NoCheatPlus

Table of Contents

NoCheatPlus

Detect and fight the exploitation of various flaws/bugs in Minecraft!

Minecraft 1.11.2 and latest features are currently only available on Jenkins - once things stabilize, stable builds will be available here again.

Introduction

NoCheatPlus attempts to prevent cheat clients from exploiting weaknesses of Minecraft or its protocol, making your server more safe. Checks cover a wide range of issues including flying and speeding, fighting hacks, fast block breaking and nukers, inventory hacks, chat spam and other types of malicious behaviour. For a more complete list have a look at the Features Page.

NoCheatPlus puts emphasis on configurability and allows you to customize actions that are carried out when a player fails a check (e.g. silent cancelling, executing commands, just logging). Bypass permissions allow to control what check to apply for which players, all checks can be deactivated in the configuration, also having the option for world-specific configuration files. Many checks allow more detailed configuration to adjust sensitivity.

Certainly NoCheatPlus is not a magical bullet, it uses a lot of heuristics and even guessing, so you will encounter false positives here and there and also not catch every single violation. Example video of how NoCheatPlus blocks cheats (outdated plugin version).

NoCheatPlus was introduced by NeatMonster, building on the code base of NoCheat by Evenprime.

Make plugins like mcMMO or MachinaCraft more compatbile with NoCheatPlus. Not all existing plugins are covered (yet), but you can leave a note or create an issue/ticket request for cncp. Phasing out: Citizens 2 should work with NCP out of the box, MagicSpells are working on compatibility too - rest will be integrated into NCP.

Orebfuscator

Orebfuscator fights all sorts of X-ray-hacks by altering the map information that is sent to the players, such that they have to mine blocks to actually reveal what is behind. Virtually a "must have". (Latest versions of Spigot contain features of Orebfuscator.)

Downloads and History of Changes

Download officially approved versions on the Files page at BukkitDev.
Development builds have been moved over to the Jenkins at md-5.net.
Do not download from any other source, do not use jars other people send you.
Change lists: Wiki (digest) | Jenkins (by build number) | GitHub (all commits).
Source code
~~Plugin statistics are no longer reported to mcstats.org~~.

Support

Documentation Resources

Consider first: Frequently asked Questions and Known Issues.
Wiki (Configuration, Permissions, Commands)
Developers might have a look at the page describing the API of NoCheatPlus.

Contact us

Quick questions can be asked on this page,
or on IRC (Server: irc.spi.gt | Default-Port: 6667 | SSL-Port: 6697 | Channel: #nocheat | Web client: WebIRC)
For real issues or feature requests please create a new issue/ticket or add to an existing issue/ticket.
To send information that is not to be seen by all, you can also reach us by PM to @asofold and @MyPictures. @IceAP (IRC: ICE) will also help or redirect the conversation. Please do not contact the user 'NoCheatPlus', it is for administrative purposes only and will likely not be answered in time. Keep to BukkitDev and GitHub for support, do not trust users on other forums or websites, also not if their nick names are the same as NCP staff on BukkitDev.

Please always state the output of the "ncp version" command to let us know versions in use (users of cncp also the "cncp" command).

Comments

Forge_User_61842651
- Join Date: 8/29/2011
- Posts: 2,535
- Member Details
#3725 Forge_User_61842651

View User Profile

Send Message

Posted Jan 7, 2013
@5gbrown

Improbable:

You can disable the check (hard way), also combined.yawrate does silent attack cancelling for fast direction changing.
You can use development build 301 (http://www.nocheatplus.org:8080/job/NoCheatPlus/301/), because it fixes some aspects of improbable/yawrate.
You can increase the level for which improbable (and yawrate) cancel actions (configuration). With build 301 less increase should be necessary.

There will be more adaptions / changes to improbable in the future.
Flying: Not sure what you are experiencing concerning flying. Important is to see if it happens often / to players you know of that they are not cheating. In case of lag spikes the versions up to 301 might react a little bit harsh, you can disable the survivalfly.vertical-accounting option, which is the part of survivalfly that is influenced by lag.

Players need the permission nocheatplus.admin.notify to receive the chat messages.

@lord0o

This looks like what makes some people angry about PermissionsEx :) - check if PEX starts up at all, likely some error has happened there. Is it up to date ?

@Rosiepoo284

I have heard such before. What is "tiny bit of delay"?

