# Client Mod Verification on Schedule 1 Servers (/docs/schedule-1/client-mod-verification)



import { Callout } from 'fumadocs-ui/components/callout';
import { Step, Steps } from 'fumadocs-ui/components/steps';

Schedule 1 has no official anti-cheat. The DedicatedServerMod's **client mod verification** is the closest thing — it forces every connecting player to have the same mod hashes as the server. Anyone running a different mod set (cheats, debug tools, mismatched MultiplayerPlus version) gets rejected at connect.

This guide covers configuring the allowed / required mod list through your XGamingServer panel.

<Callout type="info">
  Verification is **opt-in**. With it off, anyone with the right server password can connect with any mods (or none). With it on, you get a much cleaner co-op experience but you also have to publish your modlist to your players.
</Callout>

***

How it works [#how-it-works]

The DedicatedServerMod hashes the `.dll` of every mod in the `Mods/` folder. When a client connects, the mod's client launcher hashes the client's `Mods/` folder and sends the list. The server compares:

* If verification mode is **strict**, the client must have the exact same mods at the exact same versions
* If verification mode is **allowlist**, the client can have *fewer* mods than the server but no *extra* ones not on the server's list
* If verification mode is **off**, no check happens (default)

***

Enable verification [#enable-verification]

<Steps>
  <Step>
    Stop your Schedule 1 server from the XGS panel **Dashboard**.
  </Step>

  <Step>
    Open **File Manager** → the DedicatedServerMod config file.
  </Step>

  <Step>
    Set the `clientVerification` block:

    ```json
    {
      "clientVerification": {
        "enabled": true,
        "mode": "strict",
        "allowedExtraMods": []
      }
    }
    ```

    Modes:

    * `"strict"` — client must match server hashes exactly
    * `"allowlist"` — client can have fewer mods, but no unlisted ones
    * `"disabled"` — no verification (default)
  </Step>

  <Step>
    Save and start the server.
  </Step>

  <Step>
    Send your players the modlist (which `.dll`s they need and what versions). The DedicatedServerMod client launcher will show them the hash mismatch error on failed connects so they can self-diagnose.
  </Step>
</Steps>

***

Allow players to run some extra mods [#allow-players-to-run-some-extra-mods]

If you want server-side enforcement of required mods (e.g. MultiplayerPlus) but let players run cosmetic-only client mods, use `allowlist` mode and list the extras explicitly:

```json
{
  "clientVerification": {
    "enabled": true,
    "mode": "allowlist",
    "allowedExtraMods": [
      "PlayerSkinPack",
      "ChatColors",
      "CompactInventory"
    ]
  }
}
```

Now a player can connect with `MultiplayerPlus.dll` (required) plus any of those three (optional) but will be rejected if they have anything else loaded.

***

Common verification errors players will report [#common-verification-errors-players-will-report]

| Player error                             | What it means                                                  | Fix                                                                                                          |
| ---------------------------------------- | -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ |
| "Mod hash mismatch: MultiplayerPlus.dll" | They're on a different MultiplayerPlus version than the server | Send them the exact `.dll` from your `Mods/` folder via Discord                                              |
| "Unknown mod: ChatColors.dll"            | They have a mod the server doesn't allow                       | Either remove it client-side, or add to `allowedExtraMods`                                                   |
| "Required mod missing: S1API.dll"        | They're missing a required mod                                 | They need to install it — S1API is normally bundled with most content mods                                   |
| "MelonLoader version mismatch"           | Their MelonLoader is a different version than yours            | Pin a known-good MelonLoader version and share it. See [MelonLoader Versions](/docs/schedule-1/melonloader). |

***

Publishing your modlist to players [#publishing-your-modlist-to-players]

The lowest-friction way to share the exact mod set:

1. Open **File Manager** in the XGS panel
2. Right-click the `Mods/` folder → **Archive** (creates a `.zip` of every mod)
3. Download the archive
4. Distribute via Discord / Steam group / Google Drive
5. Players unzip into their own `Mods/` folder and they're matched

> **Don't ship MelonLoader inside the same zip** — MelonLoader is per-machine installed, not dropped in. See [MelonLoader Install](/docs/schedule-1/melonloader) for the right install path.

***

Trade-offs [#trade-offs]

**Pros of verification:**

* Blocks obvious cheaters with custom DLLs
* Catches version drift between client and server (e.g. someone updated MultiplayerPlus client-side)
* Less "why don't I see what they see?" support questions

**Cons:**

* Every mod swap on the server now means every player has to update theirs too
* Friction for casual joiners — they can't try the server before installing mods
* Doesn't catch sophisticated cheats (anyone who can rebuild a DLL with the right hash can bypass)

Most public-ish modded servers use `allowlist` mode. Private friend groups can run `strict`. Drop-in public servers (no mods enforced) typically run `disabled`.

***

Related Guides [#related-guides]

* [Install Mods →](/docs/schedule-1/install-mods)
* [MelonLoader Versions →](/docs/schedule-1/melonloader)
* [MultiplayerPlus →](/docs/schedule-1/multiplayerplus)
* [Server Config Reference →](/docs/schedule-1/server-config)