Remove Backdoor
Learn how to remove a backdoor from your FiveM server.
If you are experiencing issues with a backdoor (Blum-panel, Cipher, etc.) you can follow this guide to remove it from your server's files.
Security recommendation
Backdoors may have exfiltrated sensitive data such as database credentials, VPS logins, or other passwords. After removing the backdoor, reset all relevant credentials ( database passwords, server/VPS login credentials, and any other secrets that could have been exposed).
Stop your server
Stop your FiveM server completely before making any changes.
Download the latest server artifacts
Replace your server files with a clean build. Use artifacts version 26261 or greater.
- Windows: runtime.fivem.net/artifacts/fivem/build_server_windows/master/
- Linux: runtime.fivem.net/artifacts/fivem/build_server_linux/master/
Download and extract the artifacts, then replace your existing server files with the new build.
Use the latest ElectronAC
Ensure you are using the latest version of Electron Anticheat. Update from your Dashboard if needed.
Start the server and identify infected scripts
Start your server. You will start seeing errors, and the server may crash as the backdoor fails to read or write files.
Infected scripts
Errors like the following indicate infected scripts that must be reinstalled or removed:
[ c-scripting-node] Filesystem permission check from 'ox_target' for permission fs.read on resourceThe resource name in the message (e.g. ox_target) is the infected script. Reinstall it from a trusted source or remove it.
Repeat until no more such errors appear. Once you have reinstalled or removed all flagged scripts, your server is clean.