Track 2 · Pro Path

Anti-cheat patterns

No client-side check is real security. Every "give me money" event a cheater finds is one your server should have rejected. This lesson covers the four patterns that stop most attacks: server authority, rate limiting, sanity checks, and audit logging. The key idea is one sentence long. The server trusts who sent an event, but never what they sent.

You'll learn: Server-authoritative events, rate limit per source, sanity checks, audit logs to Discord
Time: ~22 minutes
Prereqs: Lesson 14 (server vs client), P1 (DB), P2 (webhooks)
Outcome: Your reward events refuse cheats, log violations, and notify you in Discord within 1 second

BEFORE YOU START

Build it

Make the resource folder

The server has one folder for this lesson.

Inside your server's resources folder, create this folder:

code

resources/qu_anticheat

Keep the spelling exact. You will use the same name in server.cfg and in the restart command.

Create the files

Every file named in the manifest exists.

Create this exact file layout. This resource has a client file and a server file, because the proof has to cross the network to be real:

Anti-cheat patterns

Build it

Make the resource folder

Create the files

Write fxmanifest.lua

Write client.lua

Write server.lua

Start and test it

Keep reading the full lesson