[REQ] AntiNodus

Discussion in 'Archived: Plugin Requests' started by KollegahDerBoss, Jun 4, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    KollegahDerBoss

    This is one of the most easiest Plugins ever.

    Plugin category: FIX

    Suggested name: AntiNodus

    What I want:
    - The User needs to type "-" to login into the Server, Nodus Players won't be able to join the Server since "-" will return as "unknown command" for Nodus. This way you can easily stop Nodus People from joining.

    Ideas for commands: None

    Ideas for the Config File: None

    Ideas for permissions: antinodus.bypass

    When I'd like it by: ASAP :)

    Similar plugin requests: None to my knowledge

    Devs who might be interested in this: None to my knowledge

    I hope someone will realize this!
    Thank you in advance!
     
  2. Offline

    kezz101

    Clever... I will do this for you right now. I love it so much :3
     
  3. Offline

    McLuke500

    I like this idea alot aswell. Very clever as naturally nodus wouldn't send to the server that you said - :D
     
  4. Offline

    Ne0nx3r0

    This is clever. This is the sort of out of the box thinking that needs to be done to really patch these clients. (using their strengths against them)

    That said, this particular idea wont work. It's security through obscurity, and on top of that take a look at the second line in the Nodus client's config file:
    Still, "A" for effort.
     
    afistofirony and nunber1_Master like this.
  5. Offline

    kezz101

    http://dev.bukkit.org/server-mods/anti-nodus/

    You can define what prefix it does... But thanks for telling everyone how to bypass it Neon :p

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 26, 2016
  6. Offline

    BMX_ATVMAN14

    U can just change it in the config
     
  7. Offline

    kezz101

    Neon just said that... I can read xD
     
  8. Offline

    BMX_ATVMAN14

    Didn't see :p
     
  9. Offline

    Ne0nx3r0

    Sorry, I didn't mean to rain on your parade; you have to admit though that would be the first thing most users would do when they realized what the plugin was trying to do to them.

    There's an "edit config" option listed in the GUI. (I played with the client quite a bit when I was testing a dupe exploit)
     
  10. Offline

    kezz101

    Yeah... In fact making this plugin would be pretty pointless as you could just well... Bypass it xD
     
  11. Offline

    KollegahDerBoss

    About 90% of the Users don't even know there is a config, so that would be still worth it for my Server...
    Could someone please realize this? :D
     
  12. Offline

    colony88

    If anyone sees this, they will know there's a config... Me, for example :D But I don't cheat :p
     
  13. Offline

    themidknightson

    Most people who use Nodus use it for only griefing. I highly doubt any of them will really be reading these forums. Some might know about the config file but to be honest most people who use nodus are probably children and wouldn't know how to change the config. I think this plugin is a great idea.
     
    nunber1_Master likes this.
  14. Offline

    np98765

    Seems like a good idea. In fact, it could be combined with an anti spam-bot plugin...

    It would give some sort of CAPTCHA in the chat, they would have to type in:

    -8493 or whatever.
     
  15. Offline

    colony88

    Good idea!
     
  16. Offline

    Smelyhobo

    Guys they could bypass this easily with -chat - Although there are lots of nodus users who dont know about it.
     
    nunber1_Master likes this.
  17. Offline

    Ne0nx3r0

    The bottom line here is this only works if only a few servers use it, and only as long as no one is willing to even attempt to get around it.

    As soon as it becomes popular, someone is bound to complain to Nodus, which will lead to a fix of some kind or popularization of a fix, assuming one doesn't already exist.

    Like that.

    All the while, all your players are being harassed by this thing, not to mention the bugs that will inevitably creep up from it.

    I suppose it's worth a try, but if it were my server I wouldn't bother my legit users just so I could catch the occasional total noob, who (if he really is that noobish) is likely to get caught by some other security mechanism anyway.

    The captcha thing might have some merit, but I've never actually had an army of bots join my server and I use online-mode=true, so I personally wouldn't use it.
     
    nunber1_Master likes this.
  18. Offline

    np98765

    I have online mode on as well, but I had one night where I had literally, an "army of bots" on. NoCheat+ (Which I recommend for stopping Nodus, read on) banned them all, but they came on with some other accounts. To this day, I'm still not sure what happened.

    Anyways, NoCheat+ is a great way to counter Nodus. It blocks most of the main features. If you're worried about Xray, get Orebfuscator. If you're worried about Orebfuscator hurting legit players, set the engine mode to 1 (not as effective, but still hides the vast majority of the ores).

