Devs: You can stop trying, you cannot block against griefers.

Not sure if this belongs here, but this is my rant about people who post about Nodus or plugin requests for "No Nodus".​

Well, for one, Nodus is not the only griefing client out there. While it may used to be one of the most popular free clients, there are hundred more paid and free clients out there.

Secondly, even if someone ever found a way to block some of Nodus's hacks; like I said above, there are many other clients with better hacks that virtually can't be blocked. Good luck with making plugins that counteract those

Lastly, Nodus is one of the least used clients nowadays. People get hated on for using Nodus because while this may come as a surprise to you naive people, Nodus is not a good griefing client. There are way more better clients.

Actually, this is my last post/paragraph. THERE IS NO WAY TO BLOCK MOST OF GRIEFING CLIENT'S HACKS. Most of the hacks out there that server owners want to block are client-sided. Nowadays, people who develop griefing clients have found multiple bypasses to some of the popular plugins like Orebfuscator. Example: A popular hack called Chest ESP surrounds chests in bright-colored lines. These types of hacks can't be blocked. Sure, you can make stone or wood look like chests but they will still see the lines and be able to tell where the chests is.

In conclusion, Nodus is a shit client that nobody uses. Attempting (and you will fail) to bypass it is a waste of time. There are literally hundreds of paid, free, private (leaked), Tekkit, and other clients being released each week. Most of these client's hacks can not be blocked so deal with it and find other ways to secure your server.

Sincerely,​

Bukkit Developer/Hacked Client Developer RobotA69​

 

Don't worry, once the Mojang server/client changes are made, less processing will be done on the client and hopefully make hacked client developers struggle to do what is currently possible.

 

Your right, you cant fully block griefers, but why stop? That's kinda like saying we should find other ways of protecting our countries from terrorists.

The only good side of Nodus I really see is possible for admins and moderators. When I used to run a server, we had a few people sometimes hack in/cheating items and stashing them in deserts etc, so we used Nodus to sniff them out, and banned the ones that hacked

I can see your point in what your saying, but its still worth trying to protect your server from these things.

 

I use nodus just because it updates the fastest. I have my own client that is my own >

 

Orebfuscator's proximity hider. pwned. XD

 

This would be better titled as a request for people to just stop asking for this. To say that devs should just stop trying to think of new ways to do something is very bad indeed.

 

I read it as "Please stop blocking my hack clients. Its not making my griefing very fun."

 

False. Almost all hacks can be blocked that give the client non-vanilla behavior. The only reason any 5Up3R 53CreT 1337 UB3r H4x Cli3N7s aren't already blocked is usually because the developer is selling the client, and those who develop anti hacking plugins don't want to pay when they're working for free.

 

Myself, I don't play Minecraft much except on servers with my friends. I don't really grief, I just code clients. I've actually made multiple plugins that counteract some hacks. So, excuse yourself, sir

I wasn't really trying to say "Stop trying". Though I understand that's what you got from the title. I'm just saying Some of the things you think you are doing, aren't really affecting greifers

What I'm trying to say is "Stop doing what you are doing. Try something new because what you're currently doing isn't working." I have yet to see a plugin that actually causes a major struggle on griefers

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

I can think of three hacks that cannot be blocked and have to be dealt with manually like frakking cavemen:

1. Radar*
2. Freecam
3. Xray**

* There 's a plugin called PlayersInCubes that helps with radars, but it interferes with all vanishing plugins which, in my opinion, are crucial for detecting cheaty behavior.
** Orebfuscator does a pretty good job at hiding ores, however, it will never be able to hide underground bases.

 

You sir are an idiot if you believe that. Show me one plugin that has a major effect on griefers. Or simply explain a hack that could be blocked. PLEASE.

This is what I meant by try something new. Use plugins that let you see the screen from the other player's eyes and you could determine if they were cheating. Obviously, this wouldn't be effective on large servers but yeah..

1. Radars are okay and are in most clients, but most popular clients use tracers anyway which can't really be blocked unless you spawned random NPCs everywhere which would not be optimal

2. One of the classics, a workaround has never been made to counter this

3. Plus, Orebfuscator uses a load of resources and I don't see a lot of servers using it. If a lot of servers were to use it, I already know a way to counteract Orebfuscator.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

We're not talking about griefers in here, we're talking about hackers. You put griefers in your title, and then went on to only talk about hackers. You can grief with a completely vanilla client, so griefing will not be proactively blocked(but it can still be retroactively blocked). You want a hack that can be blocked? How about nuking? Used to be that it you could instantly destroy big swaths of land, now any server that has competent admin will at least limit nuking to within vanilla constraints. At this point, nuking is more of a macro than a hack.

Radar and freecam do not give clients non-vanilla behavior. I failed to specify that when I originally posted, but I went back and changed it shortly after. X-ray, on the other hand, can give a client non-vanilla behavior. That behavior can be detected and the hack can be retroactively blocked. In addition, like you said, Orebfuscator can proactively block the biggest part of x-raying. If you really wanted to, you could hide underground bases, it just depends how much modding you want to do and how much work your server can do. You could put create a plugin like Orebfuscator that inserts fake underground bases. Or, you could obfuscate air blocks that that are not connected, by other air blocks, to the surface.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

Just saying. The only hacks you really can't stop are:

Freecam. derp da derp.
Also remove view. I love dat hack.

 

Using a non-vanilla client isn't hacking at all. Want to see hacking? I'll teach you how to do SQL injections. As a real hacker, I don't find using a griefing client as hacking. Also, most people who intend to grief, use a griefing client. Only about <5% don't user a griefing client.

