⚡ AAC Oᴘᴛɪᴍɪᴢᴀᴛɪᴏɴ Gᴜɪᴅᴇ (AntiCheat) ⚡

Discussion in 'Server & Community Management' started by Celebrimbor, Dec 18, 2015.

  1. Celebrimbor


    AAC Oᴘᴛɪᴍɪᴢᴀᴛɪᴏɴ Gᴜɪᴅᴇ
    This guide is for anyone who uses Advanced Anti Cheat (AAC) by @konsolas. This guide will educate you about AAC and give you tools to catch your hackers up to 75% faster!

    Expert application of this guide + anti lag-back + compatibility setups here:

    Oᴘᴛɪᴍɪᴢᴇᴅ AAC Sᴇʀᴠɪᴄᴇ
    > Using Konsolas' Conditional Commands resource, we can build an AAC config to be as strict as possible when internet latency (aka Ping) and server TPS are not to blame when AAC detects abnormal player activity. This setup actually considers the surrounding conditions before punishing players for hacks! By installing this form of artificial intelligence into your AAC config, you can make punishment thresholds far more strict and catch the real cheaters much quicker!
    Ping reflects how long the electrical data takes to process and travel between the client and server host (measured in milliseconds). The further you are geographically separated from your host, the longer this process may take. Another influence on ping can be bandwidth issues which are typical of a clogged or limited/slow connection for either the client or server.

    It is believed that 1-90ms ping is a perfect connection speed for Minecraft. Anything exceeding 200ms potentially causes small hiccups of lag because you are playing and the info isn't being sent to the server fast enough to track your actions. AAC is very sensitive and will detect you more if the server has a hard time tracking your movements.

    TPS stands for Ticks Per Second. Minecraft can process a max of 20 ticks each second, which is why a flawless performing server would show 20TPS, 24/7. Each tick causes the server to recalculate many things such as the direction of mobs, crop growth and tracking player interaction with blocks and entities. A TPS rate below 20 means the server is unable to keep up and is forced to skip tasks in order to keep important server tasks on time. This process of skipping tasks is typically known as "server lag". This lag is not troublesome or even noticeable by players except under extreme circumstances where TPS drops below 18 TPS. Since AAC tests for precise, expected player movements, a TPS below 19 can be troublesome for some AAC checks (like Badpackets).

    Do not confuse TPS with FPS (Frames Per Second). FPS is 100% client side and is by far the most common form of lag. It also has nothing to do with the server tracking your movement or activity. FPS directly reflects your computer's ability to process and display the information that the server and game are sending. FPS lag is only lag for the client! So...if you have a player detected for hacks and they claim the reason was due to running 13 FPS, know that FPS has nothing to do with AAC.

    > The point of this guide is to give server owners who take pride in optimal server performance, an advanced, yet common sense approach to catching hackers when performance is not to blame! If you are unaware of your server's performance, please run a "Timings Report" to evaluate. Server should run above 19.5 TPS on a regular basis if you want this setup to be more than a waste of time and resources.
    > See my YML Optimization Guide for techniques on reducing lag.
    1. Run command: /timings on
    2. Wait 5-6 minutes.
    3. Run command: /timings paste
    4. Copy & Paste url output into browser.
    5. On timings report (at top), locate Average TPS: ##.#

    If your average TPS shows 19.7 or less, consider investigating your sources of TPS drops before spending time implementing this guide. Get free performance assistance here: https://www.spigotmc.org/forums/performance-tweaking.5/

    Hᴏᴡ Is Iᴛ Dᴏɴᴇ?
    > For each AAC check that can have false/accidental player detection due to Ping/TPS, we can make a performance based violation ladder. Players climb a ladder of thresholds and will trigger punishment commands only if conditions are acceptable when a threshold is reached.

    > The example ladder below runs a command for a user who is at violation level 3 (default kick is 12), but the player only gets kicked if they have less than 91ms Ping and the server is at 19.95+ TPS (flawless conditions). If either of the conditions are not met, the command is skipped, the player keeps their violation level and nobody (besides the AAC logs) is aware that anything happened. This ladder punishes those players that have no business having that many violations and ignores those who may just be there coincidentally due to high ping or a drop in server performance.
    Code (Text):
    3: "ccmd {player} if -ping-<91&-tps->19.5 do aackick {player} FastBow Hack! Turn off hacks to avoid ban!"
    7: "ccmd {player} if -ping-<250&-tps->19.5 do aackick {player} FastBow Hack! Turn off hacks to avoid ban!"
    12: "aackick {player} FastBow Hack! Turn off hacks to avoid ban!"

