NoProxy - BEST FEATURE PACKED ANTIBOT PLUGIN! .76

Tested Minecraft Versions:

• 1.8
• 1.9
• 1.10
• 1.11
• 1.12
• 1.13

​

NoProxy is a plugin which helps server administrators prevent players who use proxies/VPNs from connecting in the first place. By blocking users who use proxies/VPNs (bots) from connecting to your server your player base will have a less interrupted experience. NoProxy uses proxycheck.io to verify that IPs connecting to your server are not proxies or VPNs.


Immediately after installing NoProxy and starting the plugin for the first time, it will state that a valid API key was not found, this is perfectly normal! To fix this, go to the NoProxy folder under the plugins folder, and edit "config.yml". At the top of this there is a line "API-KEY:" that has a default value, change this to your proxycheck API key (this can be found at proxycheck.io/dashboard) Once you have done this, simply reload your server (or restart it), and everything should run smoothly.

Optionally, if you would like to block users who are using VPNs from connecting to your server, you must enable "check-vpn" in your config.yml. This line is found right below the line where you inserted your API-KEY. Note: check-vpn is disabled by default.


Starting with version 0.6, NoProxy will support (in a very basic form) IPTables. What this means is that if your server is under a bot attack, the bot's IP is blocked from even pinging the server (this makes the server appear completely offline to the bot). The advantage to this is that it will dramatically decrease the CPU usage of your server when under attack, however the drawback to this is that if iptables is enabled, java must be run in root.

Spoiler: DISCLAIMER

THIS IS NOT RECOMMENDED, I AM NOT RESPONSIBLE FOR ANY DAMAGES THAT OCCUR IF YOU RUN JAVA AS ROOT FOR USE OF IPTABLES. PROCEED AT YOUR OWN RISK!

Unlike with most other plugins, before enabling IPTables in the config.yml, we must first install a package known as ipset. The reason ipset must be installed is that when your server is under attack, trying to create hundreds of new rules at once can slow your computer down. IPSet fixes this by storing a list of IPs in memory, meaning many IPs can be added at once, with minimal performance impact.

To install this package on debian/ubuntu based systems:

Code (Text):

apt-get install ipset

To install this package on CentOS based systems:

Code (Text):

yum install ipset

(If you use another linux distro. then google is your friend)

Once you have installed ipset, simply set iptables-enabled in the config.yml to true, and NoProxy will take care of the rest. (It should be noted that as of version 0.6 there will be no way to remove specific IPs via commands from your Spigot server, you must do this from the command line.)

Accurate Detection ​

NoProxy leverages v2 of proxycheck.io's API to ensure that the users that connect to your server are in fact legitimate.

Rich Notifications ​

Become alerted when an attack starts, when it ends, and when a user who is using a proxy tries to connect to your server.

Layered Protection ​

You may choose to simply kick a player for using a proxy, or to IP ban them from your server; above that you may decide to add them to your IPTables rules so that they are unable to even ping the server.

Bunker Mode ​

When the server is under attack, Bunker mode will block all incoming connections to the server except for those that are specifically whitelisted. This will help both mitigate the attack, as well as conserve your queries on proxycheck.io.

Country Blocking ​

Block all connections from countries that you specify.

Absolute Control ​

Customize every phase of verification NoProxy uses to ensure that bots are never able to login to your server.







BungeeCord

Spoiler

• Check if a user who attempts to connect to your server is using a VPN
• Get notified if a user has attempted to connect to your server using a proxy/VPN (as of version 0.3 the ability to control the duration of this notification is broken)
• View query statistics from proxycheck.io
• Pardon/unpardon users from being checked for use of a proxy (this feature requires MySQL, and leverages async scheduling to ensure minimal performance impact to your BungeeCord instance)
• Pardoning/Unpardoning users is UUID based.
  
• Ban/Unban IPs from connecting to your BungeeCord instance (this feature requires MySQL, and leverages async scheduling to ensure minimal performance impact to your BungeeCord instance)
• IPs are validated for basic formatting before being banned.
• Once a proxy is detected for the first time, it is added to a cache in RAM (for maximum speed!) and is retained for a set amount of time (maxmimum of 30 minutes, minimum of 5 minutes). This feature comes in extremely handy if your BungeeCord instance is undergoing a bot attack and you don't want to burn through queries.
• NoProxyBungee also leverages v2 of proxycheck.io's API. This ensures the fastest possible lookup times for all proxies.

