[ADMIN/SEC] mxAntiPVPCheat 1.11 - An approach against newest PVP Cheats [1000]

Discussion in 'Inactive/Unsupported Plugins' started by mxE333xm, Jul 23, 2011.

  1. Offline

    mxE333xm

    mxAntiPVPCheat
    Tested with bukkit build 1000​
    Important announce 3: If you experience Number-Consolespam from this Plugin please redownload it (v1.1)

    Last month this PVP-Cheatmod appeared. And it spreads fast! People using this mod have basically

    • Autoheal
    • Autoaim
    • A feature called Forcefield that auto-attacks all people in a sphere around the player without him doing something and even without him s eeing them.
    That makes them invincible and other players get bored. On this way the complete PVP-Activity on a server can get ruined.


    Also this can crash the economy on a Creative-Server. How? This allows you to farm Wool from sheeps automatically with the forcefield-Feature.

    This plugin tries to fight these Cheaters by indicating the Server administrators which player probably use this mod. How sure it is actually depends on the method used to determine whether they were cheating.

    Detecting Autoheal [Implemented]
    The autoheal-Feature of the Cheatmod allows players to use Food in their inventory to heal themselves without clicking it and without wasting possible harts. As soon as the health of the player has a value that can be perfectly healed (e.g. 15 + bread = 20) that food item is used. It's obvious that a player with a stack bread in his inventory pratically can't die.
    To fight this, it's logged how good the player heals himself in a timeframe of 30 seconds. So if he heals himself 2 times in < 30seconds without wasting half a heart (which is very hard to achive in a fight) you'll get this warning:
    [​IMG]
    If he healed a fifth time or a seventh the message is going to look like: "It's extremely probable that he uses PVP-Cheats". If the message contains got 11 perfect Heals you can be sure that he uses the cheatmod because that is just absolutely impossible to achive in a fight.

    Notice: Wasting hearts means healing with an item that regenerates theoretically more hearts than needed. So healing from 2 to 20 isn't considered to be a cheat by this plugin ;)

    Notice 2: Another characteristica of the cheatmod is that Food items get on fix places in the inventory when turning autoheal on. That will soon be used as alternative detection-method.

    Detecting Forcefield [Implemented]
    To detect forcefield this plugin counts how much times the player attacks other entities in a given timeframe. The forcefield-cheat attacks every entity in a radius of 6 around the player every Frame. That isn't possible without this cheat. So a message will look like this:
    [​IMG]
    If you get more then 1 message like this you can be pretty sure that he uses the cheat.

    Notice: Another characteristic of the Forcefield is the distance between attacked player and attacker when the attack takes place. That will soon be used as an alternative detection-method.

    Detecting Autoaim [Coming Soon!]
    Coming soon ;)

    Commands
    There are no commands at the moment. These messages appear automatically and are logged in a mxAntiPVPCheat.log - File in the directory of your Servers executables.

    Configuration
    A config.yml is generated with the default Values on the first start of this plugin.
    Code:
    # Section about the forcefield
    forcefield:
        # Autoaction enabled?
        autoaction_enable: false
        # Number of forcefield-violations (The red messages you get) to trigger this action
        autoaction_req_violations: 10
        # Command that has to be executed (without /).
        # e.g. globalban &1 Cheating or localban &1 &2  with glizer
        # &1 will be replaced through the player's name
        # &2 by a Reason-String. In this Case mxAntiPVPCheat - Forcefield - X Violations.
        autoaction_command:
    # Autoheal section, see above for info about the parameters if there is no comment
    autoheal:
        autoaction_enable: false
        # Number of perfect heals in a row in 30 seconds required to toggle this action
        autoaction_req_violations: 10
        autoaction_command: 
    Permissions
    Permission NodeFunction(Without Permissions) OP Only?
    mxAntiPVPCheat.AdminUsers with this Permission see the Cheat-Warning-MessagesYes
    mxAntiPVPCheat.bypassUsers with this Permission can cheat without being indicated.TD]Yes


    Coming Features:
    • Autoaim Detection
    • Supporting more Permission Systems
    • Arrowcheat detection
    Download
    Note: Due to some changes in the autoheal detection the values making you sure that autoheal is used have changed. Please re-read the chapter about this above or look at the adjectives in the messages ;)
    Note II: The Lag-Detection-Code is taken from the NoCheat code.
    Note III: Permissions 3.x or compatible are needed.
    Click me!

