Inactive [SEC] NoCheat v3.5.0 [CB 1.2.4 R1.0][ABANDONED]

click this >> Get It here << click this​

 

[750] + [0.9.6] Fixed and plugin working great!
Thanks again!

 

Awesome mod! I have detected many speedhackers and flyers with this! Now, just one thing. I have had reports of a player possibly "somehow" duplicating diamonds. Assuming it is not an xray hack being used, I would like to know what warning exactly would show up if he was using that crafting table bug so I can ctrl+f it in my server.log file. Help would be appreciated, thanks!

 

When a player used the Crafting Table bug (die while having items on the table) or somehow else got a bogus item that can be used to create copies of itself, you'd likely get one of these messages when he handles those items (and you have the "bogusitems" check activated):

"[player] tried to pick up an invalid item. Item was removed." (in case a player used the Crafting Table bug and then came back to collect his bogus/duplicate items)
"[player] tried to use an invalid item. Item was removed." (in case a player tried to use a bogus item like infinite food)
"[player] tried to drop an invalid item. Dropped item was changed to dirt." (in case the player dropped a invalid item to the ground, e.g. to give it to somebody else - this one may sound stupid, but bukkit gave me no method to delete an item that gets dropped, so I did the next best thing).
"Removed invalid item from inventory of [player]" (for each of the above 3, I go through the players complete inventory and delete all remaining bogus items I can find)

Searching for "invalid item" would catch all 4 types of this log message.

People unsuccessfully trying to use the Crafting Table bug don't get logged, because that trick doesn't work anymore if you run a recent bukkit version or have the "itemdupe" check activated. Plus there may be a valid reason for dying in front of a crafting table.

I plan on extending the "bogusitems" check to also check the players chests and other containers for those items in the near future.

There won't be any big updates to the plugin for the rest of the week, because I'm working on a new feature which will mark the milestone version 1.0.0 and that takes some time to write and test. It's nothing security related, so don't worry, I don't play keep-away with important bugfixes.

But it will fix a "problem" with my plugin that always annoyed me (and many other users, even if they may not see it as a problem yet).

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

Ahh thanks. That would be great!

 

Hi! I am using your plugin and I found that if you warp using Codisimus' ButtonWarp then warp someplace else quickly after the plugin kicks for hacking? and I am admin with ALL permission nodes so I shouldn't get in trouble for that! also when I use the rocket command from CommandBook it just assumes the player being rocketed is cheating and gives me a notification! It is getting really annoying! please help!

 

For the ButtonWarp:

My plugin doesn't kick people. This is either a bug in bukkit or the ButtonWarp plugin. I was able to reproduce this error with and without my plugin. Sorry, I can't really help you with finding out what actually goes wrong, because the ButtonWarp plugin isn't open source and therefore it's impossible/too much work for me to debug what happens.

But I can tell you that this can only happen if the target of a teleport is at least 10 blocks away from the button. So if you want to verify that you can produce the bug without my plugin, set up a two-way teleport over a distance of at least 15 blocks (just to be sure), and teleport fast between those two. Eventually it should trigger the bug.

For the rocket command: I'll have to test that. I didn't have the case (yet) that somebody else sets the velocity of a player.

PS: the rocket command problem is a bug with my plugin (or better said, missing feature). Seems I won't be able to handle this one "the nice way" that I tried to go with all the other plugins with similar functionality (e.g. Superjump, Vampire, ...). Seems I'll have to finally dig into the dirty tricks chest of java code injections after all *sigh*

 

I seem to have found another cheat that you may want to add to your anti arsenal.

It appears there is a clock manipulation cheat that allows players to break and place blocks VERY quickly.
A player was kind enough to share this mod with me, but it's an exe. Despite it passing all virus tests I don't trust is on my system. If you'd like I can forward the email it to you with it attached.

Let me know how I can help you improve your already epically awesome plugin.

EDIT: same mod allowed player to speed move when setting was at 100x.

 

Did you see the player breaking blocks very quickly? I tried to do this hack many times with maniulating the system clock, but it never worked for me (on newer bukkit versions for MC 1.5).

Can you upload the .exe to somewhere (mediafire or similar) and send me a link to the uploaded file per PM? It was probably a good idea to not run it yourself. I'll then take a look at it (with the necessary precautions, of course).