@zSwayz

Can't tell... seems like something used a lot of CPU (unlikely related to noswing directly). Does that happen more often ? What does "/ncp lag" show?

@d4rkpow3r

There will be false positives. Noswing rather seems to happen with blocks that can be broken very fast, typically with blocks that are protected. Noswing is not really an important check, it just makes it slightly more time consuming to write a hack, so one might also disable it, yet i think this should be very seldom, so living with a false positive now and then should be possible. You could adapt the actions to not log at all.

Flying can have some false positives, mainly due to the minecraft client sending phantasy coordinates (for those cases we can't do anything). If there is something you can systematically reproduce, we would appreciate if you could make a ticket describing how to.

If you have lag spikes often (some feedback with "/ncp lag"), you might disable survivalfly.vertical-accounting, because it is influenced slightly by lag.

The knockbacks are also influenced by lag-spikes. You can alter the interval NCP expects between sprint and attack. This check also will need some adaptions in the future.

@Sheeperia

Thanks, interesting. They would have to join slowly and spam slowly to bypass the simple checks...
Rollback Post to Revision RollBack
_ForgeUser8321172
- Join Date: 1/26/2012
- Posts: 65
- Member Details
#3724 _ForgeUser8321172

View User Profile

Send Message

Posted Jan 7, 2013
My server got attacked by bots yesterday. About 20-30 new players joined in a huge wave, and started spamming the chat, making it impossible to see anything that was going on.

But NoCheatPlus stopped all of them and autokicked them, and after one minute they were all gone. They retried after 5 minutes, but they all got kicked again. The best part is, i didn't have to do anything, NoCheatPlus did all the work, flawlessly!

Heres the logs if anyone wanna see what happened: http://sheepserver.freeforums.org/the-bot-attack-today-p-t1637.html

So thank you for your great plugin, keep up the good work!

Rollback Post to Revision RollBack
_ForgeUser5924261
- Join Date: 10/28/2010
- Posts: 6
- Member Details
#3723 _ForgeUser5924261

View User Profile

Send Message

Posted Jan 7, 2013
This seems to be causing false positives on my server and causing legit players some "Lag". I have seen it complain that a player is using no swing when they are not, flying when they are not (possibly caused by a beacon buff?) and also using knockback while not sprinting when they are clearly sprinting. can i edit some settings to prevent this from happening?

Last edited by _ForgeUser5924261: Jan 7, 2013

Rollback Post to Revision RollBack
_ForgeUser9160271
- Join Date: 7/9/2012
- Posts: 213
- Member Details
#3722 _ForgeUser9160271

View User Profile

Send Message

Posted Jan 6, 2013
I shall take this to a ticket if needed but i just saw two no swing VL's, and saw this in console at the same time. http://i.imgur.com/qgw3K.png

Rollback Post to Revision RollBack
_ForgeUser10203515
- Join Date: 12/12/2012
- Posts: 29
- Member Details
#3721 _ForgeUser10203515

View User Profile

Send Message

Posted Jan 6, 2013
I turned off all pvp and the combined.yawraye thing but nocheatplus still gives my players a tiny bit of combat delay... what is causing this? if i disable the plugin We don't get any.

Rollback Post to Revision RollBack

_ForgeUser1034352

Join Date: 8/13/2008
Posts: 160
Member Details

#3720 Posted Jan 6, 2013

is this a Nocheatplus error? Please orient me :)

