[ADMIN/SEC] mxAntiPVPCheat 1.11 - An approach against newest PVP Cheats [1000]

Discussion in 'Inactive/Unsupported Plugins' started by mxE333xm, Jul 23, 2011.

  1. Offline

    mxE333xm

    mxAntiPVPCheat
    Tested with bukkit build 1000​
    Important announce 3: If you experience Number-Consolespam from this Plugin please redownload it (v1.1)

    Last month this PVP-Cheatmod appeared. And it spreads fast! People using this mod have basically

    • Autoheal
    • Autoaim
    • A feature called Forcefield that auto-attacks all people in a sphere around the player without him doing something and even without him s eeing them.
    That makes them invincible and other players get bored. On this way the complete PVP-Activity on a server can get ruined.


    Also this can crash the economy on a Creative-Server. How? This allows you to farm Wool from sheeps automatically with the forcefield-Feature.

    This plugin tries to fight these Cheaters by indicating the Server administrators which player probably use this mod. How sure it is actually depends on the method used to determine whether they were cheating.

    Detecting Autoheal [Implemented]
    The autoheal-Feature of the Cheatmod allows players to use Food in their inventory to heal themselves without clicking it and without wasting possible harts. As soon as the health of the player has a value that can be perfectly healed (e.g. 15 + bread = 20) that food item is used. It's obvious that a player with a stack bread in his inventory pratically can't die.
    To fight this, it's logged how good the player heals himself in a timeframe of 30 seconds. So if he heals himself 2 times in < 30seconds without wasting half a heart (which is very hard to achive in a fight) you'll get this warning:
    [​IMG]
    If he healed a fifth time or a seventh the message is going to look like: "It's extremely probable that he uses PVP-Cheats". If the message contains got 11 perfect Heals you can be sure that he uses the cheatmod because that is just absolutely impossible to achive in a fight.

    Notice: Wasting hearts means healing with an item that regenerates theoretically more hearts than needed. So healing from 2 to 20 isn't considered to be a cheat by this plugin ;)

    Notice 2: Another characteristica of the cheatmod is that Food items get on fix places in the inventory when turning autoheal on. That will soon be used as alternative detection-method.

    Detecting Forcefield [Implemented]
    To detect forcefield this plugin counts how much times the player attacks other entities in a given timeframe. The forcefield-cheat attacks every entity in a radius of 6 around the player every Frame. That isn't possible without this cheat. So a message will look like this:
    [​IMG]
    If you get more then 1 message like this you can be pretty sure that he uses the cheat.

    Notice: Another characteristic of the Forcefield is the distance between attacked player and attacker when the attack takes place. That will soon be used as an alternative detection-method.

    Detecting Autoaim [Coming Soon!]
    Coming soon ;)

    Commands
    There are no commands at the moment. These messages appear automatically and are logged in a mxAntiPVPCheat.log - File in the directory of your Servers executables.

    Configuration
    A config.yml is generated with the default Values on the first start of this plugin.
    Code:
    # Section about the forcefield
    forcefield:
        # Autoaction enabled?
        autoaction_enable: false
        # Number of forcefield-violations (The red messages you get) to trigger this action
        autoaction_req_violations: 10
        # Command that has to be executed (without /).
        # e.g. globalban &1 Cheating or localban &1 &2  with glizer
        # &1 will be replaced through the player's name
        # &2 by a Reason-String. In this Case mxAntiPVPCheat - Forcefield - X Violations.
        autoaction_command:
    # Autoheal section, see above for info about the parameters if there is no comment
    autoheal:
        autoaction_enable: false
        # Number of perfect heals in a row in 30 seconds required to toggle this action
        autoaction_req_violations: 10
        autoaction_command: 
    Permissions
    Permission NodeFunction(Without Permissions) OP Only?
    mxAntiPVPCheat.AdminUsers with this Permission see the Cheat-Warning-MessagesYes
    mxAntiPVPCheat.bypassUsers with this Permission can cheat without being indicated.TD]Yes


    Coming Features:
    • Autoaim Detection
    • Supporting more Permission Systems
    • Arrowcheat detection
    Download
    Note: Due to some changes in the autoheal detection the values making you sure that autoheal is used have changed. Please re-read the chapter about this above or look at the adjectives in the messages ;)
    Note II: The Lag-Detection-Code is taken from the NoCheat code.
    Note III: Permissions 3.x or compatible are needed.
    Click me!

