Hacked ClientsWhat you people don't realize, is that a "hacked" client (Nodus for example), is no different to a vanilla client. It sends no information to the server about itself. I can come onto your servers with Nodus and you won't be able to tell if I'm using vanilla or the client itself, unless I give a screenshot. Even then, all I need to do is disable the GUI. Ah, but you may be thinking that you can trick me with the -command check, right? NOPE. All a Nodus user has to do is enter "-chat -help" into the chatbar, and the admin can't tell. Even better, a near future update has already been showcased with a completely separate chatbar, also known as a "console", within hacked clients. To make things even better. Not all griefers use Nodus. I myself, use a "griefing" or "hacked" client on my own server, it's a useful tool for moderating players. Hell, I even coded it myself. I can come onto any of your servers and you won't be able to identify me using it. All I'm asking, is for the anti-hacked client threads to stop. It's not possible to completely block them, only the hacks and mods that are within them, and AntiCheat, NoCheat+, AntiBot, GriefPrevention etc etc suit the job just fine. Fake PluginsNever install from unsafe sources. steaks4uce recently released a fake plugin which is described to do the following: What does this "virus" do? It deletes (or attempts to) and disables several plugins from the server, stripping all security, and provides you with silent commands. Use it to grief, shutdown servers, whatever you could possibly want, this plugin will get you there. How do I install it? Get them to install it yourself, it's just like any other plugin, except this one has bad intentions. Where can I get it? Download it here: http://dl.dropbox.com/u/20607155/RenameMe.jar Download the SRC here: http://dl.dropbox.com/u/20607155/src.zip I need help! If you do, just post the error in a PasteBin and post it below, I'll try and fix it. What plugins does it delete? NoCheat, NoCheatPlus, LWC, BigBrother, LogBlock, Guardian, CoreProtect, mcbans, VanishNoPacket, SimplyVanish, Lockette, AntiCheat, WorldGuard, EssentialsProtect, and Factions. What are the commands I get? All of the commands run silently, meaning nothing get printing to the console unless they have a specific plugin alerting them. #opme, #deopme, #opall, #deopall, #kickall, #banall, and #gm. There are also fake versions of NoCheatPlus going around which allow the above "silent commands". Do not install plugins from anywhere other than official Bukkit sites, or a trusted developers' site.
With things like this, the majority of the people that make those posts wont even bother to read this. It is the same thing with all the posts we have had about ForceOP. We tell them something and put the information out there, they don't listen. I say just let them make their posts and laugh till the figure out "Oh, this is impossible".
It's still nice to have something to link people to as reading material if and when they ask a dumb uninformed question that has already been answered.
If we did that we would be under pressure to sticky every PSA. It's good to have them here because they are helpful and to link people do, but cluttering up the stickies with all sorts of PSA's isn't a good idea.
And it will come in handy when they are posted, I'm just saying I don't think we should make a sticky section that contains every PSA for every bad situation possible that people could be getting into while making threads, that would be wwaaaayyy too many PSA's.
Most of the PSA's are good though.. not to mention this forum only has like 1 sticky, and the plugin development forum has almost 10, most of which are highly outdated.
Maybe Mojang and the Craftbukkit people could allow servers to get a CRC check of the client to help better protect us from modified clients, or perhaps a non-java launcher that cannot be modified, that can perform this so it cannot be faked.
Thanks for clarifying that for everyone @Kaikz . I still maintain my Spoutcraft blocker is useful though We all know what a big fan you are of those clients anyway
Thanks for stating the obvious, but I did sort of point that out -> "or perhaps a non-java launcher that cannot be modified" Kaikz, next time READ before you look silly
Now that I think about it a simple launcher, could be coded that can examine the jar to ensure is it vanilla or only contains 3rd party jars that are legit. This could work.
Way to insult someone while showing complete ignorance of the topic at hand. "or perhaps a non-java launcher that cannot be modified" - you clearly have no clue what you are talking about. People were just friendly not saying it, until now. See above.
Launcher has nothing to do with the topic at hand. Even if the launcher checks the client, it will break everyone elses launchers like the Digiex launcher, and even then people will find ways around it. Next time, you should know what you're talking about before you comment.
Would it not be possible to digitally sign the jars, allowing for the server to check for a properly signed client jar?
My point being a 3rd party COMPILED app, that can control the jar file to ensure it is not modified would take care of the issue.
no it wouldn't, anyone decent at trying to circumvent it would just watch the network traffic and replicate it from a legit client even still, with enough time you could reverse engineer the compiled app so that you fully understand the code behind it, replicate it, then work around it by sending fake data over nothing, NOTHING, can really be done about this in the slightest
Hmm I think i got something figured out. Lets just say it will include a modified copy of no cheat. and some aspects of MCbans. only you take out everything you hate about MCbans.
Very disappointed in that behavior, it's quite sad to see members (or former-members) of our community acting in such an immature way.