 

hmm ok... thats odd seeing as I disbled the nofly mode... as well ButtonWarp shouldnt kick anyone... odd. Ill try to get some other warp plugin to test. I think it may be a bug in the nofly mode.

EDIT: about the rocket command; glad I could bring that event to light! sucks that you have to use the more difficult way around it but what has to be done has to be done! thanks!

 

I'd like to relate an amusing story about nocheat.

A while back I had nocheat installed and went crazy trying to adjust its settings to catch the real cheaters while leaving out my poor, lagging, trusted users.

You can see where this is headed.

Turns out my trusted users were flying their little asses off.

Nocheat is now installed again, and the banhammer reigns supreme over the land.

Thanks the the plugin!
-Dirk

 

Any chance you could add a config option, so if they get a "low violation" the server types a command?
Want to make it use Essentails and type "/tjail [player] [cell] so if they do that they're stuck in jail until an admin or mayor comes on..

 

I have a guy who is able to bypass this with Zombies mod latest.

Also It triggerd a Speedhack attempt on me when in my Warzone that is run my the War plugin by TommyTony I was riding lava down the side of a wall when it did this.

Consequently it kicked me mid fall.

 

Any details on that? What part of my plugin was he able to bypass and in what situation?

Do you mean by "kicked" you that you were kicked from the server? If that is the case, then it was either Minecrafts no-flying "feature" telling you that "flying is not allowed on this server" (you'll have to turn that off by setting "allow-flight" to "true" in the server properties) or you got the "moving too fast " message while getting kicked, which seems to either be a new bukkit or Minecraft feature that kicks players who move more than 10 blocks within 1 event (which seems to happen randomly for various reasons, especially when teleporting is involved).

You can also look into the /plugins/NoCheat/nocheat.log file to see if my plugin had anything to do with that (with standard settings every action will be logged in some form). Your name should be listed somewhere at the time of you getting kicked, if my plugin had to do anything with that kick, maybe causing one of the other features of bukkit or MC to go ape**** and believe that you were cheating.

Have been planning this forever and it will probably be part of the 1.0 release, if I get it working the way I want.

@ everybody else:

That said, I'm going to "do the Notch" and hereby announce that I'm on a LAN party for the next 2 1/2 days, where I'll have lots of fun without caring at all about my work here.

Show Spoiler Hide Spoiler

jk, I'll at least look into the forum from time to time to see if something interesting is happening.

 

Should I mess with the config settings for this plugin, or do the default settings work fine? My server's pretty new, so I dunno much about hackers and stuff.

 

can u make it more fine tuned? i have people settng it to 1.25 xnormal and such, and they dont get stopped!

 

I have had Fly=True for a while now ever since I realized it was flawed and bugged by notch and kicked people around the player who got kicked. I will post the log for your reading tho.

As for the Speedhacking Bypass it was any and all situatons
it was as if Nocheat was not even enabled he what was actually happening we both my friend and I " speedhacker being my friend" was looking around at my next major project area I was showing him the colloseum and the 4 warzones that were going in it and he just started moving at a bazzilion steps a seconds and it was obviouse a speed hack as he was running like superman.

moving at least 15x faster then normal I allowed it but warned him as I was more curiouse as to why no cheat never tiggred a move violations we continued testing and he kept speed running for about 10min turning it on and off and No cheat did not trigger any violation attempt what so ever.

I will take a look at my permissions as I think I may have allowed it to be bypassed as I am an old fan of this plugin from back when it still had a lot of incompatabilitys with plugins teleporting so I think my work around was to tell Nocheat to ingnore groups doing speedhax so it would not trigger false posatives when warping around.

He was part of my members group that would be possibly why it allowed it so I will get back to you on that and let u know if he can still do it if I find and remove the bypass permission.



Back onto the War plugin Warzone Speedhack misshap then..

As I stated Notchs No Fly is set to true as I trust your code and plugin more then his that is alredy known to cause issues and false events. All I was doing at the time was in the warzone with a couple of friends having a game of king of the hill I was smashing down the castle walls as I had hidden lava between the walls for LOL's I happend to fall in to lava and slide of the edge of the wall and thats when I was kicked with a message stating I was kicked for using speedhack.