    I don't think that there is any way to STOP Nodus. You either need to a) get plugins to help prevent hacks, or b) shut down the world wide web.
     
    nunber1_Master likes this.
  19. Offline

    tomjw64

    A suggestion, that most people will probably not use because it forces their players to do work on their end, would be to use Spout and only allow Spoutcraft clients to play on their server. You can't use one client while you are using a different one, right?

    I think that it would be very effective for blocking out Nodus, as well as giving more options to you as a server owner, but like I said, it probably won't be a common solution because it makes the players do things on their end.

    or option c) force mods that conflict with Nodus
     
  20. Offline

    np98765

    Yeah, forcing users to use Spout isn't exactly going to work if someone wants to get their server to be 'popular'.

    Yeah, you CAN force mods, but again... Not exactly going to make your server famous.

    Not sure what you're doing with your server... Whether it's for friends, or whatever. Scratch that, if it's friends, you wouldn't really have this issue, hmm?

    Anyways, unless you want to force users to download stuff, I still recommend NoCheat+, and/or orebfuscator.
     
  21. Offline

    KollegahDerBoss

    We do have NoCheat+ and Orebfuscator as well, as also SpamGuard to prevent Spam-Attacks.
    The thing that bugs me, is the Freecam and "standing 1m in the air" which NoCheat+ doesn't block.
    By using them both, you can go up to 2 Blocks high. Not to mention all the other possible Hacks with Nodus that bypass NoCheat+.

    Like themidknightson says, most of the Nodus Users are children (and my Server is full of people that are 10-15 years old) which use Nodus and barely ever go onto Bukkit Forums/Even know how to use Nodus properly.

    I don't think this Plugin would be that hard to make (I don't code with Java, only C for now), so I was hoping for someone that actually creates this.
     
  22. Offline

    SirTyler

    Then why not bring that kind of thing to the attention of the NoCheat+ devs and have them work on fixing it?
     
  23. Offline

    Kaikz

    Sorry to shit all over your parade, kids, but this plugin is rendered useless from the get-go.

    Nodus now has a console, completely separate from the chatbar.
    If a user is still using the old version, all you need to do is "-chat <insert plugin captcha here>" and bam, the protection is gone.
     
  24. Offline

    Elon_Than

    So idea was good, but useless ;)
     
  25. Offline

    Ne0nx3r0

    Well that's a valid point. In fact I have a private plugin that does nearly the exact same thing, only the command differs.

    I still think it wont work, but since the coding is all but done I don't mind changing a few lines to suit your needs.

    http://www.modevs.net/stuff/LetMeInDash.jar

    As you say you're a coder, I imagine you'll be able to maintain this existing code yourself, it's fairly straightforward. (The source is included in the jar)

    Sorry to render your rant pointless kid, but that has already been brought up... Multiple times. ; )

    This is exactly what I'm talking about; you can't rely on people not knowing how your security works, that only works on a small scale and only as long as you are the only one doing it. This is a mistake many fledgling IT people/coders make.

    The moment word gets out, your security system is automatically compromised, meaning you have to expect people to get through it.

    True security works even when you hand over the source code and detailed instructions on how it works to your enemy, and he's still dumbfounded.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 26, 2016
  26. Offline

    PandazNWafflez

    By the way, this would never have worked even when the user posted it, as Nodus filters server forced messages from user sent messages.

    Also, NCP can't block standing 1m in the air, because 90% of the time that's just lag.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 26, 2016
  27. Offline

    Tronty

    Try a config using a Nodus command. Those cannot be changed (easily at least)... It's a great idea, just not enough research went into it! :D

    -irc or something along those lines would do the job.

    basically as it is a client side mod everything that is written for Nodus does not get sent to the server...example -irc toggle wouldn't be seen on the server gui therefore only the player knows he has typed it.

    With that in mind, log in type -irc

    The command would be processed on the Nodus Minecraft Client and would show "-irc help" but all non-Nodus users type '-irc' and will be logged in straight away.

    If a Nodus User does manage to change the command '-irc' to something else that allows them to log in, a way to prevent this would be by creating a list of Nodus commands (-health, -disconnect, etc) then the plugin chooses one of these ''phrases'' at random. This makes Nodus users change their WHOLE config file if they want to log in. Laziness would prevail.

    Expanding that, it would be quite confusing to other users but using the -disconnect feature would be brilliant. It would log Nodus users out (and ban them?) and allow the rest in.

    TA da! Anti-Nodus Improved.
     
  28. Offline

    Ne0nx3r0

    As I said earlier, that's easily bypassed by changing the command prefix option.

    Again...


     
  29. Offline

    Tronty

    Oh wow, silly me. Obviously need more sleep or something.
     
  30. Offline

    Ne0nx3r0

    Ha, I know the feeling.
     
Thread Status:
Not open for further replies.

Share This Page