CubeCraft needs a better anti-cheat system. I personally believe there must be an in-game reporting system for a good anti-cheat system. I have outlined one possible such system below.
Please read the entire post before replying.
This anti-cheat system requires /report and /vote kick to fully function. However, I have made many suggestions in terms of how to prevent abuse of these commands. Some of these mechanisms listed below would only kick into action if a play has been /reported within the last 24 hours. These may not necessarily permanently ban them, but would either prevent them from hacking or temp-ban / kick them as a less severe alternative. If a player is reported, they will receive no notification.
The system must also detect possibly hacks a minimum of 3 times over a period of 1 minute before actually kicking. The exception to that is fly hacks and other hacks preventable in-game without kicking. However, there should be a notification asking the player in the chat if they are hacking after each detection, as opposed to the no-notifcation when another player reports.
This list is dedicated to 1.9+, but with effort can be adapted to 1.8:
Teaming:
If two people are exclusively hitting other people while being on different teams, you should give other people the option to /vote to simply kick them if they are cross teaming. The /vote kick option does not come up if the server does not detect anomalies, nor is there a notification in chat when the server does detect anomalies. The voting players must realise it for themselves, otherwise the option may be abused. It is up to the server owner what ratio of votes will result in a kick.This method may be bypassed by occasionally hitting your teammate. Therefore, check what item is used to hit and determine if it is viable as a weapon in that situation.
This method may be bypassed by occasionally hitting your teammate. Therefore, check what item is used to hit and determine if it is viable as a weapon in that situation.
An alternative to kicking is to slowly damage both players until they move a reasonable distance away, so that they have a chance to stop teaming without instant betrayal.
Sky-basing (in games such as skywars):
If a player builds up very high without building semi-continuously in another direction (building continuously in another direction means skybridging, a common method used to get into certain bases), they are likely skybasing. /vote to kick works similarly in this situation as in teaming. If the skybaser builds in a certain direction to fool the anti-cheat, he makes himself greatly susceptible to ranged attacks anyways, so it defeats the purpose of skybasing.
Team griefing, killing, or hacking in team based games:
Teams should always have a method of /vote kick to prevent players from griefing or team killing. However, if a member of a team is consistently causing the death of other teammates, they should be instantly kicked by the server.
Team kicking must also include a reason. If at least 50 percent of a team (excluding the target player) votes to kick another player for hacking, the other player is kicked if there is any detected possibility of the player hacking. Kicking for other reasons, e.g. chat spamming or swearing, should require a greater majority.
Abuse of /report or /vote kick:
There is no avoiding players abusing the commands of /report or /vote kick. The best ways to minimize the effects of such abuse of the commands is the following 3 steps: high levels of verification, no permanent or long-term ban for in-game reporting without irrefutable evidence, and limiting the number of reports a player can send per game and per hour.
The first 2 have already been explained earlier, but the limiting factors need special attention. Each player will have two spam-counters, which count their number of possible spam reports in the last hour and in the current game. In each game, if multiple people report the same person, then the spam counter will not count each of these reports as possible spams. The reports, however, must not come from people frequently playing together, as they could be conspirators. A similar system could be applied to /vote kick.
A possible addition is if multiple people report a person / the server detects that it is a valid report, the person will be able to report more frequently in the future.
An alternative is a cool-down on in game reports. The minimum time between reports must be set to at least 5 minutes or more. If a person is detected to be spamming reports, the minimum time between reports for them will be increased for a few days.
Original source of this post is my own post on my blog. I do not believe it is a perfect system, and it is just a suggestion, and would require some improvements.
Please read the entire post before replying.
This anti-cheat system requires /report and /vote kick to fully function. However, I have made many suggestions in terms of how to prevent abuse of these commands. Some of these mechanisms listed below would only kick into action if a play has been /reported within the last 24 hours. These may not necessarily permanently ban them, but would either prevent them from hacking or temp-ban / kick them as a less severe alternative. If a player is reported, they will receive no notification.
The system must also detect possibly hacks a minimum of 3 times over a period of 1 minute before actually kicking. The exception to that is fly hacks and other hacks preventable in-game without kicking. However, there should be a notification asking the player in the chat if they are hacking after each detection, as opposed to the no-notifcation when another player reports.
This list is dedicated to 1.9+, but with effort can be adapted to 1.8:
- Flight, speed, and similar movement hacks:
Detect by irregular and impossible movement without blocks underneath, as well as movement faster than normal without being knocked by hits. A lot of other systems have an effective system to simply lag them back if they try it, and it does not affect players who are not cheating. Check for elytra beforehand.
Some hacks bypass this by taking damage, mostly self-inflicted fall damage to get them to move faster than normal and fool the server into thinking he was knocked a very far distance by the damage. You must check for the source of the damage, and calculate server-side where he should have gone as opposed to where his client reported the hacker to be.
- Regular kill-aura:
This is easy to detect. If someone is suspected of using kill-aura (received /report within past 24 hours), place an invisible NPC with the entity ID of normal players above and behind them specifically targeting their client (other people are not affected, as the server only sends info packets about this NPC to the suspected hacker). - Trigger-bot:
Check for extremely consistent hit speed, hits every time that the person directly faces another player (settings could possibly be changed so that the player only hits when the weapon is charged for a certain amount of time, in that case, check for constant charge strength). As this is complicated and may lag the server, the detection mechanism should only be activated on players who have received a /report within the past 24 hours.
- Criticals:
Check for irregular vertical movements (e.g., teleporting a tiny distance upward and then falling down for the critical hit) while player delivers a hit, or conflicting packets with regards to whether or not the player has jumped when hitting. - Anti-knockback:
Check for player movement changes when hit. If the player continues to travel in a straight line after receiving a hit, and has no blocks near him to restrict his movements, he is using anti-knockback. - Auto-armor:
Check for armour equipment while opening chests or in villager trading interface, or if the player equips a piece of armor not in their hot-bar while voluntarily moving (as in moving with their controls). This second method of detection also coincides with the hack inventory-walk, where WASD and other movement keys are usable while a player is in their inventory menu.
