Would it be possible to use RSA keys or some other form of public key/private key authentication to prevent hacked clients from joining servers? I have absolutely no experience with Java, so I don't know how easy it would be to "hack out" the RSA key and use it in the hacked clients... but it seems like a viable option for now. Or maybe the server could run an MD5 checksum of the client and it could be verified that way?
Or maybe it'd be easiest to autoban people who move upwards more than two blocks when not in water? That would take out a bunch of hacked clients.
Oh, and an idea for griefers...
Before a voteban can occur, the player must be votekicked.
Lower the requirement for a voteban to be... +2 votekick or something similar.
A voteban would also ban the IP address of the player for 48 hours.
That would prevent the same person using multiple player accounts to harass a server. After 48 hours, the ban would be lifted and anyone with that IP would be allowed back in. However, the ban on the account would still exist. This would allow people with dynamic IP addresses to not be randomly banned from all the servers (say if someone in the same range was assigned the banned IP address) but would prevent account hopping. Maybe in the bans file, you could have a timestamp for ban removal listed after the IP address and when that time passes (the server could check every 15 minutes or so), it would remove that IP ban.
I'm thinking that would make the whole game easier and more secure.
The way the hack works is by changing the gravity variable to fly, you set it as >0 and to fall you set it as 0 = kick
But then on second thought, I don't know how jumping works... that might set the gravity variable to >0...
Either way there will always be a work around be resetting a variable in the client to make it think that an action that's happened, hasn't happened.
Also, the hacked client is actually the official client with a third party tool that changes the variables. So it would pass any checksums and authentication keys.
Or maybe it'd be easiest to autoban people who move upwards more than two blocks when not in water? That would take out a bunch of hacked clients.
Oh, and an idea for griefers...
Before a voteban can occur, the player must be votekicked.
Lower the requirement for a voteban to be... +2 votekick or something similar.
A voteban would also ban the IP address of the player for 48 hours.
That would prevent the same person using multiple player accounts to harass a server. After 48 hours, the ban would be lifted and anyone with that IP would be allowed back in. However, the ban on the account would still exist. This would allow people with dynamic IP addresses to not be randomly banned from all the servers (say if someone in the same range was assigned the banned IP address) but would prevent account hopping. Maybe in the bans file, you could have a timestamp for ban removal listed after the IP address and when that time passes (the server could check every 15 minutes or so), it would remove that IP ban.
I'm thinking that would make the whole game easier and more secure.
Quality of output = Skill * Effort
But then on second thought, I don't know how jumping works... that might set the gravity variable to >0...
Either way there will always be a work around be resetting a variable in the client to make it think that an action that's happened, hasn't happened.
Also, the hacked client is actually the official client with a third party tool that changes the variables. So it would pass any checksums and authentication keys.