NoCheatPlus

NoCheatPlus Christmas and New Year

NoCheatPlus

Detect and fight the exploitation of various flaws/bugs in Minecraft!

Features Permissions Commands Configuration Jenkins

Introduction

NoCheatPlus attempts to prevent cheat clients from exploiting weaknesses of Minecraft or its protocol, making your server more safe. Checks cover a wide range of issues including flying and speeding, fighting hacks, fast block breaking and nukers, inventory hacks, chat spam and other types of malicious behaviour. For a more complete list have a look at the Features Page.

NoCheatPlus puts emphasis on configurability and allows you to customize actions that are carried out when a player fails a check (e.g. silent cancelling, executing commands, just logging). Bypass permissions allow to control what check to apply for which players, all checks can be deactivated in the configuration, also having the option for world-specific configuration files. Many checks allow more detailed configuration to adjust sensitivity.

Certainly NoCheatPlus is not a magical bullet, it uses a lot of heuristics and even guessing, so you will encounter false positives here and there and also not catch every single violation. Example video of how NoCheatPlus blocks cheats (outdated plugin version).

NoCheatPlus was introduced by NeatMonster, building on the code base of NoCheat by Evenprime.

The following plugins might be useful to have a look at.

ProtocolLib

Allows NoCheatPlus to activate packet-level checks, covering a range of exploits that can't be monitored using ordinary means. Since roughly Minecraft 1.7.10, the fight.speed check can't work as expected anymore, due to changes in CraftBukkit. With ProtocolLib this can be repaired.

CompatNoCheatPlus (cncp)

Make plugins like mcMMO, Citizens, MagicSpells or MachinaCraft more compatbile with NoCheatPlus. Not all existing plugins are covered (yet), but you can leave a note or create an issue/ticket request for cncp.

Orebfuscator

Orebfuscator fights all sorts of X-ray-hacks by altering the map information that is sent to the players, such that they have to mine blocks to actually reveal what is behind. Virtually a "must have". (Latest versions of Spigot contain features of Orebfuscator.)

Downloads and History of Changes

Support

Documentation Resources

Contact us

  • Quick questions can be asked on this page,
    or on IRC (Server: irc.spi.gt | Default-Port: 6667 | SSL-Port: 6697 | Channel: #nocheat | Web client: WebIRC)
  • For real issues or feature requests please create a new issue/ticket or add to an existing issue/ticket.
  • To send information that is not to be seen by all, you can also reach us by PM to @asofold and @MyPictures. @IceAP (IRC: ICE) will also help or redirect the conversation. Please do not contact the user 'NoCheatPlus', it is for administrative purposes only and will likely not be answered in time. Keep to BukkitDev and GitHub for support, do not trust users on other forums or websites, also not if their nick names are the same as NCP staff on BukkitDev.

Please always state the output of the "ncp version" command to let us know versions in use (users of cncp also the "cncp" command).

You must login to post a comment. Don't have an account? Register to get one!

  • Avatar of MarkElf2204 MarkElf2204 Feb 10, 2016 at 00:22 UTC - 0 likes

    @latestduo: Go

    I've modified my configuration with fully custom strings (minus a few). I've never had an issue where I had to update protocol lib to a Dev build.

  • Avatar of latestduo latestduo Feb 09, 2016 at 19:55 UTC - 0 likes

    For anyone having issues with errors after adding custom strings you need to upload ProtocolLib to the latest build (build #222) it will soon be released under the version 3.6.5

  • Avatar of Maxetto Maxetto Feb 09, 2016 at 15:34 UTC - 0 likes
  • Avatar of asofold asofold Feb 09, 2016 at 00:27 UTC - 0 likes

    @File14: Go

    (Not sure you noticed: part of the answer to the error question i might've addressed to @MarkElf2204 part-accidentally.)

    Can survivalfly issues be described / confined to any circumstances with NCP build 925?

    BFAK:asofold,90573112,4305cd44b773216e4e4b4865b3831dcc3c507c15087fb5cfeebd9392050724fc

    NoCheatPlus
    Latest beta release (1.8.x, this site) 3.13.0-BETA-sMD5NET-b878
    (Development builds, 1.8.x: Jenkins)

  • Avatar of asofold asofold Feb 03, 2016 at 22:26 UTC - 0 likes

    @SmilingSlimeGuy: Go

    There exists 'ncp exempt player_name/uuid check_type(s...)' plus unexempt, however it's meant for pinpointing exemption with events or for testing, rather. You could use that, if you don't have other external compatibility hooks. With cncp or external hooks i wouldn't count on the plugins not removing the exemption that you have added, because other plugins might not check for previous exemption.

    The most certain way to do it, would be to add them to a permission group temporarily or add transient permissions via you permissions plugin. A transient group would allow combining permissions for that task, and might also perform better due to only recalculating permissions once, if supported. Permission perform worse than exemption, but the duration of validity and the consistency may be easier to control, depending on the permissions plugin.