Well, yes, I will admit, a Nuker bypass is rare. But, there are ways..

 

Why are you so hostile to people in here? If you want to make griefing clients, make griefing clients, nobody here is giving you crap about that. Just leave people alone and don't be so rude.

 

Let's continue to use X-ray as an example. Let's say a lot of servers start using Orebfuscator and it's really popular and on almost every server. Client developers could easily change X-ray so it will highlight ores with bright blocks. Try blocking that.

I'm sorry but the stupidity in his post just angered me to that point.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

True, it's cheating. If we're going to be going by a strict definition of hacking, all of these 'GRIEFING CLIENT'S HACKS' you talk about are griefing client's cheats.

SQL injections? Real hacker? Get real. Close out of havij and learn a real hack.

Talk is cheap. Show me a working bypass on a server of my choice and I'll believe you.

What? Do you even know what Orebfuscator does? The purpose of it is to never let the client know where ores are, meaning that you cannot 'highlight ores with bright blocks.' The only semi-working bypass that I've seen in use is one that used the world seed to generate the world client side and overlay the ores, but now the world seed is no longer available to the client.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

1. Correct
2. I have no diea what havij is. Learn a real hack? You just sound like a noob lol.
3. So, why are you continuing to do it?

Proof you have no idea what you are talking about. Firstly, it's extremely easy to get the seed. The way Orebfuscator works is it 'pretends' the stone is ores. It doesn't actually change it into the ore. When you make a client and you do xray.show(diamondOreItemId), and xray.show makes a OpenGL box, that's going to bypass Orebfuscator.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

the way it 'pretends' the stone is ores is by telling the client the stone is ores, and that is all that matters. you cant tell it to "highlight" only the serverside diamond ore.
also using seed is beaten by using a custom world generator, as to properly detect the ores, you need an xray built for that very world generator.

 

Whilst I somewhat agree with your post, its the same everywhere. A giant cat and mouse game. People make bad stuff, the good guys patch it. By the time that's done, worse stuff is out there. Its a vicious cycle, but by trying you are at least stopping a good percentage of bad guys. Read: Kids who join, try to fly, give up and leave.

 

Well of course you can't completely stop hackers, but you sure can make their lives a lot harder.

 

You must be a true prodigy of HF. SQL injection is one of the lowest forms of hacking and earns you the least amount of respect in basically every hacking community. I make no claims about being an '1337 h4x0r', but you should at least know how others view SQLi before you brag about it.

Nice way to avoid having to prove anything. My challenge still stands. Show me a working nuker bypass on a server of my choice and I'll believe you.

Thanks for answering my question, it looks like you don't know how Orebfuscator works. There is no difference between a server pretending that a block is stone and that block actually being stone from the client's perspective. It is literally impossible for a client to tell you where the ores are when the server is telling them that there are none. It would be like if I took a picture of a parking lot, photoshopped out all the red cars, put white cars in the red car's spot, gave you the picture, and then asked you to find the red cars. The only access to that parking lot you have is through my picture. It is impossible for you to tell me where the red cars are because I never gave you that information and there is no way for you to get that information. The best you could do is take random guesses at the red car's locations, which is exactly what legit players do.

As for seeds, AFAIK, there is no way for a user to get a seed without either an admin telling them or having the world files available(like if a server offered a download link to a live world). I know the seed used to be information shared with the client, but I'm about 95% sure that it is no longer trusted to the client. If any bukkit team members happen to read this, could you confirm or deny what I just said about seeds?

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

as a note, world files are pretty much already downloadable, id assume it would be possible to predict seed upon position of found ores.

 

What's HF? Just because you don't view highly about injections, many people do. You obviously know nothing that you would say "earns you the least amount of respect". LOL GTFO, fuck that noise.''

Never said I was in possession of a client that has one, but I know multiple paid clients with video proof that has one.

Most servers allow the use of the /seed command. Exactly.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

and you still dont provide any proof yourself, nor answer any of our questions?

great job ignoring the rest of the post!

 

Please use correct grammar.

Since, Orebfuscator works so well. Why is a rare that a server uses it? If it were to be popular and commonly used, I'm sure there would be a bypass.

 

and again: skipping questions.
as thebeast808 said: "it looks like you don't know how Orebfuscator works. There is no difference between a server pretending that a block is stone and that block actually being stone from the client's perspective. It is literally impossible for a client to tell you where the ores are when the server is telling them that there are none. It would be like if I took a picture of a parking lot, photoshopped out all the red cars, put white cars in the red car's spot, gave you the picture, and then asked you to find the red cars. The only access to that parking lot you have is through my picture. It is impossible for you to tell me where the red cars are because I never gave you that information and there is no way for you to get that information. The best you could do is take random guesses at the red car's locations, which is exactly what legit players do."

please stop giving statements without proof.

 

What did I said that needs proof?

 

Fixed that for you.

The reason that Orebfuscator isn't used as commonly as you'd might expect, given that it does work, has largely to do with two factors: 1) most server admins aren't aware that it exists (or even that X-raying is still a problem), and 2) it places a heavy load on the server because it has to modify lots and lots of outgoing packets.

I'd like to see a successful workaround for Orebfuscator. In theory it shouldn't be possible without knowledge of the seed for the reasons discussed above, although I'd love to be proven wrong, if only because the workaround (if there is one) is bound to teach me something about server security.

 

Exactly my point. The unawareness of server owners and the increased force on resources caused by Orebfuscator is why it's not a problem for griefers.