It seems Nocheat was detecting a rather unique move situation that you may not have accounted for.
I can try and trigger it again if you like as well see I can't capture it on Fraps or something.

PHP:

06:47:20 [WARNING] NC: Moving violation: Lockie200 from RiftZero (-375.9, 66.0, -5.7) to RiftZero (-375.9, 67.2, -5.7)
06:47:23 [INFO] NC: Moving violation: Lockie200 from RiftZero (-376.6, 63.8, -10.4) to RiftZero (-376.0, 63.8, -10.9)
06:47:25 [WARNING] NC: Moving summary of last ~5 seconds: Lockie200 total Violations: (1,1,0)
06:48:01 [WARNING] NC: Moving violation: Lockie200 from RiftZero (-370.6, 65.2, -4.4) to RiftZero (-370.6, 66.4, -4.4)
06:48:06 [WARNING] NC: Moving summary of last ~5 seconds: Lockie200 total Violations: (0,8,0)
06:48:06 [WARNING] NC: Moving violation: Lockie200 from RiftZero (-370.6, 65.2, -4.4) to RiftZero (-370.6, 66.4, -4.4)
06:48:11 [WARNING] NC: Moving summary of last ~5 seconds: Lockie200 total Violations: (0,7,0)
22:12:00 [INFO] NC: Volup sent 36 move events, but only 30 were allowed. Speedhack?
03:33:32 [INFO] NC: Joopjr sent 32 move events, but only 30 were allowed. Speedhack?
04:29:02 [INFO] NC: Volup sent 32 move events, but only 30 were allowed. Speedhack?
04:31:56 [INFO] NC: Volup sent 44 move events, but only 30 were allowed. Speedhack?
12:25:49 [INFO] NC: Moving violation: T_Mosh from RiftZero (-169.6, 69.0, 84.5) to RiftZero (-169.0, 69.6, 84.6)
12:25:54 [INFO] NC: Moving summary of last ~5 seconds: T_Mosh total Violations: (1,0,0)
16:18:57 [INFO] NC: Moving violation: Johhhn from RiftZero (-289.5, 73.0, 168.5) to RiftZero (-288.9, 73.0, 168.6)
16:19:02 [INFO] NC: Moving summary of last ~5 seconds: Johhhn total Violations: (1,0,0)
18:23:37 [WARNING] NC: Moving violation: SpicyRocketSauce from RiftZero (-213.6, 64.0, -2.7) to RiftZero (-213.7, 64.6, -4.5)
18:23:42 [WARNING] NC: Moving summary of last ~5 seconds: SpicyRocketSauce total Violations: (0,1,0)
18:43:12 [INFO] NC: SpicyRocketSauce sent 38 move events, but only 30 were allowed. Speedhack?
18:53:42 [INFO] NC: SpicyRocketSauce sent 38 move events, but only 30 were allowed. Speedhack?
19:01:50 [INFO] NC: SpicyRocketSauce sent 46 move events, but only 30 were allowed. Speedhack?
19:31:26 [INFO] NC: Joopjr sent 42 move events, but only 30 were allowed. Speedhack?
19:31:55 [INFO] NC: SpicyRocketSauce sent 38 move events, but only 30 were allowed. Speedhack?
20:19:49 [INFO] NC: r_a_person sent 38 move events, but only 30 were allowed. Speedhack?
22:03:05 [INFO] NC: Joopjr sent 32 move events, but only 30 were allowed. Speedhack?
18:03:02 [INFO] NC: Moving violation: ForeskinRipper from TheAbyss (-211.5, 61.0, 81.5) to TheAbyss (-211.0, 61.0, 82.0)
18:03:07 [INFO] NC: Moving summary of last ~5 seconds: ForeskinRipper total Violations: (1,0,0)
18:03:47 [INFO] NC: Moving violation: dtdee from TheAbyss (-211.5, 61.0, 81.5) to TheAbyss (-211.4, 61.0, 82.1)