    Typical AAC Verbose Log
    [07-01-2016 17:21:20.145] PlayerX failed Knockback: didn't move away from his attacker when hit [ping:470 tps:20.0] VL:6
    [07-01-2016 17:25:21.785] PlayerX failed Knockback: didn't move away from his attacker when hit [ping:694 tps:19.9] VL:7
    [07-01-2016 17:25:46.339] PlayerX failed Knockback: didn't move away from his attacker when hit [ping:720 tps:20.0] VL:9
    [07-01-2016 17:25:53.140] PlayerX failed Knockback: didn't move away from his attacker when hit [ping:735 tps:20.0] VL:10
    [07-01-2016 17:25:53.640] (Punisher) ->combat.Knockback: Dispatching command ccmd PlayerX if -ping-<91&-tps->19.5 do aackick PlayerX KnockBack Hack! Turn off hacks before ban!

    The kick command never sent since Conditional Commands saw the player's ping failed the required condition(s).

    Wʜʏ Cʜᴇᴄᴋ Fᴏʀ Cᴏɴᴅɪᴛɪᴏɴs?
    > I have a server in Texas, so in theory, non-hacking players in the USA have little excuse for ping causing anything more than 1 fluke detection every so often (exception- bandwidth issues). These players do not need the excessive buffer zone for punishment thresholds.

    > Contrarily, players in the Netherlands, Asia, Australia (etc) will typically have ping in the 200ms+ category. These players need a wider buffer zone (indicated by AAC default config values).

    Example: I have players in Australia that have :eek:400-800ms ping at any given time! Consequently, they fill my AAC Logs with 5-20 random detections every few minutes and can reach up to 60% of kick values when they are 600ms+ ping. If we just dropped the thresholds without checking conditions, we would basically deny server access to anyone who lives half way around the world :(

    Dᴇғᴀᴜʟᴛ AAC Cᴏɴғɪɢ
    > AAC's default config is setup to assume the worst and accommodate for horrible checking conditions like 500ms+ ping and servers that dip as low as 13 TPS regularly. As a result, the default punishment thresholds are cranked up artificially high as to avoid punishing players accidentally.

    Default Pros- (1) Limited accidental kicks. (Exception: "experimental" checks)
    Default Cons- (1) Hackers can do more damage before kick, (2) AAC might not catch them unless they aggressively use hacks for a decent length of time, (3) Hackers might lightly use some cheats to work within thresholds (less likely, but possible).

    Oᴘᴛɪᴍɪᴢᴇᴅ Sᴇᴛᴜᴘ Rᴜʟᴇs
    > Hack checks that could be caused by TPS drop or client ping have a threshold ladder. Thresholds will vary based on each check's tolerance to performance related issues or potential for false detection. You should slowly lower these checking tolerances until you find a sweet spot for each individual check. Do not just set every check to kick on 1/4th the default!
    • 1st Threshold kicks, but requires player to have <91ms Ping and server to have 19.5+ TPS
    • 2nd Threshold kicks, but requires player to have <250ms(or 200) Ping and server to have 19.5+ TPS
    • Final Threshold is AAC's default kick threshold. It does not have conditions and is a "catch all" for high ping hackers and ping spoofers. Consider putting a requirement for 15TPS on this threshold and/or raising its kick value slightly to add further tolerance for potentially laggy players.
    > See next post in this thread for example ladder settings.

