Bukkit

@cvxx7q

Stolen accounts. You can get thousands of premium accounts by simply testing if username=password or password is "password", "1234567890", "secret", ...

Most Minecraft players haven't really done anything online before the game and therefore still don't understand that a password should be complex and kept secret. Just a day ago I found a list of username+passwords for over 1000 accounts online for free. Most of them with the aforementioned "passwords".

@cvxx7q

I don't want to support the creator of the tool in any way. Mainly because it's a simple program (I could write the same easily myself) and I don't want to support it even more.

It draws its power only from the cracked Minecraft accounts and the proxy servers that it uses, both of which don't come with the tool/people have to search for themselves if they want to make it really effective.

@Dmck2b

Yes, I know the program, but it costs money which I'm not willing to spend for it. When you get attacked next time, how many of the bots roughly get listed by the new spam.bot check and by which of the servers?

The idea would be that servers don't have to organize IP banlists for these attacks themself, because there are simply too many such proxies around (and every day thousands vanish and new ones appear), but instead ask online services that have specialized in this job and will just tell you every time if the specified account is connecting from a proxy.

@Dmck2b

At least I hope it works most of the time as wanted. I don't own the tool that's usually used for these spambots, so I could only work with the info that I got from others.

NoCheat 3.4.1:

• fix broken movement check of Nocheat. They'd detect flying, but not prevent it
• fix new spambot check to really be disabled when set "active: false"
• replaced two of the default servers for spambot check with alternatives, you'll have to delete that entry from your config file to get the new servers (delete the whole line "servers: ...", not just the actual servers from your config.yml)

After some intial feedback I decided to use different servers now. Also, thanks to those that reported the two bugs so fast!

Updating is highly recommended!

I'm very interested btw. in feedback for the "spambot" check thing. Which of the included 5 servers seems to give you false positives, if you get attacked by an actual spambot/tool (lot's of players connecting at once, spamming the chat), if and how many of them get identified by NoCheat?

Things like that would really help me out in refining it.

Version 3.4.0:

• new check "chat.spambot": Try to determine if players connect from public proxies and therefore are most likely to be used for mass spamming (multiple players connect and are remotely controlled)
• improved fight.direction check to be adapt better to enemies of unusual big or small height (e.g. Endermen, Chicken)
• REWRITTEN "Instructions.txt" file. Please take a look at it, it should be much more readable and informative

Details: http://forums.bukkit.org/threads/sec-nocheat-v3-3-0-detect-and-fight-the-exploitation-of-various-flaws-bugs-in-mc-cb-1-1-r3.4523/page-76#post-971256

Just spent almost 3 hours rewriting the "Instructions.txt" file to get it better formatted and more readable. It's now almost twice as long o_O

Take a look: https://github.com/Evenprime/NoCheat/blob/master/Instructions.txt

It already contains information about the next NoCheat version (so don't be confused if you can't find some of the mentioned options in your version) and most importantly it contains explainations for each check what the Violation Level (VL) in the log messages symbolizes.

Besides that: longer, more detailed descriptions, easier to spot headlines and stuff that should make skimming over the file in search for specific entries much easier.

PS: Only thing missing is a "Permissions" section. Once I've that too, I'll remove the page from BukkitDev that is currently used to explain permissions.

@hqt99

Sadly that's not possible. I suggest you really search for a plugin that provides a specialized command that counts how often people got kicked and let NoCheat call that command instead of the predefined "kick" it currently uses for spamming.

@BrvtvsC

You mean if people log out shortly after taking damage? Shouldn't be too hard to identify that and log it.