2013-01-06 15:07:34 [SEVERE] at net.minecraft.server.v1_4_6.MinecraftServer.q(MinecraftServer.java:494)
2013-01-06 15:07:34 [SEVERE] at net.minecraft.server.v1_4_6.MinecraftServer.run(MinecraftServer.java:427)
2013-01-06 15:07:34 [SEVERE] at net.minecraft.server.v1_4_6.ThreadServerApplication.run(SourceFile:849)
2013-01-06 15:07:34 [INFO] Disconnecting [/190.118.65.172:53800]: Too many Joins!
2013-01-06 15:07:37 [INFO] [Survival][User]GuilleL7: a cuanto compras??
2013-01-06 15:07:38 [INFO] wassacbtis issued server command: /login wassaeduardo
2013-01-06 15:07:38 [INFO] [AuthMe] ?8[User]?7wassacbtis?r logged in!
2013-01-06 15:07:39 [INFO] [Survival][User]juannyarg: nv
2013-01-06 15:07:41 [INFO] DaJokerz issued server command: /money
2013-01-06 15:07:41 [INFO] *Nigthers [Survival][User]minerillo123: pipi
2013-01-06 15:07:42 [INFO] holo1234 issued server command: /home gollums
2013-01-06 15:07:42 [SEVERE] java.lang.NullPointerException
2013-01-06 15:07:42 [SEVERE] at ru.tehkode.permissions.bukkit.superperms.PermissiblePEX.performCheck(PermissiblePEX.java:134)
2013-01-06 15:07:42 [SEVERE] at ru.tehkode.permissions.bukkit.superperms.PermissiblePEX.checkPermission(PermissiblePEX.java:117)
2013-01-06 15:07:42 [SEVERE] at ru.tehkode.permissions.bukkit.superperms.PermissiblePEX.hasPermission(PermissiblePEX.java:109)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.craftbukkit.v1_4_6.entity.CraftHumanEntity.hasPermission(CraftHumanEntity.java:109)
2013-01-06 15:07:42 [SEVERE] at fr.neatmonster.nocheatplus.checks.Check.isEnabled(Check.java:178)
2013-01-06 15:07:42 [SEVERE] at fr.neatmonster.nocheatplus.checks.chat.ChatListener.onPlayerLogin(ChatListener.java:216)
2013-01-06 15:07:42 [SEVERE] at sun.reflect.GeneratedMethodAccessor140.invoke(Unknown Source)
2013-01-06 15:07:42 [SEVERE] at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
2013-01-06 15:07:42 [SEVERE] at java.lang.reflect.Method.invoke(Unknown Source)
2013-01-06 15:07:42 [SEVERE] at fr.neatmonster.nocheatplus.event.GenericListener.execute(GenericListener.java:105)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:477)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:462)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.PlayerList.attemptLogin(PlayerList.java:275)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.PendingConnection.d(PendingConnection.java:121)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.PendingConnection.c(PendingConnection.java:45)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.DedicatedServerConnectionThread.a(DedicatedServerConnectionThread.java:44)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.DedicatedServerConnection.b(SourceFile:29)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.MinecraftServer.r(MinecraftServer.java:598)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.DedicatedServer.r(DedicatedServer.java:224)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.MinecraftServer.q(MinecraftServer.java:494)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.MinecraftServer.run(MinecraftServer.java:427)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.ThreadServerApplication.run(SourceFile:849)
2013-01-06 15:07:42 [SEVERE] java.lang.NullPointerException
2013-01-06 15:07:42 [SEVERE] at ru.tehkode.permissions.bukkit.superperms.PermissiblePEX.performCheck(PermissiblePEX.java:134)
2013-01-06 15:07:42 [SEVERE] at ru.tehkode.permissions.bukkit.superperms.PermissiblePEX.checkPermission(PermissiblePEX.java:117)
2013-01-06 15:07:42 [SEVERE] at ru.tehkode.permissions.bukkit.superperms.PermissiblePEX.hasPermission(PermissiblePEX.java:109)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.craftbukkit.v1_4_6.entity.CraftHumanEntity.hasPermission(CraftHumanEntity.java:109)
2013-01-06 15:07:42 [SEVERE] at fr.neatmonster.nocheatplus.checks.Check.isEnabled(Check.java:178)
2013-01-06 15:07:42 [SEVERE] at fr.neatmonster.nocheatplus.checks.chat.ChatListener.onPlayerLogin(ChatListener.java:219)
2013-01-06 15:07:42 [SEVERE] at sun.reflect.GeneratedMethodAccessor140.invoke(Unknown Source)
2013-01-06 15:07:42 [SEVERE] at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
2013-01-06 15:07:42 [SEVERE] at java.lang.reflect.Method.invoke(Unknown Source)
2013-01-06 15:07:42 [SEVERE] at fr.neatmonster.nocheatplus.event.GenericListener.execute(GenericListener.java:105)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:477)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:462)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.PlayerList.attemptLogin(PlayerList.java:275)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.PendingConnection.d(PendingConnection.java:121)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.PendingConnection.c(PendingConnection.java:45)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.DedicatedServerConnectionThread.a(DedicatedServerConnectionThread.java:44)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.DedicatedServerConnection.b(SourceFile:29)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.MinecraftServer.r(MinecraftServer.java:598)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.DedicatedServer.r(DedicatedServer.java:224)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.MinecraftServer.q(MinecraftServer.java:494)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.MinecraftServer.run(MinecraftServer.java:427)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.ThreadServerApplication.run(SourceFile:849)
2013-01-06 15:07:42 [SEVERE] java.lang.NullPointerException
2013-01-06 15:07:42 [SEVERE] at ru.tehkode.permissions.bukkit.superperms.PermissiblePEX.performCheck(PermissiblePEX.java:134)
2013-01-06 15:07:42 [SEVERE] at ru.tehkode.permissions.bukkit.superperms.PermissiblePEX.checkPermission(PermissiblePEX.java:117)
2013-01-06 15:07:42 [SEVERE] at ru.tehkode.permissions.bukkit.superperms.PermissiblePEX.hasPermission(PermissiblePEX.java:109)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.craftbukkit.v1_4_6.entity.CraftHumanEntity.hasPermission(CraftHumanEntity.java:109)
2013-01-06 15:07:42 [SEVERE] at com.earth2me.essentials.perm.SuperpermsHandler.hasPermission(SuperpermsHandler.java:48)
2013-01-06 15:07:42 [SEVERE] at com.earth2me.essentials.perm.PermissionsExHandler.hasPermission(PermissionsExHandler.java:69)
2013-01-06 15:07:42 [SEVERE] at com.earth2me.essentials.perm.PermissionsHandler.hasPermission(PermissionsHandler.java:75)
2013-01-06 15:07:42 [SEVERE] at com.earth2me.essentials.User.isAuthorizedCheck(User.java:87)
2013-01-06 15:07:42 [SEVERE] at com.earth2me.essentials.User.isAuthorized(User.java:69)
2013-01-06 15:07:42 [SEVERE] at com.earth2me.essentials.EssentialsPlayerListener.onPlayerLogin(EssentialsPlayerListener.java:315)
2013-01-06 15:07:42 [SEVERE] at sun.reflect.GeneratedMethodAccessor145.invoke(Unknown Source)
2013-01-06 15:07:42 [SEVERE] at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
2013-01-06 15:07:42 [SEVERE] at java.lang.reflect.Method.invoke(Unknown Source)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:425)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:477)
2013-01-06 15:07:42 [SEVERE] at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:462)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.PlayerList.attemptLogin(PlayerList.java:275)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.PendingConnection.d(PendingConnection.java:121)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.PendingConnection.c(PendingConnection.java:45)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.DedicatedServerConnectionThread.a(DedicatedServerConnectionThread.java:44)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.DedicatedServerConnection.b(SourceFile:29)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.MinecraftServer.r(MinecraftServer.java:598)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.DedicatedServer.r(DedicatedServer.java:224)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.MinecraftServer.q(MinecraftServer.java:494)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.MinecraftServer.run(MinecraftServer.java:427)
2013-01-06 15:07:42 [SEVERE] at net.minecraft.server.v1_4_6.ThreadServerApplication.run(SourceFile:849)