18:03:52 [INFO] NC: Moving summary of last ~5 seconds: dtdee total Violations: (1,0,0)
18:04:44 [INFO] NC: Moving violation: dtdee from RiftZero (-289.5, 73.0, 168.5) to RiftZero (-288.9, 73.0, 168.5)
18:04:49 [INFO] NC: Moving summary of last ~5 seconds: dtdee total Violations: (1,0,0)
18:08:50 [INFO] NC: Moving violation: dtdee from world (316.2, 32.3, 1929.7) to world (316.3, 32.2, 1929.7)
18:08:55 [INFO] NC: Moving summary of last ~5 seconds: dtdee total Violations: (1,0,0)
18:09:09 [INFO] NC: Moving violation: sloth_snot from RiftZero (-200.7, 64.0, 145.4) to RiftZero (-201.1, 64.6, 145.0)
18:09:14 [INFO] NC: Moving summary of last ~5 seconds: sloth_snot total Violations: (1,0,0)
00:01:07 [INFO] NC: Joopjr sent 46 move events, but only 30 were allowed. Speedhack?
00:28:33 [INFO] NC: Moving violation: Retterchen from TheAbyss (-228.5, 61.9, 55.7) to TheAbyss (-228.9, 62.5, 55.3)
00:28:38 [INFO] NC: Moving summary of last ~5 seconds: Retterchen total Violations: (1,0,0)
01:12:22 [SEVERE] NC: Kaned sent 198 move events, but only 30 were allowed. Speedhack?
08:14:30 [INFO] NC: Moving violation: naydn from TheAbyss (-211.5, 61.0, 81.5) to TheAbyss (-211.3, 61.0, 82.1)
08:14:35 [INFO] NC: Moving summary of last ~5 seconds: naydn total Violations: (1,0,0)
08:14:43 [INFO] NC: Moving violation: naydn from RiftZero (-289.5, 73.0, 168.5) to RiftZero (-288.9, 73.0, 168.5)
08:14:48 [INFO] NC: Moving summary of last ~5 seconds: naydn total Violations: (1,0,0)
16:46:36 [INFO] NC: Moving violation: penguwin from RiftZero (-230.7, 33.8, 134.2) to RiftZero (-230.7, 34.2, 134.2)
16:46:41 [INFO] NC: Moving summary of last ~5 seconds: penguwin total Violations: (4,0,0)
16:46:42 [INFO] NC: Moving violation: penguwin from RiftZero (-230.7, 33.8, 134.2) to RiftZero (-230.7, 34.2, 134.2)
16:46:47 [INFO] NC: Moving summary of last ~5 seconds: penguwin total Violations: (1,0,0)
16:46:59 [INFO] NC: Moving violation: penguwin from RiftZero (-230.7, 33.8, 134.2) to RiftZero (-230.7, 34.2, 134.2)
16:47:04 [INFO] NC: Moving summary of last ~5 seconds: penguwin total Violations: (2,0,0)
21:49:35 [INFO] NC: Moving violation: kevin88 from RiftZero (-289.5, 73.0, 168.5) to RiftZero (-288.9, 73.0, 168.5)
21:49:40 [INFO] NC: Moving summary of last ~5 seconds: kevin88 total Violations: (1,0,0)
21:49:50 [INFO] NC: Moving violation: kevin88 from RiftZero (-257.3, 69.1, 159.8) to RiftZero (-257.3, 69.8, 159.8)
21:49:51 [WARNING] NC: Moving violation: kevin88 from RiftZero (-257.3, 68.5, 159.8) to RiftZero (-257.9, 70.3, 159.8)
21:49:55 [WARNING] NC: Moving summary of last ~5 seconds: kevin88 total Violations: (1,2,0)
21:50:31 [INFO] NC: Moving violation: kevin88 from RiftZero (-222.6, 64.0, 164.3) to RiftZero (-223.2, 64.6, 164.1)
21:50:36 [WARNING] NC: Moving summary of last ~5 seconds: kevin88 total Violations: (1,0,0)
01:56:14 [INFO] NC: Joopjr sent 44 move events, but only 30 were allowed. Speedhack?


