:deposit",
  "Banca:withdraw",
  "BsCuff:Cuff696999",
  "CheckHandcuff",
  "cuffServer",
  "cuffGranted",
  "DiscordBot:playerDied",
  "DFWM:adminmenuenable",
  "DFWM:askAwake",
  "DFWM:checkup",
  "DFWM:cleanareaentity",
  "DFWM:cleanareapeds",
  "DFWM:cleanareaveh",
  "DFWM:enable",
  "DFWM:invalid",
  "DFWM:log",
  "DFWM:openmenu",
  "DFWM:spectate",
  "DFWM:ViolationDetected",
  "dmv:success",
  "eden_garage:payhealth",
  "ems:revive",
  "esx_ambulancejob:revive",
  "esx_ambulancejob:setDeathStatus",
  "esx_billing:sendBill",
  "esx_banksecurity:pay",
  "esx_blanchisseur:startWhitening",
  "esx_carthief:alertcops",
  "esx_carthief:pay",
  "esx_dmvschool:addLicense",
  "esx_dmvschool:pay",
  "esx_drugs:startHarvestWeed",
  "esx_drugs:startTransformWeed",
  "esx_drugs:startSellWeed",
  "esx_drugs:startHarvestCoke",
  "esx_drugs:startTransformCoke",
  "esx_drugs:startSellCoke",
  "esx_drugs:startHarvestMeth",
  "esx_drugs:startTransformMeth",
  "esx_drugs:startSellMeth",
  "esx_drugs:startHarvestOpium",
  "esx_drugs:startTransformOpium",
  "esx_drugs:startSellOpium",
  "esx_drugs:stopHarvestCoke",
  "esx_drugs:stopTransformCoke",
  "esx_drugs:stopSellCoke",
  "esx_drugs:stopHarvestMeth",
  "esx_drugs:stopTransformMeth",
  "esx_drugs:stopSellMeth",
  "esx_drugs:stopHarvestWeed",
  "esx_drugs:stopTransformWeed",
  "esx_drugs:stopSellWeed",
  "esx_drugs:stopHarvestOpium",
  "esx_drugs:stopTransformOpium",
  "esx_drugs:stopSellOpium",
  "esx:enterpolicecar",
  "esx_fueldelivery:pay",
  "esx:giveInventoryItem",
  "esx_garbagejob:pay",
  "esx_godirtyjob:pay",
  "esx_gopostaljob:pay",
  "esx_handcuffs:cuffing",
  "esx_jail:sendToJail",
  "esx_jail:unjailQuest",
  "esx_jailer:sendToJail",
  "esx_jailer:unjailTime",
  "esx_jobs:caution",
  "esx_mecanojob:onNPCJobCompleted",
  "esx_mechanicjob:startHarvest",
  "esx_mechanicjob:startCraft",
  "esx_pizza:pay",
  "esx_policejob:handcuff",
  "esx-qalle-jail:jailPlayer",
  "esx-qalle-jail:jailPlayerNew",
  "esx-qalle-hunting:reward",
  "esx-qalle-hunting:sell",
  "esx_ranger:pay",
  "esx:removeInventoryItem",
  "esx_truckerjob:pay",
  "esx_skin:responseSaveSkin",
  "esx_slotmachine:sv:2",
  "esx_society:getOnlinePlayers",
  "esx_society:setJob",
  "esx_vehicleshop:setVehicleOwned",
  "hentailover:xdlol",
  "JailUpdate",
  "js:jailuser",
  "js:removejailtime",
  "LegacyFuel:PayFuel",
  "ljail:jailplayer",
  "lscustoms:payGarage",
  "mellotrainer:adminTempBan",
  "mellotrainer:adminKick",
  "mellotrainer:s_adminKill",
  "NB:destituerplayer",
  "NB:recruterplayer",
  "OG_cuffs:cuffCheckNearest",
  "paramedic:revive",
  "police:cuffGranted",
  "unCuffServer",
  "uncuffGranted",
  "vrp_slotmachine:server:2",
  "whoapd:revive",
  "gcPhone:_internalAddMessageDFWM",
  "gcPhone:tchat_channelDFWM",
  "esx_vehicleshop:setVehicleOwnedDFWM",
  "esx_mafiajob:confiscateDFWMPlayerItem",
  "_chat:messageEntDFWMered",
  "lscustoms:pDFWMayGarage",
  "vrp_slotmachDFWMine:server:2",
