The forge mods checker

If your a forum stalker you will know that this idea was already asked before, but I’m asking it in another way.
It’s very simple after the mod “xray” was announced modded servers have been having problems with these kinda of stuff or even normal I want a plugin that ask for his mods in his folder and it will give the admin,owner a list of mods he have if they spotted xray they can easily warn him, and heres if none of the admins are on the plugin will have a list that whats allowed and not allowed (it can be edited somewhere in the plugin folder) it will auto warn him and kick him giving him at least 3 chances (also can be changed in the plugin folder. can be set to an ban kick or tempban) if he reconnect to the server with the same mod or the denied mod on the list he will have another warning he does it for 3 times he get banned or tempbanned (it can be changed in the config how the admin want to set it ban him or even kick him) this will be very helpful for server owners also not only for modded if the player have forge on his computer the plugin will ask the forge on his computer to send the data of his mods to check if its allowed so it can work on vanilla too.Well that’s my idea hope you like it I would like to do it but I give up on creating plugins and forgot everything… Yeah if you didn’t understand i’m sorry for my grammar English isn’t my first language but you can ask me any questions in the comment section (also i’m new to the forum I registered like 2 minutes ago it looks nice) kthxbai

There is an open pull request to Forge Mod Loader that will allow forge mods to obtain a list of mods a client has.

If this is pulled, or equivalent functionality added, it will be possible.
Since it will only work for Forge servers, it’s better if it was a Forge mod rather than a Sponge plugin

I don’t see why would waste your time on this. Most “xray” clients don’t even use forge. And lets say that they do. forge is open source so it is relatively easy to change the modlist sender thingy to something that sends an empty list. Although this can stop the “noob”-cheaters.

What I think that could fix the xray issue better. Is that a minecraft server only would send blocks that players can see. And that it updates the blocks when a player breaks something. But yeah, that is something for mojang to fix.

2 Likes

I took xray as a example a lot of clients use un-allowed mods on the server lets take a server for example mineplex a very popular gaming server it have banned mods that use forge but it cannot do anything about it not only xray theres a lot of client that use radar mini-maps will be also helpful for that stuff.

(also it took 21 minutes to type this and I had nothing to do so i didn’t waste my time

I also use a mini-map, and I hope servers will never be able to ban me for using that.
It is actually very simple everything the server sends to the client, can be legitly used by any mod. If you make the server modify it packets. You can make clients/mods crash/not working, in case of cheats.

If you can use BungeeCord as a front end and the server you want to perform the check for is a Forge server, you can get the mod list from the Bungee API. I added it when I added Forge support to Bungee…

I have an example plugin using this API at GitHub - dualspiral/BlockModsBungee: A plugin for Bungee that will stop some FML client mods by kicking the user from the system! - feel free to use that as a base.

If I was going to write a mod that does that tomorrow. On Forge. Do you really think I’d not override that functionality so my mod doesn’t show?

Accept it, you can not control the client. Instead of looking on the wrong end, wouldn’t it be better to find feasible and usable soluions on the server?

2 Likes

I would too. I probably wouldn’t even write it on Forge. I have seen one or two mods , however, that do send out that they are a mod called “xray”, or they are just named something else, or included as part of a legitimate mod - and you can get those. Something like this can be a useful preventative measure from the more… sloppily coded ones, shall we say.

Of course, I don’t disagree with you at all, the best solution is to control what the client can see and do in the first place by sending no more information than is necessary. Easier said than done though…

The most reliable way of doing anti-cheat would be to control what the client can see or do server side with plugins(Orebfuscator and NoCheatPlus for example.), as something in the client can be bypassed with those with the know how to do it.

Problem with your theory of just checking the mods folder. Such a thing as MCP exists, and with MCP, you can (I have) modify the game itself. And I don’t think a plugin can (easily at least) pick up on that.

95% or more of unfair players ARE “n00b”-cheaters, so i think it’ll be a very good thing, especially if you’re running a Forge Modded server, where players must have client-Forgemods

the last 5% “Pro-Hackers”…
Well i’ve somehow managed it always to grab them out and ban them successfully…

Or they’re so “Pro” you didn’t even notice they were hacking ^^

2 Likes

Hmmm, these are my thoughts.

  1. A noob (pro’s made them by themself ^-^) will google “Minecraft hacks” or Minecraft Cheats".
  2. Google that is a pro in finding pro stuff, will give them sites like these http://www.mch***.net/.
  3. Here you go, cheaters have their pro stuff that doesn’t send mod information to the server ;).

Minecraft forgot a important rule while making his protocol: “Never, but never trust the fucking client”.
Like for player movement, the server completely relies on the client. That is why people can fly.
For basic interaction, clients only have to send packets with their interactions. So you can spam hit entity in all directions. What is also made easier because movement is handled by the client.
So yeah, seems like I just explained how the fly hack and kill aura works :stuck_out_tongue:.

I really don’t understand what mojang is thinking, why don’t they attempt to fix these exploits?

Cause it’s a lot of work. Simple. Also, you can’t make the server handle player clicks and player movement, simply because only the client knows what the user is doing. You could, of course send packets to the server for every keystroke (but then how would having a key pressed work? ^^) and make it calculate the players position and what he looks like, the angle of his arms etc. and send that information back to the client, but that would create a lot of traffic and lag. And it is easily circumvented: The client just sends fake keystrokes.

I don’t think it would increase the traffic.

If you think logic you would only need this to handle movement:

public class MovementPacket{
  enum Movement{
    FORWARD,
    STILL,
    BACKWARD;
  }
  enum Rotate{
    LEFT,
    STILL,
    RIGHT
  }
  enum Look{
    UP,
    STILL,
    DOWN;
  }
  private boolean jumping,
  private Look lookMovement;
  private Rotate rotateMovement;
  private Movement movement;
}

Lets say you want to go forward you send a packet with FORWARD, when you release the button it will send STILL. This way the server has total control over you :smile:.

The server still needs to calculate the movement, and send the movement like it does with other players that move around. I am guessing this generates less traffic, than it does now.

But the server doesn’t calculate the players movement. It only tracks it atm. Also, don’t forget that the server has to respond to the packets by telling the client where the player is now. That could cause quite a headache, especially if you have medium-to-high latency. Your player would just jerk around like crazy.

did hack clients work together wich forge?

(i know for sponge 1.8 you don’t need client-Forge, but we will)

Don’t use hacked clients with forge. Pretty sure you’ll get insta-ban if you ask for help. As a general rule, if you’re on a hacked client, don’t expect things to work and don’t expect to get any help.

It all depends on the client. There are clients that actually include forge.

i don’t use hack clients…

i simply want to see if i can (with a forge modded server) make sure not to have any hack-clients at connected clients…
and i think at least this is possible, because every Forge-based mod have to register at cpw’s FML isn’t it?

so when i have kind of client-dependencies installed i will be able to get a list of aktive mods, right?
and without forge they won’t be able to connect…