NoCheatPlus
Detect and fight the exploitation of various flaws/bugs in Minecraft!
Introduction
NoCheatPlus attempts to prevent cheat clients from exploiting weaknesses of Minecraft or its protocol, making your server more safe. Checks cover a wide range of issues including flying and speeding, fighting hacks, fast block breaking and nukers, inventory hacks, chat spam and other types of malicious behaviour. For a more complete list have a look at the Features Page.
NoCheatPlus puts emphasis on configurability and allows you to customize actions that are carried out when a player fails a check (e.g. silent cancelling, executing commands, just logging). Bypass permissions allow to control what check to apply for which players, all checks can be deactivated in the configuration, also having the option for world-specific configuration files. Many checks allow more detailed configuration to adjust sensitivity.
Certainly NoCheatPlus is not a magical bullet, it uses a lot of heuristics and even guessing, so you will encounter false positives here and there and also not catch every single violation. Example video of how NoCheatPlus blocks cheats (outdated plugin version).
NoCheatPlus was introduced by NeatMonster, building on the code base of NoCheat by Evenprime.
Recommended
The following plugins might be useful to have a look at.
ProtocolLib
Allows NoCheatPlus to activate packet-level checks, covering a range of exploits that can't be monitored using ordinary means. Since roughly Minecraft 1.7.10, the fight.speed check can't work as expected anymore, due to changes in CraftBukkit. With ProtocolLib this can be repaired.
CompatNoCheatPlus (cncp)
Make plugins like mcMMO or MachinaCraft more compatbile with NoCheatPlus. Not all existing plugins are covered (yet), but you can leave a note or create an issue/ticket request for cncp. Phasing out: Citizens 2 should work with NCP out of the box, MagicSpells are working on compatibility too - rest will be integrated into NCP.
Orebfuscator
Orebfuscator fights all sorts of X-ray-hacks by altering the map information that is sent to the players, such that they have to mine blocks to actually reveal what is behind. Virtually a "must have". (Latest versions of Spigot contain features of Orebfuscator.)
Downloads and History of Changes
- Download officially approved versions on the Files page at BukkitDev.
- Development builds have been moved over to the Jenkins at md-5.net.
- Do not download from any other source, do not use jars other people send you.
- Change lists: Wiki (digest) | Jenkins (by build number) | GitHub (all commits).
- Source code
Plugin statistics are no longer reported to mcstats.org.
Support
Documentation Resources
- Consider first: Frequently asked Questions and Known Issues.
- Wiki (Configuration, Permissions, Commands)
- Developers might have a look at the page describing the API of NoCheatPlus.
Contact us
- Quick questions can be asked on this page,
or on IRC (Server: irc.spi.gt | Default-Port: 6667 | SSL-Port: 6697 | Channel: #nocheat | Web client: WebIRC) - For real issues or feature requests please create a new issue/ticket or add to an existing issue/ticket.
- To send information that is not to be seen by all, you can also reach us by PM to @asofold and @MyPictures. @IceAP (IRC: ICE) will also help or redirect the conversation. Please do not contact the user 'NoCheatPlus', it is for administrative purposes only and will likely not be answered in time. Keep to BukkitDev and GitHub for support, do not trust users on other forums or websites, also not if their nick names are the same as NCP staff on BukkitDev.
Please always state the output of the "ncp version" command to let us know versions in use (users of cncp also the "cncp" command).
Comments
-
_ForgeUser9668734 Owner
-
_ForgeUser15078623 Ticket Manager
-
_ForgeUser16101223 Contributor
-
_ForgeUser7091862 Former Author
-
_ForgeUser7459264 Former Author
-
Forge_User_61842651 Author
-
MyPicturesCP Artist
-
View User Profile
-
Send Message
Posted Jul 5, 2015@asofold Yup, absolutely all teleports are initiated using Commandblocks. Concerning the z +3.85 teleport, there are multiple Commandblocks doing it at the same time, so potentially upto two of them could affect the player within the same server tick. Each one contains: /tp @a[r=2,ry=-90,rym=90,m=0] tilde0 tilde0 tilde3.85
But the issue is the same for situations where only a single Commandblock-TP would hit a player.
Edit: Damn, the tilde sign isn't being rendered here. I just replaced them.
-
View User Profile
-
Send Message
Posted Jul 4, 2015@asofold
Well thought out answer – makes sense. It's just a shame, I've always thought, that security was such an afterthought with Minecraft. It's the Windows of games, think about it...
-
View User Profile
-
Send Message
Posted Jul 4, 2015@ceagle2
It clearly looks like the server is firing the event and updating the PlayerConection to the relative amount of the position change and fires the teleport event with that as the target location as well, while the player itself is reset to the correctly calculated position.
Should be worth a ticket with spigot. I'll ask on spigot-dev IRC later.
