Server setup and development Server is getting set up and is being developed please wait. Currently there is no set release date
Community News

Behind the Scenes: CSLRP Security & Stress Testing Has Begun

CSLRP has started a full security and stability audit to find weak points before they become real problems. The first tests have already helped us improve website performance and prepare our systems for future growth.

Behind the Scenes: CSLRP Security & Stress Testing Has Begun

We have started a full security and stability audit of the CSLRP infrastructure.

During this audit, we deliberately test our websites, game servers and supporting services under heavier conditions than they would normally experience.

The goal is simple: find weak points now, before they become real problems later.

Why is this important?

A website or game server can work perfectly during normal use but behave very differently when many people connect at the same time.

Unexpected traffic spikes can happen during:

  • A large community announcement
  • A new server update
  • A busy opening day
  • Many players joining at once
  • Automated traffic or an attempted attack
  • A technical issue affecting another service

By testing these situations ourselves, we can see how the systems respond and improve them before CSLRP grows further.

These tests help us:

  • Improve the speed of our services
  • Reduce the chance of unexpected downtime
  • Find overloaded or incorrectly configured systems
  • Improve protection against attacks
  • Make sure services recover automatically
  • Prevent one service from affecting everything else
  • Prepare the infrastructure for more players and visitors

What have we tested so far?

The first part of the audit focused on our public infrastructure.

We checked:

  • Which CSLRP services are reachable from the internet
  • Whether unnecessary services are publicly exposed
  • The security of our website encryption
  • The security of remote server connections
  • How the main website handles many requests at once
  • What happens when the website is pushed beyond normal usage
  • Whether the website recovers automatically
  • Whether the physical server remains stable
  • The public status endpoint of the FiveM development server
  • Our automatic protection against repeated login attempts

All testing is performed on systems that we own and control.

What did we discover?

During normal and heavy testing, the main website remained available without failed requests.

During one extreme controlled test, we intentionally pushed the website until it temporarily became unavailable.

This allowed us to identify the exact reason for the slowdown.

The physical server itself was not overloaded. It still had plenty of available memory and processing power.

The problem was a very low limit on how many website requests could be processed at the same time.

We adjusted this limit and repeated the same tests.

What improved?

After the changes:

  • Full website requests could be processed around 2.5 times faster
  • Lighter website requests could be processed around 4 times faster
  • Response times were significantly reduced
  • No requests failed during the follow-up tests
  • The website remained stable
  • The server still had plenty of available resources

We have now set a sensible safety limit that improves performance without allowing one website to use every available server resource.

What will we test next?

The audit is not finished yet.

The next phases will include:

  • Further FiveM development server testing
  • Player connection and character-loading tests
  • Database-heavy server actions
  • Website login systems and permissions
  • The Radio Dispatch system
  • Management and administration panels
  • FTP and SSH access
  • Website and API rate limits
  • Backup and recovery procedures
  • Service restart and failure recovery
  • Whether one service can affect another service
  • Protection against unusual or malicious traffic
  • Network and DDoS protection with the relevant providers

Some older management systems will also be moved behind safer private remote access instead of remaining directly available from the public internet.

Can services become unavailable?

Some tests may cause temporary slowdowns, connection errors or short periods of downtime.

When disruptive testing is planned, we will use a maintenance window so the community knows that interruptions may happen.

These interruptions are an intentional part of the testing process and do not automatically mean that something has unexpectedly broken.

What do members need to do?

Nothing.

This work is being carried out behind the scenes to make CSLRP safer, faster and more reliable.

We will continue documenting the results and improving each part of the infrastructure as the audit progresses.

Thank you for your patience and continued support while we keep building CSLRP.

All community news
Share