    > If you are too skeptical about the lower kick values, use the "aacstaffnotify" command in place of the aackick command for a few days until you have a good feel for each check's tendencies.
    Code (Text):
    8: "ccmd {player} if -ping-<91&-tps->19.5 do aacstaffnotify {player} tripped first conditional threshold and would have been kicked! Maybe a hacker."
    > Checks that will not accidentally kick due to lag have no ladder.
    • Headroll | Critical | Nuker
      • By design are technically safe to kick on 1-2 detections, but just stick to the default.
    • Feel free to increase the 19.5 TPS requirement if you're confident your server runs 20 TPS, 24/7/365. You already know the conditions will fall on the client 99.9% of the time, so might as well be 100% sure. Mine is set at 19.7 TPS.
      • Do not lower or remove the TPS requirement because your server has poor performance! You would be throwing out the entire purpose of this guide and start kicking innocent players!
    • Save CPU! Turn off any and all checks you don't need for your specific setup/server.
      • Example: If you have a server dedicated to 100% PvP in a defined arena, you don't need the checks for FastBreak, FastPlace, Nuker, Jesus, etc.
    • Get Orebfuscator! AAC does not block x-ray hacking. Orebfuscator is best in class and free!
    • Get AACaddition Pro! This affordable and independently supported addition to AAC adds more checks, including those nasty inventory hacks.
    • This is a generic information guide for most server types. For a higher degree of customization, current recommended setup thresholds and/or a custom tailored AAC config, please see my Oᴘᴛɪᴍɪᴢᴇᴅ AAC Sᴇʀᴠɪᴄᴇ.

    Fʀᴇǫᴜᴇɴᴛʟʏ Asᴋᴇᴅ Qᴜᴇsᴛɪᴏɴs
    Check FAQs before you post your question/problem in the discussion. The FAQ will cover 95% of questions.
    Q: Why do I keep getting false kicks?
    A: Stay up to date with each AAC update and make sure you check for config updates with each AAC release. You will have issues if you update the resource and not the config!
    >> AAC Config Revision History <<
    A#2: If you are up to date, look in your AAC logs to see what they were kicked for. Was it a kick level you modified below AAC's default? Not all checks should be lowered with ping checking. Some AAC checks are also high due to the sensitivity of the specific check. Set it back to default and report the false kick issue on AAC's Issue Tracker if it still occurs.
    A#3: If you are losing interest in setting this up with trial and error, try out my time-tested values available with no effort on your behalf from my Config Service.

    Q: Can you send me your full config to copy/paste?
    A: I do not post a full config since my AAC is extremely custom tailored to my server and AAC's config changes 2-3 times a week. If you want a custom built AAC config, I provide that service here.

    Q: Hackers aren't being kicked! Why did you break my AAC?!
    A: 1) Check your AAC logs to see what thresholds they tripped and for what hack, 2) Check your console logs to see if the Conditional Command put out errors when attempting to run, 3) Did they even meet the conditions when tested? CC will tell you if the user did not meet a condition. If you still have no clue, let me know and I'll help you out, 4) Did you even install the Conditional Commands resource?

    If this was helpful to you, a positive rating would be appreciated!
    Thank you for reading.
    #1 Celebrimbor, Dec 18, 2015
    Last edited: Nov 6, 2017
    • Like x 22
    • Winner x 13
    • Useful x 6
    • Informative x 4
    • Funny x 2
    • Creative x 1
  2. Celebrimbor


    Tʜʀᴇsʜᴏʟᴅ Lᴀᴅᴅᴇʀs
    Below are some example threshold ladders. Use these as a starting place to copy into the "violations to command" section in each AAC hack check and tailor based on your experience. These are generic example/untested thresholds and may be considered obsolete. Use at own risk!

    For current and optimized ladders and/or custom configs for your server, please consider my AAC Custom Config Service in the "services forum".
    Code (Text):
          7: "ccmd {player} if -ping-<91&-tps->19.5 do aackick {player} Impossible angles in attacks"
          9: "ccmd {player} if -ping-<250&-tps->19.5 do aackick {player} Impossible angles in attacks"
          12: "aackick {player} Impossible angles in attacks"

          6: "ccmd {player} if -ping-<91&-tps->19.5 do aackick {player} Shooting arrows too quickly"
          9: "ccmd {player} if -ping-<250&-tps->19.5 do aackick {player} Shooting arrows too quickly"
          12: "aackick {player} Shooting arrows too quickly"

          14: "ccmd {player} if -ping-<91&-tps->19.5 do aackick {player} Moved unexpectedly"
          24: "ccmd {player} if -ping-<250&-tps->19.5 do aackick {player} Moved unexpectedly"
          30: "aackick {player} Moved unexpectedly"

          30: "ccmd {player} if -ping-<91&-tps->19.5 do aackick {player} Moved too quickly"
          40: "ccmd {player} if -ping-<250&-tps->19.5 do aackick {player} Moved too quickly"
          55: "aackick {player} Moved too quickly"

