[represent]
Nodus: Cannot be blocked unless staff is staring at the hacker. Nodus exploits what the client is capable of and what the server allows. E.G wall-hacks, the server automatically sends the data about the surrounding area to the client, but nodus will take the information about another player and show it on the client. This is all client sided and there is no way to counter it. This is one example of the many *ghost hacks* nodus has to offer.
Xrayers: Oreb usually does the trick for that, there's no reason that shouldn't work unless its outdated. Oreb tells the client to render blocks that shouldn't spawn until actually looking at the block. Xrayers are also, very newby at xraying, and it makes them very easy to find. Look at the potential Xrayer's mine, if it goes direct, and isnt really a branch mine, you have yourself an xrayer. For mines that are less complex but you still notice an extreme amount of diamonds in the user's chests, it is safe to assume he's an Xrayer.
Fly hacks/speedhacks: Flyhacks, traditionally, is not a ghost hack, it sends very abstract packets to the host to not be on the ground. Unless the server/no cheat itself is hacked, you should have no problem detecting these hackers. Sometimes they can fly hack half a block from the ground, but that ONLY SUPPLIES an aesthetic/cool factor to the player, I would still ban someone like that.
Ghost fly hack/speed hack: There is a ghosthack version of flyhack that seems to be a new trend. It doesn't not allow the player to actually fly, it just gives an enhanced third-person perspective. They cannot use this flyhack past a certain distance because the server will deny to render it. You don't really need to worry about that hack too much.
Kovu's two cents:
Countering them can be a difficult feat. For example, a coder could add a BBox to water, and have 2 water buckets, and use that as a "fly", making a toggle to quickly place and take up them. There's not an easy way to counter these types of cheats. (It's not a hack, hack implies that the "hacker" broke into the server and modified the server files). The only way you could counter that type of cheat would be to verify that the BBoxes were not applied to anything that they weren't supposed to.
Another possible one would be a "minecart" cheat. This one would be easier to go against. Minecarts are entities, which allows the server to put a timer onto the amount of Minecarts placed per second. (MPPS). If the MPPS is too high, say, over 2 a second, then it could kick, ban, or mute the user based off of the offence.
Flyhacks are obviously quite difficult to deal with. The simple, obvious ones, (such as simply setting the Y value), are easily detectable by something such as NoCheat, or a plugin of the sort. However, if the Flyhack incorporates items built into the game, it's much harder to create something that fights it.
Here could be some pseudocode for a anti water flyhack:
if(BBox.isAppliedTo == Block.Water)
{
BBox.removeBB(Block.Water);
}
else
{
return;
}
Of course it'd have to be applied a bit better, but that'd be the basic idea.
As for the minecart one, there's already plugins that stop that sort of thing. NoCheat can limit the amount of entities placed at one time, so it could be easily modified to incorporate minecarts.
public void minecartDetect(Item i)
{
if (i.getIndex == Item.Minecart.getIndex)
{
if(timer < 5F)
{
denyPlacement();
}
}
}
Again, just some pseudocode, but you can get the idea based off of that.
If you're interested in creating the BEST anti-flyhack plugin then you MUST be able to think like the "bad guys". You have to be able to think about what possible ways the could add, as well as any mechanics within MineCraft default that could be exploited.
That is all.
-Kovu
Force Ops(PATCHED 1.3.1): Hacking op is relativaly easy on a server. There is a Nodus Client known as SessionStealer which can take your minecraft.net session and execute commands on a server from your account. You can counter this by not joining servers people tell you to join unless you completely trust them. If you go direct from your server to this hacker's fake server, he will steal your session.
NCP (stability)
As far as No cheats plus goes; In general it is semi-stable and the majority of warnings are fake. NCP tells you when an abstract data(stream) is sent to the server. Usually this is caused by lag but in a few incidents it is a legitimate hack. You can confirm this as a hack if:
1. the violation level (VL) is above 500
and
2. You get multiple warnings of the same hack with similar VLs
Learning what NCP warning is a hack and what isn't may take a few days to get.
Its like riding a bike.
The most recent build of NCP seems to not work properly for some servers. The "symptoms" include rubber-banding, and it not displaying warnings. I have observed this problem across multiple servers.
-Ahb363636
AntiGriefing plugins
These plugins help find the culprit of your server's griefs. They may find which player was responsible for the griefing, and rollback the specific location of the grief. I recommend CoreProtect as your antigriefing plugin. Here are some others:
LogBlock
Hawkeye
Password Security
Check this out. This is a list of the top 10k most common passwords. Change your password(s) if it on this list and you use it for your MC login, cpanel, and/or ftp. Also, use this to test your password's strength.
secure your g*dd*mn server. If you're with a reasonably reputable hosting company this should be done for you, but if you're a do-it-yourselfer, nothing is more destructive than a hacker getting ssh access to your machine and basically editing the server config right under your nose.
- Use a strong password. "password" and "omgimleet" are not strong passwords.
- If the machine runs minecraft, it runs minecraft. Not minecraft, your websites, lots of PHP scripts, and the kitchen sink. Minecraft only.
- Ditch FTP and start using SCP.
- SSH access only, and only then from your own IP range
- No HTTP at all
- No SMTP at all
- A firewall that blocks everything except those ports that need to be open, as an alternative to the above 3
-Xirian
*Drunkdevil's great idea*
for unpatchable fly you can always make parkour, with imposible part, if you win it you get into region (WorldGuard) which you can't exit! You do that with /region define Hacker (example) and /region flag Hacker exit deny.
If I helped you at all, please hit the ! - Ammarb
Depending on the reaction from the community to the post, I will try to elaborate on these anti-hacking tips and add more anti-hacking tips. If you have a good tip to share, please post it here.
For information on server advertising, see this thread.
- PoisonBerry
- Registered Member
-
Member for 12 years, 5 months, and 4 days
Last active Sun, Aug, 13 2017 19:03:47
- 0 Followers
- 38 Total Posts
- 12 Thanks
-
39
ammarb36 posted a message on Anti Hacking Tips and Tricks (updated 12/4/12)(update-list: FlyHack prevention, AntiGriefing)Posted in: Server Support and Administration -
2
Pre_Purchased posted a message on Farmland as far as the eye can see!You liar I can still see more than the farmland. So it isn't as far as the eye can see!Posted in: Screenshots - To post a comment, please login.
5
1
3
1
6
No, you're not. You got two Purple Wools while missing the Green Wool.