Help with blocking VPNs and UUID ban bypassers

Discussion in 'Spigot Plugin Development' started by EpicBlue11, May 16, 2018.

  1. Hey, so I'm working on a banning system for a server I'm helping develop and I'm trying to make my system as secure and stable as possible. That being said I am looking for a way to block both VPNs (or other methods) bypassing an IP ban and certain programs/hacks being able to bypass a UUID ban. The problem is, I don't know where to start. Does anyone know how I can make IP and UUID bans more unpenetrable and/or harder to bypass?

    Thanks for any help, suggestions or ideas :)
     
  2. How it works the UUID bypass hack?
     
  3. If someone has a VPN and an alt account, theres almost no feasible way to detect them. The only thing I can think of is building a custom MC client that users of your servers must use to connect. Truly hope someone can prove me wrong, but if its a different UUID from a different IP, with no local access/cookies, not sure how we can do that.
     
    • Agree Agree x 1
  4. You can't bypass a UUID ban without getting an alt.
     
    • Agree Agree x 1
  5. as far as I know there are no ways to bypass an UUID ban other than using alternate account unless your server is cracked
     
    • Agree Agree x 1
  6. Appreciate the responses; as far as the UUID bypass hack goes, I've experienced something happen in the past where a user was banned as continuously kept rejoining with the same username and we couldn't get rid of him until we IP banned him. There might be something else I was overlooking that made this possible within the server, but I'm not sure as it was years ago. Furthermore, I really hope there is a way I can detect if a player is using a VPN with or without an alternate account...
     
  7. The only way to detect a VPN is some service which may be paid or free. Just look around on google and find one that is cheap and fits your needs.
     
    • Agree Agree x 1
  8. Faulty ban system or the ban wasn't saving correctly, or it was a cracked server.
     
    • Agree Agree x 1
    • Useful Useful x 1
  9. Unless you can find an exploit in mojangs client side code to let you execute code on the client, then get some windows license or something and check that - then you're out of luck. Theres a reason even the massive servers cant block people using alts and vpn's
     
  10. Or multiple accounts where he changes the name to the original one.
     
  11. Problem with that it's 38 days to change ur name to someone else's old ign
     
  12. After you change your name, no one can take that name for like 2 months
     
  13. Oh I see


    Sent from my iPhone using Tapatalk
     
    • Funny Funny x 1
  14. Exactly what I said
     
  15. Your post wasn't there when I was typing my reply, our posts were like 3 seconds apwrt
     
  16. Oh, that makes sense
     
  17. MiniDigger

    Supporter

    that means that you didn't properly firewall your servers and he just used his own bungee instance to spoof his uuid.
     
  18. There's no way you can be certain that someone is using a VPN but you can use an API like this person did for his plugin: https://github.com/MatthewSH/spigot...m/matthewhatcher/vpnguard/Utils/WebUtils.java called vpn guard
     
    • Useful Useful x 1
  19. have already used that antivpn and the truth has not worked for me, Plugin failed the first time with a hotspot shield and it is not free you have a small number of detections apart with a simple bot attack you will finish your test
     

Share This Page