          8: "ccmd {player} if -ping-<91&-tps->19.5 do aackick {player} Forcefield detected"
          11: "ccmd {player} if -ping-<250&-tps->19.5 do aackick {player} Forcefield detected"
          14: "aackick {player} Forcefield detected"

          8: "ccmd {player} if -ping-<91&-tps->19.5 do aackick {player} Not taking knockback"
          10: "ccmd {player} if -ping-<250&-tps->19.5 do aackick {player} Not taking knockback"
          16: "aackick {player} Not taking knockback"

          12: "ccmd {player} if -ping-<91&-tps->19.5 do aackick {player} Hitting too far away"
          19: "ccmd {player} if -ping-<250&-tps->19.5 do aackick {player} Hitting too far away"
          28: "aackick {player} Hitting too far away"

          10: "ccmd {player} if -ping-<91&-tps->19.5 do aackick {player} Not swinging arm"
          16: "ccmd {player} if -ping-<250&-tps->19.5 do aackick {player} Not swinging arm"
          22: "aackick {player} Not swinging arm"

          4: "ccmd {player} if -ping-<91&-tps->19.5 do aackick {player} Using items too quickly"
          7: "ccmd {player} if -ping-<250&-tps->19.5 do aackick {player} Using items too quickly"
          9: "aackick {player} Using items too quickly"
    #2 Celebrimbor, Dec 19, 2015
    Last edited: Dec 22, 2016
    • Like Like x 3
    • Funny Funny x 2
    • Informative Informative x 1
  3. Great guide! I'll use it on my server and give feedback if anything is wrong.
    • Winner Winner x 1
    • Friendly Friendly x 1
    • Optimistic Optimistic x 1
  4. Celebrimbor


    Awesome! You're #1. Don't think I don't know what I'm doing either. I've been an AAC user since it was released in the market. :)
    • Like Like x 3
  5. Please note that Minecraft ping results are fairly inaccurate.
    • Agree Agree x 1
    • Useful Useful x 1
  6. Celebrimbor


    Which is why there is a fail-safe threshold installed. Eventually everyone gets caught!

    Odds of a legit client having artificially low ping the entire time they are coincidentally creating excessive amounts of false alerts would be a one in a million situation...

    Additionally, 1 aackick does not constitute a ban, so this golden unicorn scenario would need to occur 3 times in 1 day to really be considered a REAL punishment.
    • Agree Agree x 1
  7. Excellent and useful guide! This definitely deserves more attention. Now I can set-up more accurate checks with taking ping and tps into account! Thank you for this.
    • Like Like x 1
  8. This is the best config I've ever seen for an anticheat plugin. Thanks to you I am buying AAC right now :), the perfect solution for cheaters with this config..
    • Like Like x 2
    • Useful Useful x 1
  9. Celebrimbor


    @konsolas likely created Conditional Commands with AAC in mind. It is linked on AACs page. I think AAC's approach is more about leaving it up to the users. Konsolas just gives the default limits.

    It would be rough for him to build it into AAC because every server is different. Some users might have a server that runs around 18 TPS 24/7, and this setup would be a waste.

    Idk, just thinking out loud. :p
    • Like Like x 1
  10. Celebrimbor


    If anyone using this setup successfully tries a more strict setup, let me know.
  11. SpacePuppeh


    It'd be nice to add an optimized guide for servers running closer to 20TPS, but do not plan to use an additional plugin? I'm personally on the fence about it.
  12. Celebrimbor


    Because it takes another plug?
  13. SpacePuppeh


    Yeah, and others might want a quick enhancement to their plugin without adding another plugin. Just an idea.

    Edit: Also clients can fake ping... so if they learned that, it could make it more forgiving than otherwise.
  14. Celebrimbor


    You can't lower AAC thresholds without conditions. You would kick players that have bad ping. It required both good ping and TPS.
  15. Celebrimbor


    I explained the ping spoofing in my guide. Why the last threshold will catch them anyway.
    • Agree Agree x 1
  16. Celebrimbor


    You realize that even worst case scenario, the default AAC kick threshold is still there. You must have overlooked that.
    • Like Like x 1
    • Agree Agree x 1
  17. Celebrimbor


    Updated to AAC v.1.9.7-b10
  18. I have been using on my server for the past few days now and it seems to be working pretty well while 45+ players are on.
    • Informative Informative x 2
  19. Celebrimbor


    Awesome to hear! Feel free to play with extra, more extreme tolerances. With a /aacstaffnotify only of course. Just to see how strict it can safely go for <91 ping players.

