The fight against cheaters

Are there any plugins for sponge? Unauthorized flight or speed. Waist-deep in the block. Etc. How do you fight cheaters?

At the moment, I’d suggest just waiting for someone to actually bother to make an anti cheat with the Sponge API. I’m certain there are none.

There was talk about the API for anticheat. Maybe the sponge has a primary function of the confrontation? Server owners, do you struggle with cheaters?

Absolutely. It’s become a serious problem, even on my server which is not PVP oriented and peaceful.
On top of this, Sponge is worthless for any PVP oriented server.
Right now, Sponge’s niche is mostly for peaceful modded servers. I think that the lack of a decent anti-cheat is something that needs to be addressed before any PVP oriented server (modded or not) will want to use Sponge.

1 Like

The problem with an anti-cheat on this community is it couldn’t be open source

I dont see why not? NoCheatPlus is open source and it works good enough.

Ahh didn’t know about NCP. I’ve always used Phoenix Anti-Cheat

Is it possible to punish a cheater by sending him some kind of magic package, what would it client is hung or slow down?

As far as I know, Minecraft doesn’t have a manual slowdown mechanism that servers can control. :stuck_out_tongue:

Was the case. Son was playing on the server. Went cheater and told my son that he will disable the keyboard. The son says that has stopped working the key “W”. Coincidence?! In the logs there is nothing suspicious. Son had to restart the server.


Yeah, that’s uh, not possible, and if it is, there are more problems with Minecraft than just having some “hackers”

1 Like

Magic! :slight_smile:

Firstly, the server is able to decline movement packets and reset your location, as it ultimately has control of where your player is located. This is capable of completely stopping movement of a player and freezing them, or to teleport them back to a location before a violation.

Secondly, the server is able to send a Slowness potion effect - which will “slow down” the player; but this effect is only enforced client side. Most hackers probably would be unaffected by this so it is not employed outside of mini games usually; however this with a combination of movement calculation checks and movement resetting, the first one I mentioned, would allow the server to enforce your player to be slower than normal as a punishment for cheating. The slowness effect can also be used to completely freeze player movement, but more “smooth” than what movement resetting will do. Mining fatigue effect can also do similar things with block breaking.

Thirdly, the server is able to, in multiple ways, send corrupted packets that cause the Minecraft client to crash completely. This can really manifest in three ways. One, the client will simply disconnect from the server (corrupted NBT or JSON, usually). Two, the client will freeze completely (a deadlock, usually). Three, the client will crash (an uncaught exception, usually), causing the client to close. Usually these are not employed intentionally, as it’s quite scummy to do.

These are the only ways for a server to manipulate the client in any way similar to what you have described.
If these methods are being employed by a server that is operated by your son and he is unaware of it, it is likely that your server is either compromised or your son’s computer itself is compromised.

Back on to the main topic, I believe that a server sided anti-cheat should be created for Sponge. Obviously that won’t help you if your server or computer is compromised, but it’s incredibly useful for PvP servers or any server that wants to enforce fair play.
This will allow for more servers to actually start using Sponge. If this wasn’t obvious, there is no incentives for a vanilla server to use Sponge, but there is definitely disincentives. One of the disincentives for using Sponge would be the lack of an anti-cheat to enforce fair game play. Eliminating these disincentives will start to lead to more servers actually using Sponge to power their game; even if they aren’t a peaceful modded server like what Sponge’s main niche is currently.

Most would suggest that you implement a client side anti-cheat if you have control over your client/mod pack, but these are easily bypassed and will not stop determined cheaters. On top of that, you don’t control the client for a vanilla server; re-enforcing the disincentives I mentioned above.

The biggest problem with developing an anti-cheat for Sponge is that you also have to account for modded actions. The anti-cheat will have many false positives for mods that do movement related modifications. I suggest that there be a modular configuration system that allows for you to account for mods - or target it towards SpongeVanilla.

1 Like

I “love” minecraft anticheats like this. If a player has higher latency, or packet loss then the server do its best to make the player’s gameplay nearly impossible.

2 Likes

The server is not hacked. Run on my computer. Used to games several people. For fun son. I am professionally engaged in information technology. Me know say! Son is small, do not exclude, that just confused the buttons. :slight_smile:

1 Like

I think it would be fun to have a community anti-cheat plugin. If anybody is up to starting it, I will happily contribute.

There’s a bit of hostility against open source anti-cheats in this community for some reason. Whilst yes, it means hackers can see what it searches for, if they’re dedicated they can work the same out from a jar file.

Security through obscurity is usually a way to disguise a poor anti-cheat, rather than actually prevent cheaters.

What is alternative to sponge if no anti-cheater

I started working on an anticheat “just for fun” to see whether I could get anywhere.
Managed to detect the Killaura cheat from the Wurst Client. Thing is, once they know how I can detect it, it’s easy to block (hint: I use fake entities)
Wurst is an open source hacked client so will definitely help to develop an anticheat.

Maybe one can do cool things with machine learning. Learning what is real input or fake.

1 Like