_ForgeUser1622106
- Join Date: 11/14/2008
- Posts: 14
- Member Details
#3719 _ForgeUser1622106

View User Profile

Send Message

Posted Jan 6, 2013
How do i reduce the improbable and when someone is falling fly spam and how do i make all messages message the admin that they are cheating no the player

Rollback Post to Revision RollBack
Forge_User_61842651
- Join Date: 8/29/2011
- Posts: 2,535
- Member Details
#3718 Forge_User_61842651

View User Profile

Send Message

Posted Jan 6, 2013
@Maxetto

The latest versions of NCP disable the managelisteners feature, so you might want to do that too, though it should not be related. What server version / NCP version ?

The stack trace indicates that events still got executed, and it is very unlikely, if not technically impossible that that line freezes without further elements on the stack trace. So i assume there was just an extreme load of something on the server, could be anything.

Any more info about what happened ?

Rollback Post to Revision RollBack
Forge_User_06389788
- Join Date: 4/14/2012
- Posts: 262
- Member Details
#3717 Forge_User_06389788

View User Profile

Send Message

Posted Jan 6, 2013
I got this 5 minutes ago, any info? http://pastebin.com/rgLfJkf0

Rollback Post to Revision RollBack
Forge_User_61842651
- Join Date: 8/29/2011
- Posts: 2,535
- Member Details
#3716 Forge_User_61842651

View User Profile

Send Message

Posted Jan 6, 2013
@Maxetto

Yeah, the server got "randomly" tossed around different nodes, so it was not accessible for some moments.