    Other Stuff:
    [​IMG] if you want to support my development activites :)

    Special thanks goes to: MiRROW :=)

    Changelog:
    v1.11 - fixed Consolespam

    v1.10 - fixed a bug in the lag-detection
    - fixed a logging bug
    - added a timestamp to the logfile entries
    - added autoaction features and a configuration file
    v1.02 - Arrows are now ignored as they aren't part of the Cheat and toggled detection.
    Older Entries: (open)

    v1.01 - Lags should not longer affect the Cheater-Detection
    v1.0 - Logging of anti-cheat-messages into a Logfile.
    v0.3 - Forcefield detection
    - Improved Autoheal-detection

    v0.1 - Initial Release
     
    zok, Codex Arcanum, Kain888 and 4 others like this.
  2. Offline

    o0AzzA0o

    I think you will find that false positives come from arrow spam :) using mcmmo to limit arrow fire rate to 350ms per arrow seems to do the trick :)

    possible to modify code to ignore arrow damage since its not related to this cheat?
     
  3. Offline

    mxE333xm

    Arrows? What? This already ignores Arrows I think. I'm using EntityDamagedByEntity event, not the EntityDamagedByProjectile Event, so that shouldn't affect it.

    It seems to do the trick or it actually does give you a messagespam?
     
  4. Offline

    o0AzzA0o

    Odd i can flag it with arrows ...... could this be related to mcMMO?

    maybe EntityDamagedByEntity picks up all damage and ByPojectile is just for seperating arrow damage when required?

    The force field cheat detection is the one thats catching the players out.... the auto heal i havent seemed to catch any out with.

    Feature request can we have a txt log of flagged events?
     
  5. Offline

    MiRROW

    fixed now, thanks

    you spelled NoCheat wrong (NoChat) btw :).
     
  6. Offline

    mxE333xm

    Strange.I'll further investigate on that topic.

    @MiRROW
    Uhhhmkay ... embarassing... *hopes that Evenprime doesn't read that*. Thanks for the hint :D

    Solved it.

    New Version 1.02
    -> Mass-Arrows are no longer detected as Cheat

    @o0AzzA0o
    Why to have such a logfile? I think the criterias for the cheat are everywhere the same ? ;)

    Looking at the autoheal: It is in the nature that autoheal isn't that much detected.
    a) Less players trying the cheat use it
    b) It has a higher tolerance because one or two perfect heals may be a random.
    -> If you use forcefield you mostly don't use autoheal as that is obsolete then
    c) You don't heal that often in figth.

    But if there are real Autoheal-Only users you can be sure they'll be catched by time ;)

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 17, 2016
  7. Offline

    o0AzzA0o

    Firstly thanks for the arrow fix :) fast and nice work.

    the reason for a log file is simple. Our admins dont cover the server 24/7 so i could check the log to see who has been flagged while no admin are on. I could then investigate those players by watching them invisible to see if they are infact using the cheat.

    what would be nicer still since not all my admin have access to console is a command like /mxcheat last 10 ---- shows last 10 flagged users.


    Btw since last update im getting more positive detections on autoheal :) this plugin has solved my worries about this threat and i cant thank you enough.
     
  8. Offline

    walkineagle

    I don't know how you blocked auto-heal and auto-aim, seeing as how their both 100% client-sided, I can see though how you blocked the force-field.
     
  9. Offline

    mxE333xm

    @walkineagle
    See the first post how it is detected. It isn't blocked as I think it's OK if it's detected. Then the admins can ban the users. But it will be toggleable in the next version whether you want the plugin to detect the cheaters or to detect the cheaters and block cheated actions.

    @o0AzzA0o
    :)

    Good idea. Comin' in the next version ;)
     
  10. Offline

    Orcworm

    Hey, plugin works well, just wondering if you'd considered directing the warnings to a seperate log rather than the main server.log? It's a little cluttered when I'm looking for suspicious players.​
     
  11. Offline

    mxE333xm

    They're already directed also in a separate log. Look for a mxAntiPVPCheat.log in the folder where your Servers executable is ;)

    Forgot to edit that in the main thread.
     
  12. Offline

    Orcworm

    Oh, that's great then, cheers.
     
