In the past seven days 35 players have been banned from the DvZ server I moderate. Last month a total of 56 players were banned for hacking, an increase in players banned for hacking/cheating/using mods by 150% in one week.
Quote from "RawTech" »
I feel like I need to clear some things up here. While "hacking" in the minecraft sense is not typical of that used in the computing industry. It is just a term used to illustrate what can only be described as script kiddies using downloaded client side mods to intentionally act maliciously against a server and/or its community. While I have had multiple attempts at "real hacking" against my server network none of which have being successful, I still think that the term can be used to describe what is going on in the minecraft community.
MCBans, Rawtech (Rawtech Network) and MrApple (Overcast Network) have all reported increases in percentages of players cheating/hacking/using mods.
The hacks we've been seeing players use most commonly are Flight, Speed Hack and High Jump/Super Jump. Movement mods.
Last Friday all of the plugins on the Rawtech Network were updated including NoCheatPlus, BanManager and Bukkit. Since then we've been having errors with the permissions in BanManager where we are unable to ban certain players and players that are already banned may rejoin the server. This hasn't been the cause of players returning to the server and hacking again. While unable to ban players a message will appear informing us of whether or not a player has already been banned. None of the players that we attempted, and were unable, to ban had been previously banned for cheating. So you may also want to think about rolling back BanManager on your own servers.
Some players have suggested the updated NoCheatPlus has created openings for people to sneak past its cheat detection and that the notifications in NoCheatPlus aren't working properly. It may be wise to turn on NoCheat notifications for your staff members until this surge in hacking activity dies down.
Quote from "RawTech" »
Additionally some people seem to think that NoCheatPlus, which I use on every server on my network, is automatically banning players. This is not the case. Depending on toe configuration NoCheatPlus can only be used to prevent hacks and notify the moderation team in real time or in a log format on anything it detects.
A lot of the recent surge in bans, on my network at least, have being flying or walking speed modifiers. Something that really should be relatively simple to detect on the server side. While I have witnessed first hand people blatantly flying and using fly speed mods with enable-flight: false in my server properties combined with the NoCheat software. I am, to be honest, shocked that they are not being detected automatically and adding to the logs.
We also discussed the possibility of a new mod having been developed/released that players may have started using, though at this time we have no knowledge of such a mod existing. There's also the possibility of players using Nodus while they still can as development of the client has ceased but that doesn't explain why the notifications would suddenly cease.
It is also possible that the reason is as simple as more people have been playing on Minecraft and on the server. In the last week we've also seen an increase in active players by over 1000. Summer vacation in North America is starting as is the half term in the UK.
Quote from "RawTech" »
It could just be the possibility of the recent wave of kids leaving school for the summer. But then why would that suddenly allow the bypass of the vanilla no fly system which warps the player back to the ground as soon as unusual activity is detected.
I appreciate if anyone has any insight into this issue.
Yeah. Most of the time the individual does not even know how to DDOS.
Actually, every time it happens, the server has gone down when we tell them to go away. I fear there is a new minecraft hack or some little tool that the script kiddies have stolen to DDOS. Though I believe that that it only can DDOS till the server is down, not a continuous attack that keeps it down..
Bukkit should try to figure out a way to stop DDOSing from their servers, if it is possible. I know it's virtually impossible to see, but it would be nice to find a way.
It isn't possible, it is not a "client side" problem that can be corrected by software, it all happens on your ISP's side of your router. Take the good old "ping" function built into all routers, I send it four tiny packets of bits and it automatically sends them back to me to let me judge how fast and clear the connection is.
But if I and several other computers I control all ping it hundreds of times per second then it does not have time to do anything else except answer my useless requests to send my tiny packets back to me. By default it is programmed to answer my ping request first before dealing with your traffic so you end up either extremely laggy or shut out altogether.
That is how a DDOS attack works, multiple computers working together to flood the target server with so many useless requests, ping, http status acknowledgements, etc. that the server cannot process the other legitimate requests.
A small scale server I moderated a while back had a sudden raid of hackers similar to this. Apparently the server had been posted on some kind of hacking forums because one of the users that got banned for flying had posted it there telling people to come grief on it. Perhaps the same thing happened here.
Or maybe it's just because you have so many new players, and with them come so many new hackers.
Also are you actually seeing the people hacking or just trusting plugins like NoCheat?
Depending on toe configuration NoCheatPlus can only be used to prevent hacks and notify the moderation team in real time or in a log format on anything it detects. Currently on the server it is used to keep a log, the moderation team has to visually confirm that the player is cheating before the player can be banned.