Rollback Post to Revision RollBack
Forge_User_06389788
- Join Date: 4/14/2012
- Posts: 262
- Member Details
#3715 Forge_User_06389788

View User Profile

Send Message

Posted Jan 6, 2013
I don't know if it can helps but the NoCheatPlus official server got updated to 1.4.6 without update plugins and so it got griefed... (They are griefing also now)

I don't do anytingh, my nick is willTINY, don't ban me!

Thanks

P.S. CraftYourBox panel is offline... :(

EDIT: CraftYourBox solved problems :D

Last edited by Forge_User_06389788: Jan 6, 2013

Rollback Post to Revision RollBack
Forge_User_61842651
- Join Date: 8/29/2011
- Posts: 2,535
- Member Details
#3714 Forge_User_61842651

View User Profile

Send Message

Posted Jan 6, 2013
@Luzitano

Not "all", but a lot.

@MyPictures

I would not go as far as to claim that we block everything that we know of :) - but of course we try to keep most important stuff covered.

"Bypassing" WorldGuard or checks like fastbreak usually only works if a plugin version contains severe bugs or if you use it with a Minecraft version not fully compatible. Of course with software you can't exclude bugs in general, but most methods used for protection can not simply be bypassed from clients (such as block breaking or timing constraints).

@kukelekuuk00

We would appreciate more detailed info in the ticket below, if you can still recall.

@essentialsteam

The problems seem to be with the latest development builds of NoCheatPlus, not the latest download at BukkitDev (just to clarify). Jenkins build 301 should be safe to use.

@andrewkm

Thanks, wait with testing, we just need to gather more information from people who already tested it.

For problems with development builds and "spawn" we would appreciate some more info about used versions of CB and plugins:
http://dev.bukkit.org/server-mods/nocheatplus/tickets/390-dev-build-304-ncp-issues-with-spawn-pos/

We could not reproduce this issue, yet.

Rollback Post to Revision RollBack
_ForgeUser7888617
- Join Date: 11/16/2011
- Posts: 1
- Member Details
#3713 _ForgeUser7888617

View User Profile

Send Message

Posted Jan 6, 2013
I was wondering how to turn down the sensitivity of the antispam because lots of my players are getting kicked because they type to quickly

Rollback Post to Revision RollBack
andrewecc
- Join Date: 5/22/2011
- Posts: 498
- Member Details
#3712 andrewecc

View User Profile

Send Message

Posted Jan 6, 2013
Im swamped with work atm so I cant do much testing for you guys right now - once I clear a few things up perhaps in a day or two I may get some more information possible.

For now basically just confirming 304+ / and Multiverse (Or looks like any spawn system) - gets completely messed up after a while.

Rolled back to 301.

Rollback Post to Revision RollBack
_ForgeUser7442447
- Join Date: 8/25/2011
- Posts: 35
- Member Details
#3711 _ForgeUser7442447

View User Profile

Send Message

Posted Jan 6, 2013
Just a note

I've had about 3 different bug reports saying the latest NCP breaks the EssentialsSpawn system. After the server has been running under normal use and load for a random period of time, the spawn location 'changes'. Seems to be triggered by a player action, because the new spawnpoint is related to a logged in player. The original spawnpoint can be restored by reloading the server, or EssentialsSpawn, but will break again after a period of time.

Rolling back NCP fixes the problem.

KHobbits EssDev

Last edited by _ForgeUser7442447: Jan 6, 2013

Rollback Post to Revision RollBack
MyPicturesCP
- Join Date: 10/30/2011
- Posts: 927
- Member Details
#3710 MyPicturesCP

View User Profile

Send Message

Posted Jan 5, 2013
Server updated to 1.4.6 have fun testing your insane hacks!

@kukelekuuk00

Please make a ticket, I try to reproduce this but I fail :( Need your CB, NC+ and MV version.

