AntiCheat suggestions.

Discussion in 'Spigot Discussion' started by Elevated, Jan 4, 2020.

  1. The AntiCheat is now ready and has been tested on a large-player-platform and it seems to be performing exactly like expected. There are no lag issues and barely any false positives. I will be making a selling resource soon when I get the right spigot-stats to be able to actually sell plugins.
    • Like Like x 1
    • Funny Funny x 1
    • Optimistic Optimistic x 1
  2. Hey i have an idea for a feature,

    Make a way to see what client they are on eg Vanilla or Forge etc etc and then make a way to block some clients that you dont want on the server. yes this suggestion would be able to be bypassable but it not every client has a way to spoof what client you are on.
    • Like Like x 1
  3. hacked clients certainly don't flag themselves as "H4ck3d Cl13nT!!11!!" and Forge is completely unrelated to Spigot. Also, what are you asking for, a ban plugin?

    You also need to publish 3 free resources to be able to sell.
  4. You'd be amazed at how many crash chests I see with "Jigsaw" in the name.
  5. Wow, I'd never have thought.
    Even though it should not be the main method of detecting a hacked client, this is a totally dumb move from client developers, lol.
  6. Yeah, checking strings is a terrible way to determine if someone is cheating. By that logic, I guess that if I sent a custompayload packet with a string that said "Vape" then that guarantees that I'm cheating. And even if you have it so that it prevents those players from joining, there are a handful of other easily accessible clients out there that don't do that silly stuff.

    The best way to detect if someone is cheating is to check if they actually are cheating.
    • Agree Agree x 2
    • Informative Informative x 1
  7. I might make a feature that gets all the player's mods, I will look into that.
  8. You can get a player's mods through spigot-packets. It's really not that big of a deal and people have been doing it for ages. But yeah, clients usually disguise themselves as legit mods. Keep in mind that my detections are not based on the mod's a player is using though.
  9. There already exists a plugin that does exactly what you describe. It’s called HackedServer. It tells you whenever someone logs on with a modded or hacked client and even tells you what mods they’re using. Of course, it doesn’t catch every mod or client, but it’s better than nothing. It also detects WorldDownloader, which is one of my favourite parts of it. I know it’s not related to cheating, but I wouldn’t want people to download the worlds on my servers as I don’t want them to find strongholds, dungeons, ores, etc., and I don’t want them stealing builds such as the spawn hub.
  10. What if I have like a command that basically shows all the mods that a player logs into, and have a config option which sets a list of illegal mods and if a player logs-in with them, they get a certain punishment set in the config? It sounds more customizable than "HackedServer" and you will also not need anything external for it such as protocol-lib as I have my own packet-system.
    • Agree Agree x 1
    • Optimistic Optimistic x 1
  11. SpacePuppeh


    If you do it by detecting their actions (using packets and other things) without using the string (such as "Vape") I think you'd have a much better attempt at accuracy.

    But, this sounds hard! How well do you think it'll work, and how can you reasonably identity which speed hack is from which client? Or, will "speed hack" be its own category of hacks, and not detect the name of the client used? I think the latter would be better.
    • Creative Creative x 1
  12. TBH it would be better to just check for general speed hacks rather than trying to identify which specific client the player is using. Personally I find it more efficient and effective to focus on putting limits on what the client can do and how it should behave as this is a permanent solution, rather than to focus on looking for specific instances of cheating such as looking for trivial patterns in data.
  13. SpacePuppeh


    I agree with that too, something like NoCheatPlus is what I am looking to replace, and one made like that would be nice.
  14. I am not aiming to detect speed hacks by using strings, that's just impossible or even just dump. And there's a way to get all player's mods just by using the packet "PacketPlayInCustomPayload" so no, it really will not be hard to do. And I really do not need any "specific" checks for things such as speed. I just remade Minecraft's movement into a check and it really detects anything that would give the player any boost of any sort. Finally, you really do not really need any trivial patterns when it comes when it comes to checking. The most pattern-like checks I use for my project are autoclicker checks and even then, there's a reason to why those "patterns" work. Even for AimAssist/AimBot, I don't use patterns, I use methods such as the player having an inconsistent sensitivity (impossible) and his rotations not following a specified grid.
    • Funny Funny x 2
  15. That is not how you get their mods but aight
    • Agree Agree x 1
    • Agree Agree x 1
  16. Here is my unbiased & honest view:

    You have a small/medium/big server with not complicated gameplays, get Spartan.
    Why? It's simple and will barely need configuration modifications.

    You have a massive server or a server with complicated gameplays, get AAC.
    Why? You can be very specific with the configuration and address many kinds of problems caused by your gameplays.

    If you want to go free, there is NPC. However, please don't spam us with how well-coded it is, and how many true software engineers have worked on it, and how close the calculations are to physical laws. We truly don't give a penny of a damn, NCP has always been the good bro everyone liked, so don't ruin it.

    Lastly, with only 999$ per day, I can be your own anti-cheat and power myself with caffeine, so I can be 24/7 in your server and actually catch the living hack out of everyone. No anti-cheat can compare with a human on caffeine. ;)

    Small: 0-50 Players
    Medium: 51-100 Players
    Big: 101-500 Players
    Massive: 500+ Players
    (Then there's Hypixel with freaking 65k players, lol)
    #37 Vagdedes, Jan 24, 2020
    Last edited: Jan 24, 2020
  17. rotations following a specific grid
    what if the player is using trackpad? that's a false positive, since with trackpad you can rotate in a very repetitive pattern (unfair punishment for laptop users)
  18. Its a fucking joke...

    How I detect Aura in a nutshell:

    Squated distance and vector mapping for reach, Yaws and pitches for bad clients, UseEntity packets for.a bir more advanced auras.
  19. First of all, that's not how you detect reach. To detect reach you would need to use a hitbox method as by mouseOver in the game. Just having a squared distance using vectors won't really detect any low levels of reach accurately, and my check detects everything above the legit amount without even needing a hard lag check for players. Not only supposively bad clients flag for yaw/pitch values, and lastly, the packet order checks I mentioned use UseEntity when it comes to detecting Aura, and again, that method is just used to ban for bad clients almost instantly, it's really not something you should rely on. Please don't try and call me out for "bullshit" if you have no idea of what you're talking about.

    No actually, the game filters every rotation a specific way and there's only a range of specific values you can achieve with any aiming method. The only thing that could theoretically false my Aim Check is cinematic camera but I have that fixed. So no, just by game mechanics that's not something a legit player would flag.

    My goal is to have something that doesn't effect gameplay in anyway, is cheap and can be used by anyone by not adding specific additions to the plugin all that while being able to be used by any kind of server without a problem . See, as my plugin has it's own packet system / packet handling system. Plus, most anti-cheats in the spigot community are not built on the actual game. They are random debugged values that normally don't have any real sense behind them.

    And from what I've seen, all of them are heavy on performance and really don't do what I am doing with my anticheat. And no, its really not that hard to make an anticheat if you just know how the game works. And keep in mind, this is not the first anticheat I am making and I have a wide set of knowledge by working by many people before considering publishing one for spigot.