- Dolphin, Jesus and similar hacks:
Similar to flight, but check if the player is in a boat and check the contact with water as well as depth strider enchantments. Tell-tale signs are irregular movements and constant y-axis position while not in contact with a solid block. - Spider:
Watch for upward movement with constant speed while not in contact with a ladder, vines, or having a levitation status effect. - Step:
Watch for on-contact teleporting when the player comes near a block with air above. Beware of conflictions with /tp.
- No-slowdown:
Do not just check speed during the use of an item, as speed status effects or other factors such as ice and in game mechanics may have caused a faster speed while using the item. Instead, check for no speed change when player uses an item (blocking with a shield, charging up a bow, eating food, having slowness effect, in water (water is completely ignored in term of movements), soulsand, cobwebs, etc.).
- Sneak:
Basically perpetual sneaking (does not show name tag), while moving at a normal speed. Falls under speed hack detection methods, so not very effective. There is a variant that only prevents players from falling down blocks, and does not hide their name tag. For this check for abnormal speed while at the absolute edge of a block (abnormal as in, if a player is hitting the edge of a block at an angle, he will be going at a speed that is possibly faster than normal sneaking, yet slower than springing, but not falling off the block)
- Blink:
This hack makes the server believe that a player has extreme lag. The player, once he turns it on, freezes server side, while he is moving normally on client side. The server thinks the player is lagging and not able to send information at the time. When the player turns the hack off, the player's entire movement history since turning on blink is sent to the server, and other players will see that he is teleported to the location he travelled to.
This hack is very hard to prevent, and the only 2 ways to do it will make the game even less playable fo players who actually suffer extreme lag. One is to not allow player to move while lagging, as in when there is no info sent by a player about his movements for more than 10 game ticks, he is assumed to be not moving, regardless of what info he sends to the server after the lag subsides. The other is to set the lag-time out timer to a very short time, best around 5 seconds. If a player does use blink, he has to turn it off within 5 seconds or he will be disconnected from the server.
- Phase:
Walking through transparent blocks by teleporting to a location underneath where the player wants to go, and nocheat+ will think that he is trying to teleport into the ground and teleport the hacker back up the other side. Detectable through faster than normal movements. Watch out for non-cheaters using ender pearl glitching, as it is a legitimate method to get through certain blocks.
- Fast-ladder:
Going up or down ladders at a very fast speed. Detectable by faster than normal movement speed vertically while in contact with ladders. - Visual hacks:
Some of them make the player appear to turn their head in a certain direction while they are actually looking in another direction. Currently hard to detect, watch for conflicting packets about the direction that the player is facing and the direction the player is hitting.
This hack may seem harmless, but it is helpful sometimes by giving the hacker's opponents false information about what they are able to see. /report for this would not be wise, however, as certain skins may be mistaken for this hack.
Teaming:
If two people are exclusively hitting other people while being on different teams, you should give other people the option to /vote to simply kick them if they are cross teaming. The /vote kick option does not come up if the server does not detect anomalies, nor is there a notification in chat when the server does detect anomalies. The voting players must realise it for themselves, otherwise the option may be abused. It is up to the server owner what ratio of votes will result in a kick.This method may be bypassed by occasionally hitting your teammate. Therefore, check what item is used to hit and determine if it is viable as a weapon in that situation.
This method may be bypassed by occasionally hitting your teammate. Therefore, check what item is used to hit and determine if it is viable as a weapon in that situation.
An alternative to kicking is to slowly damage both players until they move a reasonable distance away, so that they have a chance to stop teaming without instant betrayal.
Sky-basing (in games such as skywars):
If a player builds up very high without building semi-continuously in another direction (building continuously in another direction means skybridging, a common method used to get into certain bases), they are likely skybasing. /vote to kick works similarly in this situation as in teaming. If the skybaser builds in a certain direction to fool the anti-cheat, he makes himself greatly susceptible to ranged attacks anyways, so it defeats the purpose of skybasing.
Team griefing, killing, or hacking in team based games:
Teams should always have a method of /vote kick to prevent players from griefing or team killing. However, if a member of a team is consistently causing the death of other teammates, they should be instantly kicked by the server.
Team kicking must also include a reason. If at least 50 percent of a team (excluding the target player) votes to kick another player for hacking, the other player is kicked if there is any detected possibility of the player hacking. Kicking for other reasons, e.g. chat spamming or swearing, should require a greater majority.
Abuse of /report or /vote kick:
There is no avoiding players abusing the commands of /report or /vote kick. The best ways to minimize the effects of such abuse of the commands is the following 3 steps: high levels of verification, no permanent or long-term ban for in-game reporting without irrefutable evidence, and limiting the number of reports a player can send per game and per hour.
The first 2 have already been explained earlier, but the limiting factors need special attention. Each player will have two spam-counters, which count their number of possible spam reports in the last hour and in the current game. In each game, if multiple people report the same person, then the spam counter will not count each of these reports as possible spams. The reports, however, must not come from people frequently playing together, as they could be conspirators. A similar system could be applied to /vote kick.
A possible addition is if multiple people report a person / the server detects that it is a valid report, the person will be able to report more frequently in the future.
An alternative is a cool-down on in game reports. The minimum time between reports must be set to at least 5 minutes or more. If a person is detected to be spamming reports, the minimum time between reports for them will be increased for a few days.
Original source of this post is my own post on my blog. I do not believe it is a perfect system, and it is just a suggestion, and would require some improvements.
Last edited: