# Anti exploit

Automatic detection and permanent banning of players who attempt to exploit the pawn shop.

{% hint style="info" %}
**Server-authoritative** All validation runs on the server. The client UI has no authority over what gets sold or how much is paid.
{% endhint %}

## Ban Triggers

| Trigger           | Reason                           | Likely cause                               |
| ----------------- | -------------------------------- | ------------------------------------------ |
| Invalid item name | `sellPawnItems - invalid item`   | Menu injection or direct server event      |
| Invalid amount    | `sellPawnItems - invalid amount` | Value manipulation (float, negative, zero) |
| Out of range      | `sellPawnItems - out of range`   | Teleport hack or direct event call         |

## What happens on ban

```lua
-- 1. Writes to the bans table:
MySQL.insert('INSERT INTO bans (name, license, discord, ip, reason, expire, bannedby) VALUES ...'
-- expire = 2147483647 (permanent)
-- bannedby = 'moh-pawnshop'

-- 2. Creates a qb-log entry (if qb-log is running)
TriggerEvent('qb-log:server:CreateLog', 'pawnshop', 'Player Banned', 'red', ...)

-- 3. Drops the player
DropPlayer(id, 'You were permanently banned by the server for: Exploiting')
```

## Managing Bans

### View all pawnshop bans

```sql
SELECT * FROM bans WHERE bannedby = 'moh-pawnshop';
```

### Remove a specific ban

```sql
DELETE FROM bans WHERE license = 'license:abc123...' AND bannedby = 'moh-pawnshop';
```

{% hint style="info" %}
**False positive?** Rarely, a legitimate player could be banned if a mod menu fires the event without their knowledge. Check the ban reason in the DB. If it says `out of range` and you trust the player, it may have been a timing issue — remove the ban and monitor.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mohssins.gitbook.io/mohscriptsdocs/moh-pawnshop/anti-exploit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.