hoaxeyehoaxeyedocs
Get started

Server setup

Once the Quickstart works end-to-end, this page covers the configuration knobs that matter on a real server: whitelist entries, performance, the Discord verify hookup, and the FiveM build matrix.

Resource whitelist

The backdoor scanner compares your started resources against a curated list of known-clean framework resources (ESX, QBCore, common addons). Anything outside that list goes through pattern checks. Two cases need operator action:

  • You ship a custom resource you know is clean. Open the dashboard → Server → Resource hygiene, find the resource, and mark it trusted. Future scans skip it.
  • A scan flagged something you believe is a false positive. Don't whitelist on instinct — open it from the dashboard, read the matched signal, and if you're sure, whitelist with a note. The note shows up in the audit log.

Performance considerations

The on-server resource is intentionally small. The cost dominates on two paths:

  • Connect path: one HTTP roundtrip to the API per join. We cache verdicts for short windows so reconnects don't pay the cost twice.
  • Detection events: rate-limited per player. Spam-abusers don't get to flood the API from your server — the limiter eats it.

If you run a heavy roleplay server (200+ slots) and want to track the load on the resource side, txAdmin → Performance or any per-resource profiler will show you the ms/tick number directly. The config.lua ships sensible defaults; tune only if you observe a real number you don't like.

Discord verify hookup

The Discord verify family is hardcoded on: there's no per-server toggle to disable it for a specific user category. To wire it up:

config.lua (excerpt)LUA
-- config.lua
Config.DiscordGuildId = "your_discord_server_id"
-- Bot membership in that guild is configured server-side via the dashboard.

If you're stuck because the Discord side is misconfigured (bot kicked, guild ID typo, Discord outage), use the Emergency bypass in the dashboard — it's time-boxed and audited. Details on the Discord verify page.

FiveM build compatibility

The resource targets FiveM artifact 5500 and newer. Older builds may not expose a few of the natives we use for guarding; the resource degrades gracefully (the affected guard goes silent rather than crashes), but you'll get a warning at boot. If you run a long-tail older build for compatibility reasons, ping us — we ship a separate slimmer resource for those.

Going live

The recommended rollout sequence:

  1. Stay in observe for at least 24 hours. Skim the verdicts in the dashboard. If nothing flags on traffic you trust, you're good.
  2. Move Anti-VPN to score first, with a conservative threshold. Watch for a few days.
  3. Move to enforce for the verdicts you're confident about — most operators start with datacenter and tor, leaving residential_vpn on score.
  4. Backdoor-scanner findings should always be reviewed manually. Don't auto-act on them.