X-Ray Detective
Summary
A web-based tool that analyzes the mining behavior of users to detect users using X-Ray hacks. Detects both hacked clients and x-ray texture packs.
X-Ray Detective interfaces with your existing database logs to improve performance.
This is NOT a JAR server plugin. (See Requirements Below) This is currently a web interface only . A non web server JAR version may eventually be released at a later time... maybe. =)
Requirements
- Log-Block OR
HawkEyeORGuardian- (Guardian & HawkEye Not Yet Supported) [ Vote for other database type support on our Poll ] - MySQL Server - Flatfile will not be supported for performance reasons
- PHP Capable Web Server (PHP 5.3.0 or greater)
Features
- Database Integration - Does NOT modify chunks (Like Orebfuscator), requiring significantly less resources. Does NOT modify your LogBlock database. Stores all statistics in it's own table so you're not constantly scanning the entire LogBlock database.
- Automatic User Authentication - Use in-game usernames to authenticate. When a user logs into your server, they are automatically authenticated on the web script as well. All you have to do is make a list of which users can access the script.
- Password Based Authentication - Instead of username based authentication, this option allows anyone to login if they have the correct password.
- Multi-World Support - Each world has its own statistics
User Notes - Keep track of who is banned, jailed, warned, suspended. Automatically hide banned users from lists.MCBans Evidence Page - Allow guests access to only the page that shows the evidence for their crimes- Simple Interface - Display only the information that is important to you. List the users with the highest ore/stone ratios, hide users until they have broken enough blocks for accurate statistics,
hide/show banned users, etc. Users who are new to your server are also marked so you can focus on who is most likely to be cheating. Customizable Sensitivity Settings - Increase or decrease the sensitivity settings for flagging users as X-Rayers.
Sample of Web Interface
User Summaries
How It Works
X-Ray Detective interfaces with Log Block or Guardian to analyze the behavior of users. Users using hacked clients and other exploits exhibit different behavior than regular users, so they can be discovered by use of statistical analysis.
X-Ray Detective looks for the following patterns:
Simple Patterns
- Ratio of ores to stone - The average user may find a diamond once out of every 300 blocks mined. A very lucky user may find a diamond once out of every 200 blocks. However, a user with X-Ray may consistently find diamonds in 1 out of every 30 blocks mined. Some X-Rayers even discover diamonds in 1 in 10 blocks! This is 10 to 30 times the average rate!
Complex Patterns (Coming soon!)
- Steep Incline Before Ores - Normal users generally mine on a flat level. They do not move up or down much while mining. X-Rayers mine directly to the nearest ores, which are rarely at the same depth as the user, so they dig diagonally towards ores.
- Only Mining Exposed Ores - Users who use an X-Ray texture pack will have very high incidence of mining ores that are already exposed in natural caverns. They cannot see the ores hidden behind stone, but they can see exposed ores.
- Not Mining After Finding Ores - Does the user stop mining immediately after discovering ores? This may indicate they know they have already mined all nearby ores.
Mining Without Torches- Mining without torches sometimes indicates that a user is using a client hacked with a fullbright mod to see in the dark. They may also be using other mods as well. Obviously, this alone does not indicate cheating (they may just have their Gamma turned up), but some admins find this information useful.Covering Tracks- Sometimes X-Rayers will try to cover their tracks from snooping admin by filling their mine tunnel with dirt or stone.
Get Involved
If you are interested in testing the script, check out the Downloads page.
We assume that you already have LogBlock fully configured and running smoothly with MySQL (not flatfile), and a functional webserver with PHP.
Although X-Ray Detective NEVER modifies the contents of the LogBlock database, you may be required to reset / delete the statistics X-Ray Detector collects over time. The statistics can be easily regenerated. This will occur if we make significant changes to the database structure.
Also, you might occasionally have to re-edit your config files when we add new options. We don't currently have an automatic config-file upgrader implemented.
Support
If you have any problems with X-Ray Detective, create a Ticket on the Issues Tracker.
I will do my best to respond in a timely manner.
Known Issues
- Single Player Stats Page - Not yet working - This page includes the advanced statistics
- Global Stats Averages - Not yet implemented
- Blank xray.php - Make sure you're using the latest version. If your xray.php page is blank, set "display_errors" to "on" in your php.ini configuration file. An error is occurring before anything can be displayed. Turning this setting on will provide information on what error is halting the script.
@RedPoptarts
It's 35mil DB (2.5GB unpacked), I will pack it with maximum compression and upload it and send you direct link to it.
Hawk actions: http://dev.bukkit.org/server-mods/hawkeye/pages/other-information/what-does-it-log/
@RedPoptarts
I currently have 1, if you upload a dump to a site like rapidshare or something then PM the link, I will also download your HawkEye database.
@nLocus
Thanks, the next version will check for a properly setup PHP timezone before completing the setup.
You still need HawkEye mysql dump?
I was getting an Exception thrown by this script:
[Thu Apr 12 11:38:35 2012] [error] [client 68.45.26.92] PHP Fatal error: Uncaught exception 'Exception' with message 'DateTime::__construct() [<a href='datetime.--construct'>datetime.--construct</a>]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead' in /var/www/xray-Detective/xray.php:187\nStack trace:\n#0 /var/www/xray-Detective/xray.php(187): DateTime->__construct()\n#1 {main}\n thrown in /var/www/xray-Detective/xray.php on line 187, referer: http://softslayer.com/xray-Detective/setup.php
I fixed it by adding
date_default_timezone_set('America/New_York');
Before line 187 in /xray.php. Just thought you might like to know. Using version v0.03.00 alpha
@stickeric123
You are using an older version of PHP. X-Ray Detective requires PHP 5.3.0 or greater.
