X-Ray Detective
Summary
A web-based tool that analyzes the mining behavior of users to detect users using X-Ray hacks. Detects both hacked clients and x-ray texture packs.
X-Ray Detective interfaces with your existing database logs to improve performance.
This is NOT a JAR server plugin. (See Requirements Below) This is currently a web interface only . A non web server JAR version may eventually be released at a later time... maybe. =)
Requirements
- Log-Block OR
HawkEyeORGuardian- (Guardian & HawkEye Not Yet Supported) [ Vote for other database type support on our Poll ] - MySQL Server - Flatfile will not be supported for performance reasons
- PHP Capable Web Server (PHP 5.3.0 or greater)
Features
- Database Integration - Does NOT modify chunks (Like Orebfuscator), requiring significantly less resources. Does NOT modify your LogBlock database. Stores all statistics in it's own table so you're not constantly scanning the entire LogBlock database.
- Automatic User Authentication - Use in-game usernames to authenticate. When a user logs into your server, they are automatically authenticated on the web script as well. All you have to do is make a list of which users can access the script.
- Password Based Authentication - Instead of username based authentication, this option allows anyone to login if they have the correct password.
- Multi-World Support - Each world has its own statistics
User Notes - Keep track of who is banned, jailed, warned, suspended. Automatically hide banned users from lists.MCBans Evidence Page - Allow guests access to only the page that shows the evidence for their crimes- Simple Interface - Display only the information that is important to you. List the users with the highest ore/stone ratios, hide users until they have broken enough blocks for accurate statistics,
hide/show banned users, etc. Users who are new to your server are also marked so you can focus on who is most likely to be cheating. Customizable Sensitivity Settings - Increase or decrease the sensitivity settings for flagging users as X-Rayers.
Sample of Web Interface
User Summaries
How It Works
X-Ray Detective interfaces with Log Block or Guardian to analyze the behavior of users. Users using hacked clients and other exploits exhibit different behavior than regular users, so they can be discovered by use of statistical analysis.
X-Ray Detective looks for the following patterns:
Simple Patterns
- Ratio of ores to stone - The average user may find a diamond once out of every 300 blocks mined. A very lucky user may find a diamond once out of every 200 blocks. However, a user with X-Ray may consistently find diamonds in 1 out of every 30 blocks mined. Some X-Rayers even discover diamonds in 1 in 10 blocks! This is 10 to 30 times the average rate!
Complex Patterns (Coming soon!)
- Steep Incline Before Ores - Normal users generally mine on a flat level. They do not move up or down much while mining. X-Rayers mine directly to the nearest ores, which are rarely at the same depth as the user, so they dig diagonally towards ores.
- Only Mining Exposed Ores - Users who use an X-Ray texture pack will have very high incidence of mining ores that are already exposed in natural caverns. They cannot see the ores hidden behind stone, but they can see exposed ores.
- Not Mining After Finding Ores - Does the user stop mining immediately after discovering ores? This may indicate they know they have already mined all nearby ores.
Mining Without Torches- Mining without torches sometimes indicates that a user is using a client hacked with a fullbright mod to see in the dark. They may also be using other mods as well. Obviously, this alone does not indicate cheating (they may just have their Gamma turned up), but some admins find this information useful.Covering Tracks- Sometimes X-Rayers will try to cover their tracks from snooping admin by filling their mine tunnel with dirt or stone.
Get Involved
If you are interested in testing the script, check out the Downloads page.
We assume that you already have LogBlock fully configured and running smoothly with MySQL (not flatfile), and a functional webserver with PHP.
Although X-Ray Detective NEVER modifies the contents of the LogBlock database, you may be required to reset / delete the statistics X-Ray Detector collects over time. The statistics can be easily regenerated. This will occur if we make significant changes to the database structure.
Also, you might occasionally have to re-edit your config files when we add new options. We don't currently have an automatic config-file upgrader implemented.
Support
If you have any problems with X-Ray Detective, create a Ticket on the Issues Tracker.
I will do my best to respond in a timely manner.
Known Issues
- Single Player Stats Page - Not yet working - This page includes the advanced statistics
- Global Stats Averages - Not yet implemented
- Blank xray.php - Make sure you're using the latest version. If your xray.php page is blank, set "display_errors" to "on" in your php.ini configuration file. An error is occurring before anything can be displayed. Turning this setting on will provide information on what error is halting the script.
Been using Hawkeye for months - cant wait ;)
Quick! Release it! XD
I'm anxiously awaiting HawkEye Support
@harryjamesuk
you can already use it, if you use loglbock. its a great script!
Can't wait to see this ;)
@dogfeeder
Guardian is actually more similar to HawkEye in terms of the SQL schema, so they can be implemented at the same time.
Due to logblock and Guardian having similar backends, it should be fairly fast to implement support for it?
Isnt Log Blog not up kept anymore?
@robbowojo
Please create a ticket for this issue.
What page is giving you this error? Do all other pages of the script seem to perform normally? Are you past the setup stage?
@kyledag500
CoreProtect does not appear to store its data in a MySQL database. This would be necessary to be able to extract the important information. Without this feature, we cannot consider supporting it.
Diag:
HEY! I undestand if you have a priority for your database. I was just wondering if it will support all to some extent. I have coreprotect, i found it easier. Will it work with this plugin?
@RedPoptarts i host the blockmadness website by a differned host so maybe its that
@arriej
Mods should have no problem since they are most likely not within the LAN of your webhost or MC Server. This problem usually only affects the main administrator/owner.
Are your moderators also having authentication problems in Username mode?
@RedPoptarts
uhm well then that is the problem, i host my server by Redstonehost.
is there no other way that my mods can login on the script? witout failsafing?
Thanks
@arriej
So you're having problems with the Username mode finding the correct IP. If the computer you host the Minecraft server on is different from the webhost, you may have to add your IP to the failsafe list to login.
For instance, if I login to my MC Server from the same computer that the MC Server is running on, it will log my IP address into the LogBlock table as '127.0.0.1' (localhost). But when I run the X-Ray script, the remote webhost sees my external IP address (123.45.67.89). It concludes that my IP 123.45.67.89 is not equal to 127.0.0.1, and thinks I am not a valid user.
Note that this problem will NOT occur if you login to your server from a computer outside the LAN of both the webhost and MC server. If you are inside either LAN, then your IP is seen differently by each computer, thus the mismatch.
@stickeric123
We're not trying to detect griefers, that is beyond the scope of this plugin. Besides, all you can deduce from logs is who is breaking them, you can't accurately tell if they are allowed to break them. If you are worried about stopping griefers, you need something to prevent them from destroying property that's not theirs in the first place (our server uses Towny). Or, if that information is really important to you, LogBlockStats already shows you this type of information. You can also configure WorldGuard to alert any mods/admins if a user breaks DiamondBlock, as well as log it to a file.
@stickeric123
its an anti xray not an anti grief plugin/software.
@RedPoptarts
when i remove all the failsafed ip and put it on username it is giving me this message:
You are not authorized to view this page:
Could not find any users matching your IP.
so what can i so about that?
@RedPoptarts
Switched host it works now, Also maybe an idea to add DiamondBlocks in the list (Griefers ussualy mine those)
@arriej
The feature that allows a user to login on the minecraft server and instantly be authorized on the script is already functional. Set the Authentication Mode to 'Username' on the setup page. (Sometimes they need to login to the minecraft server twice if using a different IP than before)
can i already use the feature that listed player need to login on the web or do i still need to list there ip?
If not when wil this be added?