    Other Stuff:
    [​IMG] if you want to support my development activites :)

    Special thanks goes to: MiRROW :=)

    Changelog:
    v1.11 - fixed Consolespam

    v1.10 - fixed a bug in the lag-detection
    - fixed a logging bug
    - added a timestamp to the logfile entries
    - added autoaction features and a configuration file
    v1.02 - Arrows are now ignored as they aren't part of the Cheat and toggled detection.
    Older Entries: (open)

    v1.01 - Lags should not longer affect the Cheater-Detection
    v1.0 - Logging of anti-cheat-messages into a Logfile.
    v0.3 - Forcefield detection
    - Improved Autoheal-detection

    v0.1 - Initial Release
     
    zok, Codex Arcanum, Kain888 and 4 others like this.
  2. Offline

    o0AzzA0o

    This plugin has caught around 20 players on my 40 slot server so far..... id say that the false positives are around 30% which is more then reasonable for me ..... we just teleport to them invisible to verify that they are using this particular jays-mod cheat.

    This cheat is getting more and more popular i cant see how any server that has pvp enabled can run with out it. Talking about overheads..... its low for me i havent noticed any impact from this plugin.
     
  3. Offline

    Donald Scott

    I would like to see an autowarn (to tell the user to stop) and an autoban (through mcbans). Otherwise good work!
     
  4. Offline

    knuddel

    Autoban though Glizer would be great too
     
  5. Offline

    ichingpow

    Does this use BukkitPerms or Permissions 3.*? I couldn't find it anywhere and I can't be bothered to decompile the jar :p
     
  6. Offline

    darkwarriors

    where .log stored in? both main folder and plugins folder hasnt it..

    cb1000 linux dedicated server!
     
  7. Offline

    mxE333xm

    @Raqn
    Thanks for the hint, a detection will follow in one of the next versions.
    @ichingpow
    Currently Permissions 3.*, other systems will be supported soon
    @darkwarriors
    in the main folder. But the current Version contains a bug that can lead to a missing logfile.
    @Donald Scott
    Coming in the next Version today ;)

    @Kainzo
    The performance overhead is very low at all.

    There is a async Task running every 10 Server ticks and donig nothing apart from calling System.currentTimeMillis() and doing some additions and subtractions on Long's. It took about 2000 nanoseconds to compute on my machine.

    The cheat statistics are stored for each player - Created when he joins, Destroyed when he leaves -, they consist of 2 lists and some int's.

    Other parts of the plugin are getting active when there is a Player Damaging a LivingEntity or a Player Healing himself.
    Then we have some checks about the performance and the data. The events + a timestamp are added to corresponding lists. Then there is a loop through the elements of an ArrayList that has max. 20 Elements and some if's.

    Anything other is only done when a Player violates and so insignificant.

    New Version
    v1.10 - fixed a bug in the lag-detection
    - fixed a logging bug
    - added a timestamp to the logfile entries
    - added autoaction features and a configuration file

    New Version
    v1.1

    - Fixed Console-Debugging-Spam

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 17, 2016
  8. Offline

    Kainzo

    Sounds good - this "mod" hasnt really been seen on my server but I am all about preventing things like this.
     
  9. Offline

    statiikfury

    What have you done... NOW I CANT CHEAT!!!!!!
     
    mxE333xm likes this.
  10. Offline

    Bronski

    Not for me. Just getting "{}." on both Windows & linux. I copied what you have in the OP though.
     
  11. Offline

    mxE333xm

    Ok, I can reproduce that. But I'm going on vacation, soo for now copying from the first post is a good workaround.
     
  12. Offline

    Xproplayer

    Source code?
     
  13. Offline

    ichingpow

    You can download the source code from here.
     
  14. Offline

    Codex Arcanum

    Wow.
    That is one extremely scary cheat. I have never had any problems with serious hackers so far on my server, but I'm going to install this anyway, just because of the destructive potential of this plugin.
     