    Please let me know what you try and how it turns out! :)
  20. Celebrimbor


    Please read ALL of the overview CAREFULLY before purchase!
    By downloading this plugin you confirm you have read the entire overview, and you agree to the ToS below.

    Version Compatibility
    AAC is only compatible with MC 1.8, 1.9.4 and 1.10 (see "Dependencies" below for correct version)
    AAC does not and will never support 1.7 or 1.9.2

    AAC Support
    AAC is currently undergoing a large rewrite and a lot of this page is outdated. Please see the following:


    What is AAC?
    AAC is a complete anti-cheat solution for servers blocking every major combat hack, and many others. Here is a video showing AAC vs. the hacked client Wolfram:

    Please note, the test server should be used to properly evaluate AAC's capabilities.
    What can AAC do?
    Currently, AAC protects your server from the following hacks:

    There are videos showing client X bypassing AAC!
    Not on an actual copy of AAC with a fully default configuration. For example, a popular client called Hybrid seems to be boasting bypasses that I have tested, but the majority of which do not work at all. I urge you to test any "bypassing" clients on test.kons.co, as that is the only public server with a guaranteed default config, and the latest public version of AAC.

    But wait, I heard that AAC's killaura detection is easily bypassed!
    That strongly depends on how you define "bypassed". What you won't find if you're running AAC is any killaura that gives the user a significant advantage. Any good "smooth aim" or "triggerbot" is undetectable, no matter what anyone tells you. It's also basically useless, no matter what anyone tells you.

    CONFIGURABLE - AAC has a comprehensive configuration file. You can enable or disable any component in AAC, you can change how each one works, and you can change the thresholds they work with. If you want unnoticeable, automated hack detection, AAC can do that. If you want tons of information to report to staff to catch hackers faster, AAC can do that too. If you have a lot of staff, and want something to just alert staff, AAC can do that as well. Want to see the config for yourself? https://gist.github.com/konsolas/67108a5d48a90fa6964c

    Want to excecute commands based on certain conditions? Check out https://www.spigotmc.org/resources/conditionalcommands.14295/

    AUTOMATED - AAC has a fully automated punishment system. After AAC is certain a player is hacking (the lenience can be configured), the player is automatically kicked. After a configurable number of kicks, that player is automatically banned. Both auto-kick and auto-ban can be turned off completely.

    VERBOSE - AAC can give detailed information about suspected players to staff. Staff with the permission ‘AAC.notify’ are notified whenever a player is suspected of hacking, but has not been automatically kicked. AAC saves a log file of every failed check, kick and ban. If a player gets kicked, the log file will show the details of why they were kicked. This enables staff to check all the reasons a player was kicked for. Staff with the permission AAC.verbose get to see every detail of AAC's internal workings.

    LIGHTWEIGHT - AAC is relatively lightweight. All entities used for Forcefield detection are client-side, meaning the server never needs to process them. However, keep in mind that AAC does need to process every movement by every player on the server, so it will be by no means completely unnoticeable.

    UNIQUE BUILD FOR EACH VERSION - AAC is made for Minecraft 1.8 or 1.9 or 1.10. Other anti-cheat plugins like NoCheatPlus are full of obsolete checks to maintain compatibility with older versions from years back, and many of the checks are not applicable to modern hacked clients. Everything in AAC is relevant and optimized for the latest, unique version of Minecraft and Spigot running on your server.

    KILLAURA DETECTION - AAC's Killaura detection *doesn't* suck. AAC has 8 ways of detecting forcefield, and it successfully blocks advanced clients. Hackers are detected even if they limit their FOV, hit with random intervals or try any other tricks. Practically every public client in existence is blocked.

    GUI - AAC has an easy to use GUI so that your moderators can easily manage output sent to them, check statistics on possible hackers, and enable or disable checks in real time, whilst the server is running.

