What I'm looking for is a plugin that logs players' block break events over the course of a few days or weeks, and then periodically calculates the P-values for players' ratios of precious ores to "common" blocks, and notifies admins if anything is out of the ordinary. (So having taken a statistics course would probably help, but if you have no experience with statistics, look at this wikipedia article and you should get a better idea of what I'm proposing.) I realize there are at least a few plugins that (try to) prevent XRay hacks, but they are either very CPU intensive, too hard to distinguish from normal mining, or they don't cover the entire gamut of XRay hacks. The plugin should: Log or tally all block break events for each user. (Optionally add a permission node for users who shouldn't be logged, and a config for blocks that shouldn't be logged.) Possibly tap into a BigBrother database (ick) if the server is utilizing that plugin, to prevent double-logging, since it already logs virtually everything, unless specifically configured not to. Periodically calculate P-values for each user's block break ratios (at a configurable interval) to compare them to the average distribution of players on the server. The obvious ratio to check would be diamond to stone, but it should check other ratios as well. Experimentation may be necessary to determine which ratios work best (but hey, we have a whole community here). If the tally hasn't changed since the last p-value calculation, it shouldn't recalculate. This ought to save a few CPU cycles. Notify Moderators (identified by a second permission node) when someone's P-value is unusual, and provide an explanation as to what that P-value means. Be specific. (e.g. "There is a 97% chance that [playername] is using XRay hacks to mine diamond.") Save the message. Keep all saved messages in a list until dismissed by an admin (with a third permission node). Notify all moderators & admins of undismissed messages upon login. Require a certain (configurable) minimum number of block break events before a user's P-value will be reported, to help prevent sampling error. Optionally, allow the plugin to take automatic action under configurable circumstances (such as banning the user, or sending the user a message, clearing their inventory, etc.). Remember, the user may not be online when the p-value is calculated. Since the goal of this is to be passive (i.e. not a CPU hog) efficient use of server resources is a must. I have lots of ideas about where this plugin could go. Anyone interested?
Interesting. I'd also like to see something like this. Another way is to log how many ores the person collects in X time. If they're collecting ores too fast, it logs it and notifies the admins. A temp solution is to get worldguard, and in the blacklist put an option for ironore,diamondore,etc and log whenever someone breaks it (probably ignore admins).
Hmm... I like the idea of using statistical analysis though. It's just one more thing you can throw in their face if they decide to dispute. (Especially where people can go to a 3rd party for disputes if you use mcbans) Simply mining diamond isn't cheating, and diamond is often generated in veins, so collecting a bunch of diamond at once is expected to some extent. It's when they mine a bunch of diamond on monday at 1:00, a bunch of diamond on monday at 1:30, a bunch more diamond on tuesday... so on. If you're simply notifying someone when diamond is mined, it can be hard to know if it's legitimate, especially on a large server where you might not remember everyone's user name, or there may be different moderators on at different times. EDIT: Anyone who has a pretty basic understanding of statistics know a P-Test is a good way to quickly identify an outlier in a distribution. It's essentially determining whether a value is outside of the error bars for a given distribution.
What I mean is, if you're mining ores too fast. If someone collects 10 diamonds in 3 minutes they probably found a good vein or 2. However, 20 diamonds in 3 minutes means they're probably hacking. I do like your idea better though.
That would be a pretty simple check, and would probably be right the vast majority of the time. But something in me really likes bell curves and p values. I like being absolutely sure I'm banning the right guy.
I just use my own ore-finding client and ban people for going straight where my client says the ores are. The best way to catch a cheater is to be one after all. But true, having evidence like that can easily prove anyone ban-worthy.
Seeing other requests for plug-ins related to x-ray users, I think this would be great for people. I hope someone picks this up.
