Annoying multi-account chat spam

Good evening all,

Well I hate to even spend one ounce of energy validating the retarded nature of hackers, but sadly I must... I recently began getting a server chat spammer that has a unique ability of logging out as one IP and account name and in as a completely different IP and username in between each message he sends to the server... IP ban and any other form of ban I have atm seems incapible of stopping his stupidity because the 2 unique identifiers that I'm aware of (IP and name) are changing each time the offense occurs.

Here is an example of my console atm:

As you can see if you read between all of the BS from connecting and disconnecting each message is sent by a different account:

All of which have a unique IP... Has anyone experienced this, and more importantly found a resolution to it? When I get out of work I will be calling my ISP to track down this problematic ISP routing station and simply have it blacklisted from my server to take a sledgehammer to my ant problem... but I can't think of anything else at the moment...

Any suggestions? Thank you in advance for helping me stop this moronic behavior...

 

Had it happen a week or so back. We didn't have a "solution" as much as we had two staff on at the time who banned them faster than they could log in.

 

Try my plugin called NoChatSigns and block the chat at the spawn. This will work if Minecraft Pwn4g3 is doing this spamming for example. http://dev.bukkit.org/server-mods/nochatsigns/

 

Yea, I'm fairly sure it is that program (it's an application, not a plug-in).



Banning them faster than they log in simply doesn't work for many reasons... One because he logs in with about 50 accounts at once at all times, and two the IP changes each time, so he will just keep coming back with new IP's and I'll block a bunch of IP's for no reason.

Also, thank you for the feedback notrodash, but your solution is more of a "bandage" than fix. My spawn location is a very heavily populated area where trade occurs, I wouldn't be interested in squealing everyone in that location.

I can simply deny the ability to talk until someone grants you talking privileges for the first time on the server, but I would rather find an existing plug-in to fix this issue as I have a deeply heart felt dislike for making anti-cheat plugins... Wasting time and energy on fixing other peoples stupidity is enraging to me...

 

You could try this plugin out: http://forums.bukkit.org/threads/ad...-many-kinds-of-spam-attacks-1-2-4-r0-1.66828/
It prevents players from chatting until they move once after logging in.

 

Thank you for the suggestion tog, I will look into it.

Does anyone know of any decent port monitoring software?

Okay, I am a bit confused by this... I believe this to be one person, but every single one of his connections are all coming from different IP's and remote host, yet the connections are coming dozens at a time... Even if I close all processes off all connections and terminate all port connections they fill back up within a second...

So I can't get a stable IP (they all point to different states) and I can't find the hostname or ISP to report the abuse... Any other ideas, this is beginning to annoy me...

Raw port monitoring data:

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

They are probably using bouncers or such I guess. But it might be Tor exist nodes aswell, as Tor changes your exit node after every connection thingy....

 

If they are using custom applications it is highly unlikley that they would be made to be able to handle logging in when they join the server. You could get a login plugin

 

Yea the server i used to hang around on (*ElderCrest*) would get attacked by a chat spammer at least 3-5 times a day. The only way to stop them was to ip-ban all the names that was spamming.

 

Does anyone know of a way to limit the amount of logins per second/per minute and if that amount is exceeded kick everyone who had logged in during that, attack as it would be easiest to classify this under. And then log those users and IP's to a file for further verification.

 

I've had this happen on my server a number of times. We ended up talking to the person behind the attacks and got him to stop. I was in the process of planning a plugin to stop more than ten people logging in per five seconds, at which point would stop players from entering the server, such as a Lockdown, and progressing to banning all IPs requesting access until the attack stopped and player joining and leaving levelled out. I never actually got around to it though, as we did quell the attack, but I can suggest placing a WorldGuard region around the spawn point which disables commands, at least that would stop command usage putting stress on your server, however, the program does allow for chat usage as well. If anyone really needs the plugin, I can attempt to write it once I finish my current project.

 

You could try a plugin like AntiBot, too.

 

NoCheatPlus fixes this with a timeout! dev.bukkit.org/server-mods/nocheatplus/

 

Whitelisting for some time during the attack helps. I usually do that when im online and it's doing it.

Also, nocheat haves a built-in spam filter that if multiple accounts spam the same thing, it gets blocked

 

Does it log a;
IP
Username
Timestamp
ISP
time between each ban/kick

But for admins running a server running of 40-50+ people going through all of that server log is a pain. If you could create your own log file that would ease the burden of those admins greatly.

Thank you for using the idea

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

You should add a permission node that let's player bypass the check.

This way for the server who have guest group can only focus on that group.

Meaning they can give the bypass node to regular members and set tolerance really low. So when spammers come in they will be banned quicker.

In my experience spammers are 99.9999% of the time are in the "default" permission group ha.

I don't even use your plugin

I've been using NoCheat to kick spammers, just thought it might be a good idea that other's might appreciate.

Although I do like that you have a separate log for the players that it bans, so I might just have to try it out myself. We have a banned player that has been coming and attacking us once a week for a while now, ha.

Also, to add to the thread in general, when being spammed, just whitelist the server for half hour or so. The spammers will give up logging in and move on.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

Just out of curiosity--don't these people run out of accounts? Are they all stolen, or did they pay thousands of dollars for the accounts? Is there any way to get the accounts disabled by Majong? There is a plugin that uses a centralized list to ban users that have been banned by other servers using the same plugin, should work.

 

Bill Kress I know of a free that require username and passwords so somehow they are getting themm maybe its a ton of accounts people pitch in for on hqfler forums or some sort?
At any rate hackers are the plague of minecraft servers. If there was a way to get rid of the clients or a way to stop so many of them logon I would hop on it immediately.

@7carscha2 could you also add a configurable option to lockdown all logins by command, except for those who have a certain permission node?(NOT TO BE CONFUSED WITH WHITELIST)

Whitelist you have to completely reload the server. My idea is done by command so you don't have to reload it and can shutdown any massive amount of accounts logging in.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

I am happy to report that this plug-in does an amazing job of handling this behavior. I am not a big fan of using plug-ins not designed by our team, but this plug-in handles the job so well I am satisfied with using it. I would highly recommend this plug-in for server running 1.2.5, it completely stopped the issue dead in it's tracks.

Oh, and regarding the question 7carscha2 asked; yes, NoCheatPlus allows you to configure the "action" in a large variety of ways; auto mute, auto ban, auto ip ban, auto jail, broadcast message, private message staff, or execute a plug-in command. It's truly well designed from what I've seen this far.

However, I want to thank everyone for contributing to resolving this issue, Have a wonderful day!

 

So, xDrapor wins again.