Inactive [SEC] NoCheat v3.5.0 [CB 1.2.4 R1.0][ABANDONED]

Discussion in 'Inactive/Unsupported Plugins' started by Evenprime, Feb 15, 2011.

  1. Offline


    Xp10d3, Dereku, MyPictures and 35 others like this.
  2. Offline


    Because I can reach a lot of people here:

    Do not login to any MC servers that you don't fully trust, as it is currently possible for the owner of that server to steal your session and use it to log into another server.

    E.g. if you are admin on one server, and somone you don't know invites you onto their server (and you actually log into that server), they are able to log into your server (or any other server) with your username without you noticing. This is possible without them knowing your password (and they don't need it anyway for that) and they can connect to "online-mode=true" servers.

    To be save, add an additional line of defense like AuthX and make sure it's active for all "important" players (admins, mods).
  3. Offline


  4. Offline


    thank you very much for alerting me to this issue, i was not aware of it and will now no longer log onto any servers other then my own,

    can you tell me please how will i know when this issue has been resolved? where do i look to? will it require an MC update? or will it be in the bukkit updates? where do i keep my eyes pealed to for the fix to this?
  5. Offline


    If at all, it has to be fixed by Mojang/Minecraft by changing how authentication in Minecraft works. So it will definitely take at least an update of Minecraft itself. I have no idea when (or if at all) they'll fix the problem.
  6. Offline


    does this stop the mod nodus?
  7. Offline


    Is it even possible to fix ? From what I can tell the hacker server acts as a a client connecting to the server they want OP on which I guess could be fixed by making the serverhash somehow based on the servers IP then could generate the hash based on the IP the request came from and see if they match up. But it would always be possible for the server to act as a proxy to the actual server, just adding an extra chat packet would it not ?
  8. Offline


    I've suggested a simple fix for the problem in a bug report which would require only very little changes to server, client and minecraft's authentication servers. This is what I'd propose:

    Current broken system:

    Server -> Client : "hash" value
    Client -> "username" + "hash" value
    Server -> Does "username" + "hash" value exist? Yes = allow login

    Fixed system:

    Server -> Client : "hash" value
    Client -> "username" + "hash" value + "server hostname : port" (that the client is currently connected to)
    Server -> Tell me "server hostname : port" that is stored for "username" + "hash". Is it really my own? Yes = allow login

    Because servers usually know or can find out (automatically) what their public IP is and how players can connect to them, the server would be able to decide if the client has been mislead by an attacker. If the attack happens, the "server hostname : port" would be those of the attacker instead of the Server, therefore the server would not accept the login. Because only the server decides if and how it uses that additional bit of information, no flexibility in server setup is lost (server owners could decide to run without that additional security, or make exceptions etc.). Also wouldn't need to do any additional work besides storing the hostname : port info in addition to the hash-value. And the minecraft protocol wouldn't need any changes at all (Packet1Login and Packet2Handshake stay the same).
  9. Offline


    Client -> Attacker: hi :)
    Attacker -> Server: hi :)
    Server -> Attacker : "hash" value
    Client -> "username" + "hash" value + "server hostname : port" (hostname of the attackers server (the one they actually connected to))
    Attacker -> "username" + "hash" value + "server hostname : port" (hostname of the actual server, to this just looks like the player gave up a joined another server)
    Server -> Tell me "server hostname : port" that is stored for "username" + "hash". Is it really my own? Yes = allow login (Still returns yes because the attacker told that the admin just joined the server)

    no ?

    OH ! Client -> requires a valid session ID. Ignore me ;)

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: Jul 18, 2016
  10. Offline


    1.2.5 compatible ?
  11. Offline


    You could find out by trying it :D
  12. Offline


    I worry about compatibility problems of the plugins of my server.
  13. Offline


    That's pretty obvious ;) Set up a local server to test with :D
  14. Offline


    We have 2 // local installation ;)
  15. Offline


    So test it..
  16. Offline


    a compatibility problem can cause an error anytime! -_-
  17. Offline


    Test it.
  18. Offline


    If you want to be that cautious then you will have to test it with the plugins that you use. I can tell you that it works fine on my server but nothing about yours.
  19. Offline


    Does this prevent nodus hackers? only asking because i have been using it and when it detects a hack it does not try to stop. or maybe it like stops the player from doing that but i would not know because i am an admin with override controls.
    Also how do i make it so when someone starts to hack and NC detects to kick the player? if possible.
  20. Offline


  21. Offline


    This is my last post here. Goodbye everyone.

    Read this for more info: NoCheat
  22. Offline


    I maybe you should put a link to nocheat+ in the OP as the last thing you do here :p
  23. Offline


    Yo Bro, Bro Hoof /)(\
  24. Offline


    It wstill works but when will it brake? in 1.3?
  25. Offline


    Nice plugin, no doubt i'm using this on my server [diamond]
  26. Offline


    Plugin is broken in 1.3.1:
    [SEVERE] Error occurred while enabling NoCheat v3.5.0 (Is it up to date?)
    java.lang.VerifyError: (class: cc/co/evenprime/bukkit/nocheat/checks/chat/ChatCheckListener, method: commandPreprocess signature: (Lorg/bukkit/event/player/PlayerCommandPreprocessEvent;)V) Incompatible argument to function
    at org.bukkit.plugin.SimplePluginManager.enablePlugin(
    at org.bukkit.craftbukkit.CraftServer.loadPlugin(
    at org.bukkit.craftbukkit.CraftServer.enablePlugins(
    at net.minecraft.server.MinecraftServer.i(
    at net.minecraft.server.MinecraftServer.d(
    at net.minecraft.server.MinecraftServer.a(
    at net.minecraft.server.DedicatedServer.init(
  27. Offline


    Per the DBO page ( NoCheat is inactive. There are a couple replacements posted there, NoCheat+ and AntiCheat. Also, on that page, md_5 did do a quick update to NoCheat for 1.3.
  28. Offline


    My error:
  29. Offline


    Read my post before yours.
  30. Offline


    I just switched to NoCheatPlus - works perfectly.
  31. Offline


    How come it doesnt work on my server? NoCheatPlus doesnt work or regular NoCheat please help!!!!!!!

Share This Page