    NoCheatPlus defines a couple of shortcut permissions, such as nocheatplus.shortcut.bypass. (don't mix up with nocheatplus.bypass, and don't ask me why the latter one is there for only one feature). The nocheatplus.shortcut.bypass permission might allow a little too much (bypassing command protection as well), you could also just give the necessary permissions one by one or start with nocheatplus.checks for bypassing most stuff.

    @grosse01: Go

    I'd really ask the vanish plugin makers first, essentials has vanish features too. Technically i am not sure how they do it, unless minecraft tells them anyway (bug in the vanish implementation?), there could be plugins exposing some things indirectly. Do they see the vanished players directly, or do they just notice that there are vanished players nearby?

    @Maxetto: Go

    Oh that one :). Do you have the stack trace log (one line!) that should be there with the first time of a specific call? Each stack trace is only printed once, provided you have about build 925.

  • Avatar of Maxetto Maxetto Feb 03, 2016 at 21:15 UTC - 0 likes

    @asofold: Go

    No, it's just a Warning from NCP regarding the way PlotSquared opens Inventories on player's join.

    "Off primary thread call to hasByPass for INVENTORY_OPEN."

  • Avatar of grosse01 grosse01 Feb 03, 2016 at 15:44 UTC - 0 likes

    @asofold: Thanx for the answer. Well the problem is that I use Essentials, and not a specific vanish plugin. So I don't know if they will be doing anything there. Because if anyone uses "Picture in Picture" I think it's kind of cheating. The player will be able to see what I am doing.

    Phoenix , Server IP: 85.131.223.217:25565 https://minecraft-server.eu/server/index/66488/phoenix

  • Avatar of SmilingSlimeGuy SmilingSlimeGuy Feb 03, 2016 at 15:42 UTC - 0 likes

    @asofold: Go

    I was thinking of making an alias, for my staff members. The command would be /test <player> and would make the staffmember go in vanish and teleport to the player (Essentials commands) and then it would exempt that player from any nocheatplus checks and after 3 minutes the player would be unexempted again.

    But I don't want to give my staff members access to run commands as console, no, please no xD Maybe you could add a command which would just temporarily exempt a player from any checks? like, /ncp tempexempt?

    Also another idea I had is for a command which would send about 3-5 zombies to a player from different directions so staff could check if the player has some sort of mobaura. with some sort of 2 minutes cooldown so the staff can't spam the command?

    Anyways, thank you for the quick reply and the awesome plugin :P

  • Avatar of asofold asofold Feb 03, 2016 at 00:21 UTC - 0 likes

    @Maxetto: Go This same: https://github.com/NoCheatPlus/Issues/issues/58 ?

    Concerning the crash i suggested that PlotSquared should have a message throttling per player. Ideally they'd also liston on LOW event priority instead if lowest, to give the simple anti cheating checks a chance to cancel early. There would be hacks to ensure NCP gets events first, but is this the issue at all?

    @SmilingSlimeGuy: Go

    We currently prevent that, because the commands is executed as console. Accidentally giving a player the permission to use the delay command can be a real problem then. In theory we could add config flags for such, which wouldn't hurt anyone. Question is what you want there - a feature to run the command as the player who calls it? What do you intend to do with such a command from ingame?

    @MarkElf2204: Go

    Yes :). fdirection is typical too.

    @File14: Go

    Which version of NCP are you using? Could the issues perhaps be resolved?

    Not cancelling survivalfly is slightly problematic, as that would at least allow some form of gliding with the current implementation. (mentioned in the page: https://github.com/NoCheatPlus/Docs/wiki/%5BMoving%5D-Survivalfly )

    At some point i'd like to support better adjusting sensitity of survivalfly without risking glide and things like that, currently we prefer to get issue reports, because the recently added internals allow tackling false positives very well (downside: it added new ones, though some old ones have been removed as well).

    @MarkElf2204: Go

    The error log has recently been added. It means a plugin is doing something in a way that might crash your server (or the server has a strange bug).

    Typically and here also it is plugins causing teleporting of players, more or less indirectly.

    In this case it looks like the plugin UltraCosmetics is calling methods asynchronously, not from within the main thread, which cause a teleport of a player in an indirect way.

    Technically this is highly problematic to do, i don't know of safety measures from Bukkit side with firing events asynchronously. Most plugins rely on events being fired from within the default contexts, and will just access the not thread-safe API on such an event.

    I can't tell if this is by accident, because they just let players mount something else and probably don't expect a teleport to happen due to that. No idea if the mounting failing causes a teleport, they should look into that.

    Last edited Feb 03, 2016 by asofold

Facts

Date created
Apr 02, 2012
Categories
Last update
Jan 31, 2016
Development stage
Release
License
GNU General Public License version 3 (GPLv3)
Curse link
NoCheatPlus
Downloads
1,369,060
Recent files

Authors

Relationships

Optional dependency
ProtocolLib