@stickeric123
You have to active everything!
e.g.::: socket_create(), create_rountine(), create()
I have an error
Fatal error: Call to undefined function date_create_from_format() in public_html/xray/xray.php on line 714
Thanks! Works well! :)
Hope you can continue it for 1.2.5, too!
+1 +1 +1
even in the alpah state its efective we got already found one xrayer ;)
Wow, very well done. Looks great. I can't wait till it's finished.
@arriej
Download the latest version, v0.02.00a. I have made some changes that I believe should fix your specific problem. Let me know if it still doesn't work.
Also, in the future, please make a ticket on the issues tracker for support, I check it more often. =)
it has all the permssions for the whole mysql database:
dont know what i can do more
it already has pemsissons to create becouse it made the tables in the database
@arriej
The account you are using to connect to your MySQL database does not have the proper permission to be using X-Ray Detective. You must enable the following permissions to that mysql user account:
Make sure that your username has all the privileges for all of the X-Ray tables:
Additionally, I have created a ticket on the tracker that will make sure that in the future you can't complete the setup script if your mysql username doesn't have the correct permissions.
@arriej
@arriej
also getting this when updating: Processing...
Processing World [Awesome1] ...This world was last checked on: 2012-01-01 00:00:00 ...The last break in this world occurred on: NEVER (No logs) ...Beginning User Scan, Please Be Patient...SQL_QUERY[newbreaks]: INSERT INTO `minecraft`.`x-stats` (`playerid`, `worldid`, `diamond_count`, `gold_count`, `lapis_count`, `mossy_count`, `iron_count`, `stone_count`) SELECT p.playerid, '3', IFNULL(diamond_info.cnt,0) AS diamond_count, IFNULL(gold_info.cnt,0) AS gold_count, IFNULL(lapis_info.cnt,0) AS lapis_count, IFNULL(mossy_info.cnt,0) AS mossy_count, IFNUlL(iron_info.cnt,0) AS iron_count, IFNULL(stone_info.cnt,0) AS stone_count FROM `lb-players` AS p INNER JOIN (SELECT playerid, count(playerid) AS cnt FROM `lb-awesome1` WHERE ((date BETWEEN '2012-01-01 00:00:00' AND '2012-04-01 19:01:19') AND replaced = 1 AND type = 0 AND y <= 50) GROUP BY playerid) AS stone_info ON p.playerid = stone_info.playerid LEFT JOIN (SELECT playerid, count(playerid) AS cnt FROM `lb-awesome1` WHERE ((date BETWEEN '2012-01-01 00:00:00' AND '2012-04-01 19:01:19') AND replaced = 56 AND type = 0 AND y <= 50) GROUP BY playerid) AS diamond_info ON p.playerid = diamond_info.playerid LEFT JOIN (SELECT playerid, count(playerid) AS cnt FROM `lb-awesome1` WHERE ((date BETWEEN '2012-01-01 00:00:00' AND '2012-04-01 19:01:19') AND replaced = 14 AND type = 0 AND y <= 50) GROUP BY playerid) AS gold_info ON p.playerid = gold_info.playerid LEFT JOIN (SELECT playerid, count(playerid) AS cnt FROM `lb-awesome1` WHERE ((date BETWEEN '2012-01-01 00:00:00' AND '2012-04-01 19:01:19') AND replaced = 15 AND type = 0 AND y <= 50) GROUP BY playerid) AS iron_info ON p.playerid = iron_info.playerid LEFT JOIN (SELECT playerid, count(playerid) AS cnt FROM `lb-awesome1` WHERE ((date BETWEEN '2012-01-01 00:00:00' AND '2012-04-01 19:01:19') AND replaced = 48 AND type = 0 AND y <= 50) GROUP BY playerid) AS mossy_info ON p.playerid = mossy_info.playerid LEFT JOIN (SELECT playerid, count(playerid) AS cnt FROM `lb-awesome1` WHERE ((date BETWEEN '2012-01-01 00:00:00' AND '2012-04-01 19:01:19') AND replaced = 21 AND type = 0 AND y <= 50) GROUP BY playerid) AS lapis_info ON p.playerid = lapis_info.playerid GROUP BY p.playerid ON DUPLICATE KEY UPDATE `diamond_count`=`diamond_count`+VALUES(diamond_count), `gold_count`=`gold_count`+VALUES(gold_count), `lapis_count`=`lapis_count`+VALUES(lapis_count), `iron_count`=`iron_count`+VALUES(iron_count), `stone_count`=`stone_count`+VALUES(stone_count)
INSERT,UPDATE command denied to user 'blockmad_xray'@'localhost' for table 'x-stats'
the account that is conected with the database do have all the perms of editing and stuff for the database dont know if its me or the webthing/plugin ( using the same database btw)
@arriej
and this: Warning: Invalid argument supplied for foreach() in /home/blockmad/public_html/mod/xray.php on line 1068
if an mod want to sign in he get the message that i run this for the first time, but i intaled it all already, and a : Warning: Invalid argument supplied for foreach() in /home/blockmad/public_html/mod/xray.php on line 832
til so far looking freaking nice, looking forward to use it when it ist 100% working and i keep testing
Hey guys, v0.01.00 alpha has been released.
Let me know if you guys have any problems.... or even if you DON'T have problems and it works like a charm, so I'll know there isn't anything major I need to be worrying about. =)
Looks very nice!
could u tell me when it is out, wow this is nice