NoPwnage
NoPwnage
Identify and ban bots that connect to the server for the sole purpose of spamming it
Introduction
NoPwnage will monitor the behaviour of players that connect to the server, especially their chat messages, timing, content etc. to decide if they may be spambots. If a player gets identified as such, he can first receive a warning, and if he continues to misbehave, he may get kicked or banned (configurable).
While the plugin is based on the concept of the discontinued AntiPwnage, it is not the same because it has been completely rewritten from scratch and extended, e.g. by providing configuration settings, a clearer, simpler code structure, the option to decide what should happen if a player gets identified as spamming and many more things.
Instructions
see the file "Instructions.txt" that gets generated when the plugin loads the first time, or look at them online here: Instructions.txt
Downloads/Changelogs/Source Code
- Downloads
- "Download" button somewhere on this page (usually top right corner) for the latest BukkitDev approved version
- "Recent Files" links in the "Facts" section (somewhere to the right) for one of the latest BukkitDev approved versions
- "Downloads" page that I made (all versions)
- direct link which should point always to the latest version
- Changelogs
- "Changelog" page that I made (all versions)
- Source Code
- Github.com link . NoPwnage is an open source plugin released under MIT license.
Contact / Support
You can reach me here in the comment section or opening a support ticket (if you have a bug report to make or need support). Those things are most likely to grab my attention. You can also follow me on Twitter http://twitter.com/Evenprime85 to get informed about new versions of my plugins and maybe a random rant about stuff that annoys me while coding.
Thank you for reading this!
@mec666
demanding? :Salso why do 1.2.3 when 1.2.4 is already in the process
@Evenprime85
ahh okay, and yeah send and no receive, that's a major exploit of your own right there :P
you going to update this for 1.2.3?
@cvxx7q
It's nothing fancy, just an ingame chat message (by default) e.g.:
"Please type 'Dr5Y' to continue sending messages/commands"
Used characters, length and the question can be edited in the config file. As most (all?) spam tools currently don't receive messages, only send them, that's enough for now.
@Evenprime85
wow you are still alive :P
i want to see your captchas in action lol, due to the chaotic updating i havent been live for quite awhile, do you have an image or text sample? or can i induce it upon myself :P
I actually did something.
version 1.2.0:
Added captchas, enabled by default. When a player would get banned/kicked normally, he will now instead be given the chance to solve a captcha. If he manages to solve it, he won't be harassed by the plugin anymore.
Also make sure that commands are only executed for online players, which may/should fix the problem in relation to mcbans (I'm not sure though).
@Evenprime85 This is a big bug for mcbans users..
===== But... Multiply that x200!!!~ =====
Thanks @evenprime85 for an awesome plugin! I am a longtime user of NoCheat and installed NoPwnage I think last week. My server was just attacked by a spammer with around 100 accounts and nearly as many ip addresses - he gave up after only 74 seconds.
Taking into account the >1 hour I spent manually fending off a similar attack last year, the small donation I just threw your way seemed the least I could do. Thanks again for both of your amazing plugins!
@bigscary
Ok, a player on the server asks, "Who wants a diamond pickaxe for free?", Twenty people write "me". Detected as spam for repeating a message. I took the plugin from someone else, just to prevent it from getting completely lost, so the current methods of detection (repetition of similar messages, time between messages etc.) are not really my idea.
But because I'm leaving plugin development next week anyway, I'll completely revamp the plugin before with the sole idea of captchas in mind. If a player is considered spamming and not whitelisted, he'll have to do a simple text captcha. As long as he doesn't, he will not be able to use commands or chat.
You'd get a lot more users if you named it something more obvious, like SpammerBanner. NoPwnage could mean anything, like turning off PvP or making players invincible to damage.
GriefPrevention does pretty much exactly this, but also mutes messages including IP addresses which aren't in the allowed list. Something to consider. Also, consider counting the non-letter characters to detect garbage text, and watching for a slow, but repeating message.
GriefPrevention doesn't do the garbage detection, so that would give you a little edge there.
@Evenprime85
yeah not unless they lag their own bot program to hell by using some form of OCR, and even then the spamming would mess with said OCR
but then if they did parse the text perhaps you need to add garbage
send the client 5 lines of text (example)
4 of them garbage (perhaps senseless math questions)
1 is the question, just to throw 'em off a bit :P
there's many ways u can do it so i'm sure you'll get something rolling ;)
@cvxx7q
Sounds like a good idea. It would force them to receive and parse messages (which they currently don't do).
@Evenprime85
like asking them a math question "what is 2+6?" :P
I'm thinking about giving an alternative to "warning" the players, e.g. asking them a question (captcha) and once they answer it, no longer bother them at all for the rest of their game session.
If they don't answer it, deny them to use the chat or commands until they do answer. What do you think? Good or bad idea? (Question(s) of course configurable).
@tremor77
All newer Minecraft and Bukkit version support an explicit communication channel for server plugin <-> client mod communications. Maybe you can get the mod developer to use that instead of abusing the chat?
There is a conflict I believe with the client mod WorldEdit/CUI - I'm just going to quote one of my servers other admins.
@Evenprime85
this is exactly what i thought you would say, you just cant (reliably) differentiate between bot activity and giant spout split messages :S
@Evenprime85
I don't trust reload too much, it used to work fine on one hosted thing and on the other it would work some times and then we would have strange crashes after reloading, so i tend to avoid that.
@asofold
Plugin should reload the configuration on "/reload".
@Munkyman587
Whenever someone does get banned, it will be shown in the console why the plugin thought the player was spamming. I added in the last version that commands count as spam too (although they run only through some of the tests), because it's to easy for spam tools to just do "/say xxx" (or whatever else your server offers) or spam some heavy commands that cause lots of CPU load.
Spout multiline messages look 100% like spamming of multiple seperate messages in a row to the plugin. Unless Spout starts to handle these differently (e.g. allow actually sending everything as one message) there is no way to distinct multiline messages from spamming.
You can always play with the config file and e.g. reduce the penalty for messageSpeed (sending messages within a very short timeframe after each other) or look at the other settings.
This tool is targeted at preventing spam tools that login dozens of new(!) players at once to spam the server. It is therefore (as asofold mentioned) a really good idea to give all players that are known on the server the nopwnage.spam permission.
@asofold
Thanks for the info- I will give it a try. I'd still love to have some of the protection, but maybe I should give the permission to ranks 1 higher than the lowest. Might be able to work something out at that point.
Thanks again
@Munkyman587
Multiple line messages will get added to the count for they are sent within very short time. To allow those you might try setting the enabled flag for messageSpeed to false. That might do for a quick fix for that.
Furthermore you can give trusted users/groups the permission nopwnage.spam (effectively allowing for spam), which would rule out losing them too quickly for the time being.
If you do not really have problems with spam, you might remove the ban-commands (or replace by no-ops), or replace them by some tempban/kick thing.
I set the warn and ban levels about 200 higher than default, not sure what that will do.
A server restart seems necessary after changing the configuration.
And: no warranty for what i a mwriting here :)