  15. Offline

    Moe041991

    so this wont work with permissions 2.7.4?
     
  16. Suggestion: Make it possible to turn off the messages completely.
    So it can be used with only auto-action active.
     
    spunkiie likes this.
  17. Offline

    tremor

    Downloaded august 8th...- my version status 1.02 even though it says you're on 1.11

    My plugin folder and config.yml did not get generated.

    Solutions?
     
  18. Offline

    TelephoneKiosk

    Can you add this to CraftBukkitUpToDate?
     
  19. Offline

    andreblue

    could you do a distance check for far reaching?
     
  20. Offline

    tremor

    My autoactions are not working, is there another plugin I need for them to work? Also I keep downloading from your posted link hoping to get version 1.11 but it keeps saying I only have version 1.02 when I check using the /version mxAntiPVPCheat command.
     
  21. Offline

    Bronski

    Do any of these exploits work in non-PvP scenarios (PvP is off for the server OR off per-person via another plugin)?
     
  22. Offline

    spunkiie

    I second this. Will test this plugin on my 600+ server, but, you can imagine what a hell of flood it will generate to Ops
     
  23. Offline

    GmK

    Same here...
     
  24. Offline

    MiRROW

    There is a new powneyclient but they only give it to people they know.
    It's a improved reachhack, I'll try to get a copy of it.
     
  25. Offline

    tremor

    Anyone checked compatibility for this and latest CB1060?

    - Edit - Does not appear to be working - caught dozens of cheaters leading up to switch to 1060 each day... so far today.. none. Maybe all the cheaters stopped trying?
     
  26. Offline

    xfs

    For the autoheal detection, I'm not sure if I understand correctly, but it seems the autoheal detection solely relies on the detection of perfect heals which are merely an unnecessary optimization for maximized utilization of food and can be easily adjusted to imperfect yet still effective heals, rendering this detection useless.

    The forcefield detection also solely relies on client sending massive amount of attack events in a short time frame which is also unnecessary because of the damage cooldown period in which the targets turn red and won't get actual damage. If the cheating client considers the damage cooldown period and only sends attack events when the targets are not damage immune, this detection is also ineffective.

    Long reach is a somehow complicated topic. The client won't attack entities 4 meters away (MCP 4.3 static analysis). In beta 1.5_01, the server discards Packet7UseEntity event if the target entity is more than 4 meters away from the player, but in beta 1.7.3 (or some version earlier) the limit is extended to 6 meters. Testing a local 1.7.3 vanilla server with modified logging shows that a normal client's attack events are usually around 3.5 meters away, occasionally more than 4 meters away because the targets are knocked back. But a cheating client will likely send attack events mostly more than 4 meters away. So this is where the detection lies. But this is also affected by network latency and I've yet to do experiments with large latency.
     
  27. Offline

    shutup_Aragorn

    Hey you guys, thanks for the cool mod and keep up the great work! Hope this bug report helps:

    Under certain conditions where a player is taking constant damage from water and spamming heal with bread, it triggers the auto-heal cheat :)
     
  28. Offline

    tremor

    I agree about the perfect heals detection, the cheats will just start doing imperfect heals intentionally to avoid this detection. While this system may not be perfect though, it definitely helps right now.. as there is really nothing else out there. Here is to hoping maybe more people will contribute code and ideas to making a great anti-cheat system... I think I'd like to see the antihack plugin developers to collaborate more and develop a really nice all inclusive package.
     
  29. Offline

    Likwidface

    Installing this plugin made it so I can't shut my server down completely to uninstall plugins. Any idea how to do it from TCAdmin or McMyAdmin because even disabling it, still have a massive 20-time a second console spam and it behaves like its still on. This plugin really caused a lot of damage, thanks if you can help.
     
  30. Offline

    ichingpow

    It says in his original post to redownload if you had console spam. Some people can't read :(
     
  31. Offline

    Likwidface

    After having released a plugin that undoubtedly raped servers, you sure come across pretty rude. Crap plugins, bad plugin author. -1000 rep for you, jerk.
     

Share This Page