Last edited by MyPicturesCP: Jan 5, 2013

Rollback Post to Revision RollBack
_ForgeUser6836689
- Join Date: 5/19/2011
- Posts: 69
- Member Details
#3709 _ForgeUser6836689

View User Profile

Send Message

Posted Jan 5, 2013
Using 304 - NCP is messing up all our spawns on the server! Were setting our spawn with /mv set spawn (multiverse) ... and users use /mvspawn to spawn... they constantly bounce around that area spawning in different place :(

Rollback Post to Revision RollBack
MyPicturesCP
- Join Date: 10/30/2011
- Posts: 927
- Member Details
#3708 MyPicturesCP

View User Profile

Send Message

Posted Jan 5, 2013
@Luzitano

First : Its impossible to "bypass" all checks that NC+ currently has included. Be sure you use the latest version and you should be good to go.

However most bypasses that I and @asofold found where simple adaptations to NC+, means that the hackers simple stay under the restrictions that NC+ makes. So for example: Some hackers claimed to have a bypassed nuker for NC+, after taking a look at it (asofold and I) we just saw a adapted auto miner bot that was made to follow all restrictions that NC+ currently has. NC+ is meant to block cheats not bots ;P

Based on what the checks do its impossible to bypass most of them. For example: checks such as WrongBlock, NoFall or FastBreak should be impossible to bypass without NC+ noticing and blocking it. Some other like Fight_Criticals might get confused if the hackers find a new way of tricking it somehow (with a new Minecraft flaw?). However if you find something feel free to report us whenever you want, almost always we can do something against it. However its possible that Minecraft could have some "hardcoded" bugs which aren't possible to fix over a bukkit plugin such as NC+ (never found one yet that we couldn't fix with NC+ ;P).

I don't want to hide such details from you and fake you in wrong safety with NC+. We simple cant know everything that could be possible in Minecraft so NC+ cant be 100% secure because of this. If the hackers find a new hack then its our turn to make a new fix against this hack (mouse and mice game...).

Other then that I rate this guy as a "script kiddie". I would totally ban him with this reason: "Bypass this ban now!"

A hacker will never tell you that he uses a hacked client or anything like that, he/she will just join your server and try to find exploits to abuse.

Top Tips: - Keep your plugins up to date - Keep your Craftbukkit up to date - Never install plugins from untrusted sources (mediafire, dropbox, ....) only install them from dev.bukkit - Only promote staff that you trust and be sure they always have the right permissions - Be sure that you have no security holes in your permissions

Other: - Protection plugins such as WorldGuard cant be bypassed because they are fully server sided - Vanished players are server sided so its impossible for the hacker to make them visible again (VanishAPI)

Rollback Post to Revision RollBack
_ForgeUser878783
- Join Date: 6/19/2008
- Posts: 263
- Member Details
#3707 _ForgeUser878783

View User Profile

Send Message

Posted Jan 5, 2013
asofold this anticheat can prevent all of the Bypass? There is a guy on my server that say he will bypass all my server ptotections with an hacked client .. just to be sure :x

Rollback Post to Revision RollBack
Forge_User_61842651
- Join Date: 8/29/2011
- Posts: 2,535
- Member Details
#3706 Forge_User_61842651

View User Profile

Send Message

Posted Jan 5, 2013
@xron89

I would say it rather would be "speed: active: true interval: 45 actions: cancel vl>150 log:bpspeed:3:5:if cancel vl>1000 log:bpspeed:3:5:cif cancel cmd:tempban" for that case, because vl>1000 already has an entry with log and cancel.

There is no global entries, all violation levels represent individual aspects like distance or "times" or milliseconds and can't be compared easily for different checks. Some day we might attempt to provide a simplification (optional) with a 1..10 scale or similar, but having many parameters configurable also means that servers with a different configuration might reach different violation levels for certain checks, some checks are also influenced by lag, some are more likely to create false positives than others...

Rollback Post to Revision RollBack
To post a comment, please login or register a new account.

Project ID

38212
Created

Apr 2, 2012
Last Released File

Jan 11, 2018
Total Downloads

1,897,258
License

GNU General Public License ver...

Bukkit

NoCheatPlus

Bukkit Plugins

NoCheatPlus

Table of Contents

Introduction

Recommended

ProtocolLib

CompatNoCheatPlus (cncp)

Orebfuscator

Downloads and History of Changes

Support

Documentation Resources

Contact us

Comments

About This Project

Categories

Members

Recent Files

Bukkit