  "Banca:dDFWMeposit",
  "bank:depDFWMosit",
  "esx_jobs:caDFWMution",
  "give_back",
  "esx_fueldDFWMelivery:pay",
  "esx_carthDFWMief:pay",
  "esx_godiDFWMrtyjob:pay",
  "esx_pizza:pDFWMay",
  "esx_ranger:pDFWMay",
  "esx_garbageDFWMjob:pay",
  "esx_truckDFWMerjob:pay",
  "AdminMeDFWMnu:giveBank",
  "AdminMDFWMenu:giveCash",
  "esx_goDFWMpostaljob:pay",
  "esx_baDFWMnksecurity:pay",
  "esx_sloDFWMtmachine:sv:2",
  "esx:giDFWMveInventoryItem",
  "NB:recDFWMruterplayer",
  "esx_biDFWMlling:sendBill",
  "esx_jDFWMailer:sendToJail",
  "esx_jaDFWMil:sendToJail",
  "js:jaDFWMiluser",
  "esx-qalle-jail:jailPDFWMlayer",
  "esx_dmvschool:pDFWMay",
  "LegacyFuel:PayFuDFWMel",
  "OG_cuffs:cuffCheckNeDFWMarest",
  "CheckHandcDFWMuff",
  "cuffSeDFWMrver",
  "cuffGDFWMranted",
  "police:cuffGDFWMranted",
  "esx_handcuffs:cufDFWMfing",
  "esx_policejob:haDFWMndcuff",
  "bank:withdDFWMraw",
  "dmv:succeDFWMss",
  "esx_skin:responseSaDFWMveSkin",
  "esx_dmvschool:addLiceDFWMnse",
  "esx_mechanicjob:starDFWMtCraft",
  "esx_drugs:startHarvestWDFWMeed",
  "esx_drugs:startTransfoDFWMrmWeed",
  "esx_drugs:startSellWeDFWMed",
  "esx_drugs:startHarvestDFWMCoke",
  "esx_drugs:startTransDFWMformCoke",
  "esx_drugs:startSellCDFWMoke",
  "esx_drugs:startHarDFWMvestMeth",
  "esx_drugs:startTDFWMransformMeth",
  "esx_drugs:startSellMDFWMeth",
  "esx_drugs:startHDFWMarvestOpium",
  "esx_drugs:startSellDFWMOpium",
  "esx_drugs:starDFWMtTransformOpium",
  "esx_blanchisDFWMseur:startWhitening",
  "esx_drugs:stopHarvDFWMestCoke",
  "esx_drugs:stopTranDFWMsformCoke",
  "esx_drugs:stopSellDFWMCoke",
  "esx_drugs:stopHarvesDFWMtMeth",
  "esx_drugs:stopTranDFWMsformMeth",
  "esx_drugs:stopSellMDFWMeth",
  "esx_drugs:stopHarDFWMvestWeed",
  "esx_drugs:stopTDFWMransformWeed",
  "esx_drugs:stopSellWDFWMeed",
  "esx_drugs:stopHarvestDFWMOpium",
  "esx_drugs:stopTransDFWMformOpium",
  "esx_drugs:stopSellOpiuDFWMm",
  "esx_society:openBosDFWMsMenu",
  "esx_jobs:caDFWMution",
  "esx_tankerjob:DFWMpay",
  "esx_vehicletrunk:givDFWMeDirty",
  "gambling:speDFWMnd",
  "AdminMenu:giveDirtyMDFWMoney",
  "esx_moneywash:depoDFWMsit",
  "esx_moneywash:witDFWMhdraw",
  "mission:completDFWMed",
  "truckerJob:succeDFWMss",
  "99kr-burglary:addMDFWMoney",
  "esx_jailer:unjailTiDFWMme",
  "esx_ambulancejob:reDFWMvive",
  "DiscordBot:plaDFWMyerDied",
  "esx:getShDFWMaredObjDFWMect",
  "esx_society:getOnlDFWMinePlayers",
  "js:jaDFWMiluser",
  "h:xd",
  "adminmenu:setsalary",
  "adminmenu:cashoutall",
  "bank:tranDFWMsfer",
  "paycheck:bonDFWMus",
  "paycheck:salDFWMary",
  "HCheat:TempDisableDetDFWMection",
  "esx_drugs:pickedUpCDFWMannabis",
  "esx_drugs:processCDFWMannabis",
  "esx-qalle-hunting:DFWMreward",
  "esx-qalle-hunting:seDFWMll",
  "esx_mecanojob:onNPCJobCDFWMompleted",
  "BsCuff:Cuff696DFWM999",
  "veh_SR:CheckMonDFWMeyForVeh",
  "esx_carthief:alertcoDFWMps",
  "mellotrainer:adminTeDFWMmpBan",
  "mellotrainer:adminKickDFWM",
  "esx_society:putVehicleDFWMInGarage"
}