Edit:
Was it command blocks for the relative teleport?
-
View User Profile
-
Send Message
Posted Jul 4, 2015@asofold
Building the latest Spigot version every 2-4 days - the debug log has been created with the latest one running, according to /bukkit:ver. (git-Spigot-f928e7a-e91aed8)
-
View User Profile
-
Send Message
Posted Jul 4, 2015@ceagle2
Wonderful - allviolations + trace really shows the details in this case :) .
This (almost - because there could be other plugins interfering) certainly is a server side bug. It seems the server is setting the "last location" of the player to the relative amount of the teleport and is also passing that to the teleport event, resulting in "from" in the moving event showing the 0,0, 3.85 as well as the teleport event just before showing that coordinates. The server side must pass the correctly calculated coordinates there.
Are you running the latest Spigot version available?
-
View User Profile
-
Send Message
Posted Jul 4, 2015@asofold http://ccraft.de/15-07-04-5.tgz It contains mostly Non-Violations, and there are a few SurvivalFly Violations with about 150k upon relativ teleports like "/tp 0 0 3.85" - since teleported players seem to teleport to about 0/0/0 for a brief moment, there may be something that ignores the relative nature of the teleports. Don't know if NCP is the cause for those 0/0 teleports, but it even happens with NCP as the only plugin. Might still be something CB- or Spigot-related though.
-
View User Profile
-
Send Message
Posted Jul 4, 2015@chrishillz
We are constantly "scanning", so scanning back or forth won't change the fact that all packets are scanned. In fact lag doesn't necessarily affect the survivalfly check (until the point when the morepackets check kicks in when it gets too extreme), the real problem is latency. With latency players just receive teleport events "much" later than they happen on server side, but the player is still moving and is sending their moves, even when a teleport has already happened on server side. Now the "move" the player sends only consists of the new location for the player and the server can not distinguish if it is a move from before one of the latest teleports or after such, so as a result we receive moving events with too big distances. This is a flaw in the Minecraft protocol, despite not being entirely simple to tackle, they would have introduce some kind of "context" for moving, changing with teleports and telling the client that the context changed (to 1234), thus the server can ignore moves sent for an outdated context. Given that the client only sends the target coordinate, we are not able to distinguish if the client "intended" to move from a former teleport start point or not, on server side it just looks like "they try to go THERE". The Bukkit API provides a moving event with start and end point, but the start point is just implicitly maintained on server side and rather equals the last teleport end point or the last valid move end point. Not much we can do, even crude heuristics like "silently cancel too big moves near an outdated teleport start point" won't help much, because the players might just be sprinting straight, such that they won't be "near" anymore within a split second.
@KevinEssence
What server version are you using? Currently build 826 is the latest thing for 1.8.x - we do have issues there, but i will try to kill off most survivalfly related stuff at least workaround-based this weekend.
@ceagle2
The documentation is still missing :) - it's been an in-memory TODO entry, guess i forgot. The cbdedicated flag controls if NCP is using the obc/nms server implementation access for testing things like block shapes and attributes. The dedicated modules are usually the fastest - the only reason to disable them would be for testing, in case of compatibility issues with incompatible nms/obc access provided by another server mod, or in case you want to use cbreflect all the time to support the development. Now cbreflect is a new compatibility module for accessing the attributes and block shapes for obc/nms, only using reflection, potentially being able to run on at least minor future updates of Spigot/CraftBukkit. It uses some consistency checking to ensure it's not using the wrong methods, and if it can't find/access something it'll either not be enable at all, or it'll fall back to the Bukkit-API-only version of the functionality. So cbreflect is meant to give us a little more future compatibility, also potentially replacing (currently) up to 20 other dedicated compatibility modules.
The command is "ncp debug player PLAYER_NAME" so maybe you left out the player part once? The output will be written to the current log file. Using a folder for log files allows you to use "ncp reload" for both ending all current temporary debugging as well as switching to a new log file, to keep things separated.
@MCTylerPVP
I absolutely agree that NCP should prevent that from the start, can you give more details? Have you ensured you were not having OP nor bypass permissions? A simple way to check is to spam in chat (if enabled) and get warned or kicked once. have you been in creative mode?
We should actually add a command to test all the bypasses for checks for a player.
-
View User Profile
-
Send Message
Posted Jul 3, 2015I just installed the New Jam Client and gave myself stacks and stacks of arrows and shot them all at once and NoCheat didn't make a peep. I know you will say I don't have it configured properly or whatever but this is just unacceptable. Activity like this needs to be a default setting if you are going to sell me on this plugin.
