[Hack Detection] Detecting Aimbot!

(Please read until the end)
Hello fellow developers, I have been working on my server and thought it is time to start a war on hackers. So I thought I want my own anti-cheat plugin, especially for Aimbot and/or Forcefield. Before you say anything, yes I tried NoCheatPlus and tested it alot against those hacks and it did NOT work! I have seen people saying about spawning mobs around or faking stuff, but I guess that won't be worth trying, since it is not effective AT ALL! So do you guys think if we use math, we can create a successful system to detect those? Thanks for all you ideas/suggestions!

 

Maybe have a certain amount of damage a player can cause per second or something.

 

It's technically not possible to 100% detect every hack. Even games like World of Tanks, where everything (literally, everything; the client only gets to see what the server sends) is done server-side.

However, a "may-work" way would be to implement packet in-bound checking with something like TinyProtocol or ProtocolLib or that new fangled one that came out recently and somehow fast-check the difference in yaw and pitch.

 

HeavyMine13 see the problem with fighting hacks like killaura is that all of that is handled by the client. for instance the client tells the server that the player is hitting a specific player. with a legit client it only tells the server when u actually hit them with your sword, however with a hacked client you dont even need to be looking at the player for it to send hit packets. the reason it does that is because lets say for example sake, a player is getting a 3 second latency time. that means the attacker is seeing the victim 3 seconds behind where he actually is. so to compensate with that the client just tells the server the attacker is hitting him. so any math you do will not work with laggy players. even people getting 100ms would throw off my calculations that would work great on localhost to track where the player was hitting. it also works the same way in call of duty. they have hacked clients that will kill people across the map because when you shoot, the client tells the server who you are shooting, with a legit client it tells only if you actually hit them with a hacked client it ignores that. all the math to determine where your aiming is done client side

 

I agree its hard to detect aimbots/killaura but I wonder how many pitch/yaw packets it sents, I doubt its limited in what they sent.

I did have seen servers which barely couldn't keep up because there was so much packet spam in a short period, ive seen it alot in dvz games because you need to kill around 50 - 80 hordes zombies really fast, but when I look in wireshark I retrieve all kind of weird data on a really fast rate but when theres no aimbotter/aura killer active I got those less.