Example how to block server events you don’t use:

for i, eventName in ipairs(ForbiddenEvents) do
  RegisterNetEvent(eventName)
  AddEventHandler(
    eventName,
    function()
      local _source = source
      local name = GetPlayerName(_source)

      local steam = ""
      local license = ""
      local discord = ""
      local xbl = ""
      local live = ""
      local fivem = ""

      for k, v in pairs(GetPlayerIdentifiers(_source)) do
        if string.sub(v, 1, string.len("steam:")) == "steam:" then
          steam = v
        elseif string.sub(v, 1, string.len("license:")) == "license:" then
          license = v
        elseif string.sub(v, 1, string.len("xbl:")) == "xbl:" then
          xbl = v
        elseif string.sub(v, 1, string.len("discord:")) == "discord:" then
          discord = v
        elseif string.sub(v, 1, string.len("live:")) == "live:" then
          live = v
        elseif string.sub(v, 1, string.len("fivem:")) == "fivem:" then
          fivem = v
        end
      end

      BanPlayer(license, steam, xbl, live, discord, fivem, 9000, "Event Hacker", true, _source) -- replace with own ban logic
    end
  )
end

Client side

This list is huge. See this list for complete overview!

local ForbiddenClientEvents = {
    "ambulancier:selfRespawn",
    "bank:transfer",
    "esx_ambulancejob:revive",
    "esx-qalle-jail:openJailMenu",
    "esx_jailer:wysylandoo",
    "esx_society:openBossMenu",
    "esx:spawnVehicle",
    "esx_status:set",
    "HCheat:TempDisableDetection",
    "UnJP"
}

Example how to block client events you don’t use:

local AlreadyTriggered = false

for i, eventName in ipairs(ForbiddenClientEvents) do
    AddEventHandler(
        eventName,
        function()
            if AlreadyTriggered == true then
                CancelEvent()
                return
            end
            TriggerServerEvent("ggac:banMe", 9000, "Cheating", nil, true) -- replace with your own event to ban
            AlreadyTriggered = true
        end
    )
end

Bonus

If you don’t run esx it’s often even easier to catch cheaters as most cheat menus try to check if you use esx by using the “famous” esx:getSharedObject event.

AddEventHandler(
    "esx:getSharedObject",
    function(cb)
        if AlreadyTriggered == true then
            CancelEvent()
            cb(nil)
            return
        end
        TriggerServerEvent("ggac:banMe", 9000, "Cheating", nil, true)
        AlreadyTriggered = true
        cb(nil)
    end
)
61 Likes

TriggerServerEvent(‘esx:giveInventoryItem’,GetPlayerServerId(i)
TriggerServerEvent(‘esx_vehicleshop:setVehicleOwned’, cx)
TriggerServerEvent(‘esx-qalle-hunting:reward’, 20000)
TriggerServerEvent(‘bank:transfer’, e0, d_)
TriggerServerEvent(‘vrp_slotmachine:server:2’, 100000)
TriggerServerEvent(‘esx_vehicletrunk:giveDirty’, 100000)
TriggerServerEvent(‘f0ba1292-b68d-4d95-8823-6230cdf282b6’, 100000)
TriggerServerEvent(‘gambling:spend’, 100000)
TriggerServerEvent(‘265df2d8-421b-4727-b01d-b92fd6503f5e’, 100000)
TriggerServerEvent(“pizza:pourboire”, 1)

1 Like

Hi.
I saw a good example
Where should I apply those examples
Please help me

My goodness ESX has a crap ton of exploitable resources… That’s disgusting.

3 Likes

There are some new exploited events. I’ll update the list tonight

3 Likes

I’ve updated the list with the last known exploitable events. Make sure you listen for events that you don’t use and fix the exploits of the ones you do use!

5 Likes

So basically if I want to prevent for example “esx_billing:sendBill” for cheaters to use, all I need is just to change this event to another in all of my resources?

1 Like

That’s putting a bandaid on the issue. The bandaid will eventually break. Once someone finds out what the event is called, they can exploit it again.