    ANTI-SPAM - The Spam check in AAC is most certainly not an afterthought. It both less intrusive and faster than many other plugins. Despite not being a solution for ads/swear or the like, it really is an effective solution to stop spammers.

    Still not convinced?
    Here’s the IP for a test server, which you can join and try out AAC for yourself. The only change made to the default configuration is ban_threshold: -1 to disable auto banning.



    To run AAC, you should be using a Spigot server with Java 7+

    Server Version
    AAC has 3 unique version builds for MC 1.8, 1.9 and 1.10. You can download the latest version jar for your server from AAC's "Version History". The "Download Now" button may not be the correct build!
    • 1.8.8: AAC v1.9.10
    • 1.9.4: AAC v2.0
    • 1.10: AAC v2.1
    AAC requires ProtocolLib to run as a large amount of its work is carried out at the packet level. You must download the correct version for your server:

    AAC is compatible with:
    • mcMMO
    • EnchantsPlus (Please note, the author of EnchantsPlus provides this)
    • Vein Miner (2008Choco)
    AAC may be incompatible with:
    • Any plugins that affect block breaking speed (TokenEnchant, etc.)
    • Any plugins that damage other entities for a player (kitpvp abilities)
    • Any sort of protocol hack
    • Any plugins that affect block interaction out of a player's line of sight.
    • Item Attributes (for now)
    • Bungeecord tab list/nametag plugins
    • PerWorldPlugins
    • Other plugins that make players seem like they're hacking
    • Non-vanilla enchantments
    AAC may be compatible with TokenEnchant if use_explode_event is set to true.

    Download both AAC and the correct version of ProtocolLib and put both in your plugins folder. AAC requires an active internet connection, and the ability to connect to cloudflare to start up correctly.


    AAC does not have false kicks. The configuration is there for you, and AAC can always be configured to work without false positives.

    When you first install AAC, make sure you and your staff have the permission node ‘AAC.notify’. This will allow them to view AAC’s notifications of possible hackers. In the unlikely event that you do get a false kick, you can increase the ‘threshold’ value of the check they were kicked for, or just change it to -1 if it becomes a problem.

    Here's the current AAC configuration, it will be kept up to date so watch the revisions: https://gist.github.com/konsolas/67108a5d48a90fa6964c


    Developer API
    AAC has an API, here it is:

    Skript bindings
    LargeSk by @Nicofisi is a Skript addon which allows full control of AAC's API (spoiler above) via Skript.

    • AAC.bypass: op. Bypass AAC's checks
    • AAC.verbose: op. Receive detailed information on suspected players
    • AAC.unban: op. Unban players banned by AAC
    • AAC.ban: op. Ban players
    • AAC.kick: op. Kill, kick and broadcast a message.
    • AAC.admin: op. View the admin control panel
    • AAC.debug: op. Debug a player's actions.
    • AAC.notify: op. Send/recieve staff chat and aac's notifications

    • /aackick [player]: kick kill and broadcast a message
    • /aacunban [player]: unban a player banned by AAC
    • /aacban [player]: Ban a player
    • /aacadmin: view the admin GUI
    • /aacreload: Text-based reload without the GUI
    • /aacdebug [player]: Save a detailed log file of what that player is doing
    • /aacstaffnotify [message]: Send a message to all people with the AAC.notify permission. Will be called by the staff chat prefix.
    • /aacmessage [player] [message]: Send a message to someone starting with the prefix defined in language.yml
    To-do list
    If something you require is not on this list, please say so in the discussion (order 1st = highest priority):
    • Improve movement checking
    • Support item attributes
    • Add some more features to the killaura check
    If you require any assistance with AAC, please complete the following steps, then send me a PM:
    1. Stop your server completely, delete AAC and ProtocolLib
    2. Redownload both from this page, and the link I provide on this page
    3. Place them both back into your plugins folder
    4. Start your server again.
    5. If the problem is still there, PM me.
    By downloading this plugin, you agree to the following:I'm about to leave a review!
    Awesome! I love reviews. However, if you have a problem using AAC, the reviews section is the last place to go, please PM me instead. If you want a feature, this definitely isn't the place for it. Please put feature requests in the discussion.

    If you want to be heard, use the contact methods listed at the top of this Overview.
    #20 Celebrimbor, Dec 22, 2015
    Last edited: Dec 22, 2016
    • Informative Informative x 1