In NoProxy for Spigot, a * denotes that the node encompasses all of the nodes below it. Additionally, a node such as "noproxy.list" will give the user the permission to the help menu of that specific command. The general format of permissions is as follows: noproxy.<command>.<sub command>.
Below I have attached a list of the permission nodes which you may copy/paste.

Spoiler: Spigot Permission Nodes

noproxy.help

noproxy.queries

noproxy.banned.*
noproxy.banned.list
noproxy.banned.clear
noproxy.banned.add
noproxy.banned.remove

noproxy.config

noproxy.connections

noproxy.service.*
noproxy.service
noproxy.service.list
noproxy.service.edit

noproxy.list.*
noproxy.list
noproxy.list.add
noproxy.list.remove
noproxy.list.clear
noproxy.list.size

noproxy.cache.*
noproxy.cache
noproxy.cache.list
noproxy.cache.clear

NoProxy for BungeeCord follows the same format of noproxy.<command>.<subcommand>, however there are no encompassing permissions (such as noproxy.cache.*, etc). Below I have attached a list of the permission nodes which you may copy/paste.

​

Spoiler: BungeeCord Permission Nodes

noproxy.ban
noproxy.ban.list
noproxy.ban.clear
noproxy.ban.size

noproxy.list
noproxy.list.add
noproxy.list.remove
noproxy.list.clear
noproxy.list.size

noproxy.cache
noproxy.cache.list
noproxy.cache.clear

noproxy.config
noproxy.connections
noproxy.help

noproxy.pardon
noproxy.pardon.list

noproxy.queries

noproxy.service
noproxy.service.list
noproxy.service.edit

noproxy.unban
noproxy.unpardon

​

​

The Bungeecord version of NoProxy brings several new features, however in order for them to work, MySQL is highly recommended (I'd go as far to say it's REQUIRED) . The first new feature is a ban system based around MySQL. This system was implemented as BungeeCord has no central ban storage. Additionally, in the BungeeCord version of NoProxy there is pardoning supported based on a user's UUID.

Spoiler: Additional Permission Nodes

noproxy.viewkickevent

noproxy.alert

​

Spoiler: Spigot config.yml

############################
# GENERAL #
############################

#Place your API key here
API-KEY: 1111-2222-3333-4444

#Set this to true if you would like to check if a player is using a VPN
check-vpn: false

############################
# KICK MESSAGES #
############################

#Message which will be sent to the player if they are using a proxy
kick-message: "§4§lPlease disable your proxy before connecting to this server!"

#The number of seconds that the action bar notification will remain for
kick-notify-time: 3


############################
# BANNED IP #
############################

#Whether or not to IP ban the IP of the proxy/VPN when the player connects, this must be enabled for any of the settings
#below it to have any affect
banip-on-attempt: false

#Message to send to players whom have had their IP banned.
banip-message: "&6Your IP &c(ip) &6has been banned from connecting as it is a proxy. Please disable it and reconnect to the server."

#Whether or not to validate IPs when they are added manually
banip-validate: true

#If this is enabled, whenever you manually add an IP to the list of banned IPs, it will check that it is valid by
#sending a request to proxycheck.io (this will use up a query)
banip-validate-accurate: false

#If this is enabled, whenever you manually add an IP to the list of banned IPs, it will check that it is valid
#locally (not as accurate, but fast and uses no queries)
banip-validate-fast: true

#If banip-validate is enabled, this is the message that you will be sent if the IP is invalid.
banip-invalid-message: "&cPlease supply a valid IP!"

##################################
# COMMAND MESSAGES #
##################################

#Permission denied message
permission-denied: "&cYou don't have permission to do this."

- Add 1.13 support (when a stable version of spigot is released)

- Add ability for more forms of detection (e.g when the player/bot pings the server list, check their IP and then decide whether or not to block)

- Add firewall support for windows machines

- Bring the features introduced for the Spigot version of NoProxy to the BungeeCord version (this will mostlikely be 0.7). From there, add MySQL support and country blocking to Spigot, and polish the plugin (make the help menus cooler looking, make code more efficient behind the scenes), (this will be most likely be version 0.75), and beyond that add the ability to have your own proxy lists added that will be compared against when someone joins the server (this will most likely be version 0.8). Beyond that, my only goal at this point is to improve performance so that the plugin can absorb larger and larger attacks with minimal performance impact on the server.

Feel free to contact me, or comment in the discussion with any feature requests! I will try to do my best to respond.

Thanks for checking out NoProxy

Also, please don't hesitate to send me a PM if you run into any issues using NoProxy, I will try my best to help you!

​