It appears it did not log me I will see if the console reported the event.

Here it is

PHP:

2011-05-06 19:28:57 [WARNING] ledhead900 moved too quickly!
2011-05-06 19:29:08 [INFO] ledhead900 [/10.0.0.24:53581] logged in with entity id 421686

Edit:
Only commands I had given to the group related to Nocheat were

nocheat.moving
and I think depricated and now removed nocheat.p

 

Can someone tell me how to let myself fly and not let others cause i dont know how

 

THANKS

 

I see an issue here. Not sure if it's been addressed, but if you do fly AND you have something like authme, you need to login really really quickly to fall. So you're pretty much stuck until you somehow login

 

@Evenprime Does NoCheat fix the cactus door dupe?

 

could i simplify the log messages in the console with:


logmessage: "%1$s was using a client side fly mod!!!"

Also, can I use color codes in the message? thanks alot!

 

Defaults usually work fine. Only imho save features are activated by default. You may want to adapt your permissions though, to e.g. exclude yourself from some of the tests.

It's hard to set the limits to a specific value, because Minecraft and Bukkit may go a bit beyond those limits in some special cases and I rather give too much freedom than accidentially prevent people from doing legitimate stuff.

The "moved too quickly!" is a message by Minecraft/Bukkit itself and indicates that somebody tried to move more than 10 blocks within one move event. This check is executed before my plugin even gets a chance to look at the event and there is afaik no way to deactivate it. I don't know why it was triggered in your case.

You probably have already found out. But here is the solution anyway:

1. Set "allow-flight=true" in your server.properties file
2. Install my plugin (obviously)
3. Use Permissions or GroupManager or similar plugin to give yourself the permission "nocheat.moving" or "nocheat.flying". Everybody with one of those permissions won't be stopped by my plugin.

I guess you ask because AntiHack isn't downloadable anymore. No, it does not fix the cactus door dupe, but if AntiHack won't get back online or updated, I may add it to my plugin. I just don't want to duplicate stuff that other plugins already do, unless I feel like I can do it better.

Simplifying should work, color codes may work, I never tested that. The color codes may look stupid however in the logfile and such.

Sorry for the double post, but bukkit ate my previous all-in-one post. So I rather wrote two now, one answering questions and this one:

The plugin should still work with the newest RB 766. If you don't think so and/or found a bug that wasn't there with RB740, please tell me.

I have made progress on Version 1.0.0 and will probably be able to release it this weekend. It will (finally) allow you to freely* choose what should happen in case of a violation (instead of limiting you to "cancelling" and logging). The important stuff is already done, it just needs some polishing and a lot of testing, because to make this happen I had to make lots of changes to existing code.

* Anything that can already be done by typing commands into the console, either original bukkit commands or any command provided by another plugin, e.g. /jail, /kick, /ban, /kill, /tp, ...

The additional "secret" feature that should complement this new feature will hopefully also be finished at the same time. It is already working better than I expected.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

well it seems that i have people going on 1.5x, 1.75x , etc.
Anyways, love the plugin. Great work, cant wait on said features. I am going to set it to strike them with lightning!

 

Amazing plugin! I can easily make it so that only Mods and Admins can fly

 

RB 766, NoCheat 0.9.6, with 20 people on the server, it seems we are getting several false positives. One of our worlds is a free building one, VIPs get the magic carpet plugin, and occassionally if they lag, it will trigger a moving info (low) alert. Can we adjust the values a bit on a low? I've commented low out to see if it just won't spam us.

I've seen some other alerts from other worlds, and they are all low ones, and with a flight hack, or speed booster, I would expect a warning or higher.

Great plugin, a bit more customization if its possible, would be appreciated.

 

Would you have any idea what format i would use to color the message red for instance?

 

I'm pretty sure you can adjust the event detection rate. Don't ask me how as I never have but I can see in the config that it looks like you could adjust how many move events will trigger a response.

 

Is there anything you can do about new people logging in and already having their entire inventory filled with stacks of diamonds?

 

If you can point me to a place where how to achieve this is explained or how to do it myself, I'd try to. I've never seen or heard of that before.

 

I really do wish I had more information.

The guy signed in for the first time, was by himself at the spawn point, and had not yet been given build rights. He started talking about paying someone 9 diamonds for something so I used the "OpenInv" plugin to look at his inventory and it was filled with diamond blocks, iron blocks, gold blocks, and a lot more. I promptly banned his name and IP and kicked him.

I have no issues with sharing his name and IP:

Code:

 [INFO] bigmoneytaylor [/76.182.111.179:50015] logged in with entity id 970756

Note: This is on an offline mode server so no guarantee that it's a valid account.