-
View User Profile
-
Send Message
Posted Jul 3, 2015@asofold I did everything you asked - dev build 826 and all the config changes - but /ncp debug <player> doesn't seem to do anything, as far as I can tell. Even though I do have full permissions, NCP responds as if I entered a non-existing command and just gives me the Administrative commands overview, which doesn't contain /ncp debug anywhere. And /ncp reload or not, there's nothing additional to be found in the log. Or do I need NCPTools additionally? Here's the changed NCP config just to make sure: http://ccraft.de/ncpcfg.yml
By the way: is there some info to be found on the new config settings compatibility.server.cbdedicated and compatibility.server.cbreflect? Nothing in the Wiki yet. Just curious. :-)
-
View User Profile
-
Send Message
Posted Jul 2, 2015@asofold Sorry for my late response - didn't notice it earlier. But I just did as you asked, and your short explanation was perfectly fine and understandable. I'll get back to you when I got some useful data this way.
@KevinEssence If it happens to everyone all the time, then the server TPS might be rather low constantly. In this case, a lot of checks probably trigger. So set violations to be displayed ingame and logged, and find out which violations those guys keep triggering. You might have to finetune most of them to increase certain boundaries step by step. (I'm even finetuning it individually for 3 different servers on the same Bungee network - and in my opinion, finetuning is a must, depending on which NCP restrictions are really necessary to which extent for each type of gameplay.)
-
View User Profile
-
Send Message
Posted Jul 2, 2015Trying to figure out the option on my config to disable the rubber banding from ncp from my previous comment, any ideas or suggestions would be great as we are dying to solve it.
-
View User Profile
-
Send Message
Posted Jul 2, 2015Hi, first of all, thank you for this excellent plugin :) I used NCP for a long time and I am very satisfied. I would like to know which version/build of NCP is the most suitable for a server under Spigot 1.8? (CraftBukkit version git-Spigot-d0d1d87-15e81cf (MC: 1.8) (Implementing API version 1.8-R0.1-SNAPSHOT) )
-
View User Profile
-
Send Message
Posted Jul 1, 2015I updated to latest beta and this rubber-banding is happening on majority of servers: https://www.youtube.com/watch?v=PxuvCw4IVto
-
View User Profile
-
Send Message
Posted Jul 1, 2015@asofold
Very good points, it would be nice if it were possible to check already received packets sent 30 seconds ago and scan those as well, since lag would not need to be taken into account. There'd have to be a cache of recently received packers or something.
-
View User Profile
-
Send Message
Posted Jul 1, 2015@chrishillz
Survivalfly can create higher false positives. We kick to prevent extreme abuse killing the server, but banning seems to be dangerous, because the violation level can also become high with being stuck in a strange shape/wall thing, pistons traps, but also rarely simply with teleporting and latency, because the player keeps sending "hey i am now 6 blocks below", because the player has not received the teleport event yet but keeps moving, while the teleport has already happened on server side, e.g. with a lift.
To distinguish such cases with just a one-dimensional violation level probably isn't possible.
-
View User Profile
-
Send Message
Posted Jun 30, 2015@asofold
It seems like many people are getting below 60fps with connections under 5mbps, so this is creating a lot of false positives. I even had one person get about 1,000 survivalfly for lagging but that is extremely rare. I'm surprised that it can't check for lag in some way.
-
View User Profile
-
Send Message
Posted Jun 30, 2015@chrishillz
We don't recommend to ban in general, because there can be false positives (...).
Since NCP does not (yet :p) support meta check definitions, like reaching levels for several checks, it's hard to find many useful and reliable criteria. We will try to improve flying checks etc. but there are too many oddities with moving, so it's probably not going to work to ban only on base of a one-dimensional violation level. On the other hand the extreme levels usually don't get reached by false positives, yet again the smarter cheat clients adapt such that they produce minimal or even no violations at all.
Concerning seldomly triggering checks, there may be very good candidates for banning, e.g. for flying with bedleave. But those aren't really used by any up to date clients, so it's just not really useful. Currently it's a matter of experience and observing, but maybe my knowledge is outdated, because i just don't try to find useful ban settings myself - probably others can comment on their config for banning?
-
View User Profile
-
Send Message
Posted Jun 29, 2015What would you recommend for allowing this plugin to automatically ban players with "without reasonable doubt" they are hacking in any way detected? I am unsure of which checks have false positives, so I'm not sure how strict they should set to. This is especially common among checks that almost never get triggered. So, given that they are not tripped often (if ever!), it is safe to make them ban a player if triggered?
-
View User Profile
-
Send Message
Posted Jun 25, 2015@MyPictures
I created a ticket :) Btw, what do you mean by "what effect is that and at which level has it been applied"? My NCP config is the same default config that generates when you first install the plugin, as I didn't touch it because I had no idea what to do in order to fix this :P
-
View User Profile
-
Send Message
Posted Jun 25, 2015@zaino60
I recommend to open up a ticket for larger problems. I can already see that he has some kind of effect on him, what effect is that and at which level has it been applied?