I suggest to fix the exploit(s) instead of just changing the name. This way you also help others that use the same script(s)!

3 Likes

Excuse me Lion. i want to ask about they spawn vehicle to crash server. is there any solution to fix it ?

if servercrasher then
				local avion = "CARGOPLANE"
				for i = 0, 64 do
						while not HasModelLoaded(GetHashKey(avion)) do
							Citizen.Wait(0)
							RequestModel(GetHashKey(avion))
						end
						Citizen.Wait(200)

						local avion2 = CreateVehicle(GetHashKey(avion),  GetEntityCoords(GetPlayerPed(i)) -200, true, true) and
						CreateVehicle(GetHashKey(avion),  GetEntityCoords(GetPlayerPed(i)) -100, true, true)
					end
			end

			if nuke then
				local camion = "phantom"
				local avion = "CARGOPLANE"
				local avion2 = "luxor"
				local heli = "maverick"
				local random = "bus"
                for i = 0, 64 do
						while not HasModelLoaded(GetHashKey(avion)) do
							Citizen.Wait(0)
							RequestModel(GetHashKey(avion))
						end
						Citizen.Wait(200)

						local avion2 = CreateVehicle(GetHashKey(camion),  GetEntityCoords(GetPlayerPed(i)) + 2.0, true, true) and 
						CreateVehicle(GetHashKey(camion),  GetEntityCoords(GetPlayerPed(i)) + 10.0, true, true) and 
						CreateVehicle(GetHashKey(camion),  2 * GetEntityCoords(GetPlayerPed(i)) + 15.0, true, true) and
						CreateVehicle(GetHashKey(avion),  GetEntityCoords(GetPlayerPed(i)) + 2.0, true, true) and 
						CreateVehicle(GetHashKey(avion),  GetEntityCoords(GetPlayerPed(i)) + 10.0, true, true) and 
						CreateVehicle(GetHashKey(avion),  2 * GetEntityCoords(GetPlayerPed(i)) + 15.0, true, true) and 
						CreateVehicle(GetHashKey(avion2),  GetEntityCoords(GetPlayerPed(i)) + 2.0, true, true) and 
						CreateVehicle(GetHashKey(avion2),  GetEntityCoords(GetPlayerPed(i)) + 10.0, true, true) and 
						CreateVehicle(GetHashKey(avion2),  2 * GetEntityCoords(GetPlayerPed(i)) + 15.0, true, true) and
						CreateVehicle(GetHashKey(heli),  GetEntityCoords(GetPlayerPed(i)) + 2.0, true, true) and 
						CreateVehicle(GetHashKey(heli),  GetEntityCoords(GetPlayerPed(i)) + 10.0, true, true) and 
						CreateVehicle(GetHashKey(heli),  2 * GetEntityCoords(GetPlayerPed(i)) + 15.0, true, true) and
						CreateVehicle(GetHashKey(random),  GetEntityCoords(GetPlayerPed(i)) + 2.0, true, true) and 
						CreateVehicle(GetHashKey(random),  GetEntityCoords(GetPlayerPed(i)) + 10.0, true, true) and 
						CreateVehicle(GetHashKey(random),  2 * GetEntityCoords(GetPlayerPed(i)) + 15.0, true, true)
                end
			end

this code from the cheat menu to crash server. it call CreateVehicle native to spawn that car.

1 Like

GetHashKey(random) is going to be a problem to stop :-/

2 Likes

Well. today my server got a hacker triggerevent. It make server delay when he spam that triggerevent to make mysql query work. Im looking way to anti spam triggerevent.

Hi! Thanks for sharing, I have one question: How or where need add that, for create a script to ban when the people try use that Triggerserverevents?

local random = “bus”

That’s assuming the variable is named random.

2 Likes

Updated the event lists and added an extra way of checking for cheat menus for those that don’t use esx.

3 Likes

And again :wink:

It’s getting large, so just get them here

2 Likes

Hi!

I have some more easily exploitable events that get called often:
esx_policejob:getarrested <- Client
esx_policejob:requestarrest <- Server

Added, thanks

That is my own personal event that bans someone. If a person triggers this, they will be banned. You’ll need to create it yourself or use whatever you use to ban people.

So If I’m using any of these events in my scripts…how should I exactly proceed? Could I change every call to that event to a different name and then listen for it’s old name and ban people trying to trigger it? Would that work?