HoaxShield — FiveM-aware DDoS protection
Most DDoS protection is built for websites. FiveM runs on UDP, your Cloudflare protects your website — not your tick server. HoaxShield is our protection layer for the UDP traffic that actually reaches your FiveM server. Planned public beta: June / July 2026.
Roadmap. Planned public beta: June / July 2026. Ships at launch starting with the Advanced plan. Existing hoaxeye customers get a slot before general availability where the plan tier allows it.
The three-stage flow
HoaxShield sits between the public internet and your FiveM server.
Flood
Volumetric and junk UDP packets hit the edge node, not your server. The edge is sized to absorb traffic; your tick server isn't. Your server doesn't see the flood.
HoaxShield filter
The edge inspects the FiveM-specific handshake on incoming UDP. Anything that doesn't look like a legitimate FiveM client is dropped before it's forwarded. This is the part generic DDoS protection can't do — it speaks TCP/HTTP, not the FiveM-on-UDP handshake.
Stable tick
Only validated traffic reaches your server. Tick rate stays where it should be, players stay connected, and your operators don't spend the next two hours firefighting.
What HoaxShield does — and what it doesn't
| Does | Doesn't |
|---|---|
| UDP-specific protection for the FiveM connect path. | Web-frontend protection (that's Cloudflare in front of your panel and store). |
| EU edge node — same jurisdiction as the rest of the hoaxeye stack. | Game-logic anti-cheat (that's the rest of hoaxeye). HoaxShield doesn't read game state; it only validates the protocol. |
| FiveM-protocol awareness instead of generic L4 filtering. | Hardware-volume guarantees. We'll publish concrete absorbed-volume numbers when upstream contracts are signed; not before. |
| One operator console — same dashboard you already use for detections. | Magic. There is no "blocks every DDoS" claim. Anyone making that claim is selling you something. |
Why this isn't already a solved problem
Two industries handle two halves of the problem and neither covers FiveM properly:
- FiveM anti-cheat vendors mostly handle game-logic detection. They don't run network edges, and they don't see UDP floods before those floods hit your tick server.
- DDoS-protection vendors run network edges, but their UDP filtering is generic — they don't speak the FiveM handshake, so a junk-packet flood that looks UDP-shaped passes through to your origin.
HoaxShield combines the two: a UDP-capable edge node that validates the FiveM protocol, in the same EU stack and the same operator console as your detection rules. As far as we can tell, no one currently ships exactly this combination for FiveM. That's why we're building it.
What you can do today
While HoaxShield is in development, the realistic stack for a FiveM operator who cares about uptime looks like this:
- Cloudflare in front of your website / panel / store. That handles the web-frontend half — the half HoaxShield will not handle.
- Standard L3/L4 protection from your hosting provider. Most reputable European hosts include a baseline.
- hoaxeye anti-cheat for cheating. See the detection families.
- HoaxShield, when it lands — for the UDP-specific layer that completes the picture.
What we'll publish at launch
- The upstream provider, once a contract is in place.
- The absorbed-volume numbers we contractually have, with the methodology behind any benchmark.
- A latency budget: edge → forward → server, measured against a baseline of direct connect under no load. We'll keep the bench script in the resource repo so you can reproduce it on your own setup.
- Pricing, included in the Advanced plan and available as an add-on for lower tiers. Final numbers ship with the launch announcement.
Questions before launch
If you operate a server that's been hit and you want a heads-up when the beta opens, email [email protected] with your server scale and a brief description of what you've seen. We'll prioritize early-access seats by operational need, not by pricing tier.