[PSA] How to Prevent Griefers/Hackers on Your Server [PSA]

Discussion in 'Bukkit Discussion' started by chrisman0091, Jun 27, 2012.


What do you think of this PSA?

  1. Good

    4 vote(s)
  2. Helpful

    3 vote(s)
  3. Better Than the Other Tutorials of This I've Seen

    1 vote(s)
  4. Needs MOAR! Jk it was AWESOME!

    2 vote(s)
Thread Status:
Not open for further replies.
  1. Offline


    NOTE: I know these have been done before, but I worked really hard on mine like many others, and every one is different with it's own unique ways of stopping it. So please let people who want to use this, use it! Without all of the complaining about other people who already did one of these! Also Note that the file linked has every plugin listed in this tutorial on the latest working build as of 6.27.2012 =============================================================

    Ok now for the real tutorial! To start off, a lot of griefers now-a-days use a hacked client. What this does is let them do things they normally can't do! Some can fly, build big walls or offensive buildings with one click, break blocks faster, or even get diamond tools faster for better griefing.

    This part is how to stop hackers. What you are going to do is get a couple anti-hack plugins. I suggest ones such as NoCheat+ or AntiCheat. I personally enjoy NoCheat+ more but it is a personal preference. What NoCheat does is stop hackers from using most hacks that people can use, such as fly and speed hacks. It will also notify you with the player's name and hack(in it's own way). Anticheat does the same thing, but also kicks the player for the hacks. Note that you might sometimes get false notifications, for example, if they roll and take no fall damage with MCmmo, it will tell you they tried/did hack to avoid fall damage, when they just jumped and MCmmo took away the damage. To stop players from getting diamonds and other things fast with a hack like XRay, you can block XRay with a plugin such as Orebfuscator, the most popular XRay blocker ATM. What this does it when a player tries to use XRay hack or texture pack, they will see a bunch of ores that don't exist but blocks their view of the real ones. So far you have stopped about 40% of the hacking/griefing community! Good job for you.

    All of these plugins can be bypassed with certain permissions or OP status on the server. Now for the part that does not require plugins. Here are some TIPS to not get griefed or hacked easily. First off, NEVER download a plugin from an unsafe source. So only download a plugin from Bukkit, or another trusted website. If you download a plugin from a random player you run the risk of having him hack into your server and OP himself via ForceOP plugins. Also, never go onto another's server to 'test' it or whatever reason he/she gives you unless you know and trust them 100%. They could do what is called SessionStealing and OP themselves on your sever! Unless you have a creative part of a server, never give away Creative, and never give away OP or anything else to somebody that claims to be doing something as 'reviewing your sever' even if they say they are 'official', they would not need anything besides maybe Member and some information from you(such as Owner's name and such) to actually review your server! One last thing for non-plugin part is hide your IP! Use something such as no-ip.org to get a word IP(it if 100% FREE), so they cannot DDoS(lag) your server and anybody using your internet including their computers, or find another way to OP themselves. Even tho their is a small chance they might get the IP somehow, this slows them down 99%.

    Now to help stop griefers. Never give out creative(as said). You also will want to protect anything that you do not want grief with a plugin such as WorldGuard. Also make sure you have a grief check and rollback plugin, such as CoreProtect or LogBlock. This will log whatever a player does on every block they place/destroy, and you can roll back whatever they do to a certain time. If you run a creative server, you might want the LogBlock addon called LogBlock TreeLogger. Also with a creative server, you might want a plugin that assigns plots to people like PlotMe so they can only destroy things on their plot, and people they add to their plot can build/destroy on it. Also create what I would say weekly updates of the full server folder, so you could copy/paste the folder somewhere such as a flashdrive every week, so if anything happens you cannot undo you can just go back a week(or whenever your last backup was)

    This next check is something that will stop about 40% 60% of hackers, must most are smart enough to pass this, but a lot fail. Have them type @help in the chat. Unless the player is known to be slow, this should take no more than 3-5 seconds. What this does is let the player(s) talk in the IRC chat, this only works for the Nodus hacked client, but that is the most popular hacked client used. To stop spam, I suggest a plugin called S.T.A.B.(Stop Talking Auto Ban) and SpamGuard. They both block spam, and S.T.A.B. will also tell you when somebody logs in with the same IP as another player, which means they might be using an Alt(alternate account) to grief and hack and not get banned on their main account, or to bypass a ban. I also suggest AntiBot, which will stop somebody attacking your server with lots of bots with different names and possibly IPs and spamming your server. This is a very useful and effective plugin.

    MeesterWaffles likes this.
  2. Offline


    Nice guide.
  3. Offline


    Thanks, took me a while xD
    MeesterWaffles likes this.
  4. Offline


    You might also want to relase a plugin. Some clients have it so that when you attempt to chat some command (e.g .wallhaxzomgdiamonds), it activates them, if it just starts with a period, it just does nothing, so have something like .accept for rules and stuff.
  5. Offline


    chrisman0091 if your on windows, just open command prompt, and type ping yourserver.no-ip.com or whatever the servers ip is and you will get its real ip.
  6. Offline


    This is impossible as that command never gets sent to the server and only listens on the client to thus add commands to clients only.
  7. Offline


    I think thats the idea. If the command to accept the rules is '.accept' and you're running a hacked client that hooks commands starting with '.', you cannot accept the rules. That way you have to be on a normal MC client to perform actions on the server.
  8. Offline


    This is no longer the cause.
    1. Many hacked clients use other prefixes, like - instead of .
    2. Many hacked clients use consoles, allowing anything to be sent through the chat
    3. Many hacked clients have commands such as -chat (message) which would let you send .accept
    4. Many hacked clients have a spam feature, which could send a .accept by typing -spam 1 .accept to spam the message once
    5. Many hacked clients can have the 'hacked' part of the client disabled and reenabled without relogging/restarting Minecraft.
  9. Offline


    [PSA] Public Service Announcement

    Why are you piggy backing on my latest post's?

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: May 26, 2016
  10. Offline


    This is true, that is why I said it stops SOME griefers with the @ symbol that is used on Nodus, the most common client. Again, it is easy to bypass, but not all people know how. That is why I provide other solutions :)

    This is true, but not all people know this, and does stop a good amount of people.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: May 26, 2016
  11. Offline


    You're telling me that someone who can setup a botnet with the hundreds of slaves needed for an effective ddos attack, doesn't understand simple DNS resolving?
    KaoValin likes this.
  12. Offline


    DDoS Script Kiddies that also send from their unmasked home IP like a newb
  13. Offline



    well, 1. It's a DoS,
    2. If you're running a minecraft server that can't handle a DoS from a home computer/network, idk what to say.
  14. Offline


    It was DDoS if they include the computers from their school's network, friends, or even step dad's business laptop you said could "run faster". I didnt mean to imply it was from a single source.
  15. Offline


    Ah, that makes more sense. :3
  16. Offline


    The .legit thing. If they can't say .legit they are busted.
  17. Offline



    Who is stupid enough to be stopped by not being able to do a DNS resolution? That advice is pointless.
  18. DeJay6424 2 year old guide did not need to be bumped. :)
Thread Status:
Not open for further replies.

Share This Page