  13. Offline

    MiRROW

    PVP + Server saving still causes forcefield warnings :(
    People who get two reports at the same time are mostly hacking, however even me and other people I trust sometime's get message's saying they are using forcefield...
    Maybe you could add function called AntiCheatRep or something.
    Everyone starts at 10, and one report lowers that to 8 or something depending on what pvphack they are using.
    if you login everyone can see you AntiCheatRep and maybe something like: /acr [name] and /acr top
    (top 10 most notorious users). two reports in a short time will have more impact on your AntiCheatRep.
    And a certain (toggable) AntiCheatRep limit that autobans people.
    I ask this because not much servers have 24/7 staff online, and I would like myself the rest of the server to see who are the people you should look out for.

    Orc, you should ban spowney and jay_92. I respect your server but I know they can ruin it in a few minutes.
    their alts: poonaah and mongzilla.
     
  14. Offline

    Orcworm

    Could you perhaps PM me their IPs? I'm more than happy to add them to my firewall ;p.
     
  15. Offline

    mxE333xm

    OK. I'll turn the limits higher. Something like the autoban you proposed is already in work ;)
     
    Mr_H4mm3r likes this.
  16. Offline

    mxE333xm

    Some of you maybe noticed that there is now something like Jay's hack 2 out.
    But: There is no reason to worry, the cheat is detected as with version 1 :)
     
    Mr_H4mm3r and o0AzzA0o like this.
  17. Offline

    o0AzzA0o

    Keep up the great work with this plugin im sure that it will grow in popularity within a short period of time.... just waiting for the youtube hits to go up on jays cheat then all servers will need this plugin :p
     
  18. Offline

    ray0911

    Great plugin. However, can you stop autoclickers? maybe only allow X number of attacks in Y number of ticks???
     
  19. Offline

    Darkedge

    Great work on the plugin, I caught 3 people on a 4 person server yesterday, who all confessed to installing it, and I managed to convince 2 of them to uninstall it by showing them how many times it caught them. About 200 times, lol.
     
    Mr_H4mm3r likes this.
  20. Offline

    mxE333xm

    Coming in one of the next versions ;)

    :D
     
    Mr_H4mm3r likes this.
  21. Offline

    GmK

    @mxE333xm

    Wonderful plugin!

    How possible are false positives due to lag?

    Code:
    An attack of Player xxx took on average 40 miliseconds. He attacked 20 times in 0.818 seconds. PVPCheats!
    An attack of Player xxx took on average 30 miliseconds. He attacked 20 times in 0.604 seconds. PVPCheats!
    I have that in my log file - he claims he lags badly. What would you advise?
     
  22. Offline

    mxE333xm

    Well, I haven't really a server with lags to test that. I think that's possible with very hard lags, but the more messages you get in a short timeframe the more it's possible that he's not only lagging ;)
     
  23. Offline

    Pink Floyd

    Wow, fantastic plugin. Definitely installing this.
     
    mxE333xm likes this.
  24. Offline

    Mr_H4mm3r

    Suggestion:
    A permissions node so players with that wont give admins a message if they are using it??
     
    mxE333xm likes this.
  25. Offline

    mxE333xm

    Good idea. Coming.
     
    Mr_H4mm3r likes this.
  26. Offline

    knuddel

    we gonna test it on our Event Server. If you want, we can simulate lags :)


    Btw: Though you're on holiday^^
     
  27. Offline

    mxE333xm

    Very cool :)
     
  28. Offline

    Mr_H4mm3r

    Ty. I will use the permissions for my top donator so she/he can kill everybody :D. That would many like :)

    And i downloaded it and nothing error :D. I have not tested it. For no one has used it :). Btw ITS A GREAT PLUGIN THANKS. And it works perfectly with NoCheat ;)

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 17, 2016
  29. Offline

    Raqn

    @mxE333xm

    You missed a cheat. Its basically using macro keys to fire insane amounts of arrows at once, allowing for "buckshots", where members will get close to people, press a key, and fire 64 arrows straight into the person from nearly point blank ranges.

    Simple solution is to limit how fast arrows can be fired. Maybe impliment a feature where the arrows are fired at the person trying to do it =D.

    Video can be found here:
    http://www.youtube.com/watch?v=fXujfF7ut-o

    Credit to Bromfield on our server for bringing our attention to this instead of abusing it.
     
  30. Offline

    Kainzo

    What's the footprint on this plugin? we're running 100+ players and not really wanting to have a very cpu intensive plugin.

    Can you go in depth about how this handles each selection? @mxE333xm
     
  31. Offline

    knuddel

    Can you please add a timestamp to the logfile?
     

Share This Page