since 09/08/2017 :)
----------------------------------------------------------------------------------------------------------
Who is this for:
Server admins who want to run serious survival servers, free of "ill fly around and noclip underground to get 999 mese/diamonds in 5 minutes while being undetected".
Does it work:
Yes, its being used in practice on @test@ Just Test II [SERVER] with 40-50 players.
Features:Spoiler
0. what it does:
- succesffuly detect noclip/fly. Its just a matter of time when someone noclipping/flying is detected. If boneworld mod is installed it will also monitor the speed of resource acquiring.
- players cant know when they are being watch since intervals are randomized
- lag resistant (see CHECK_AGAIN in settings)
1. moderators can:
-see full reports with coordinates of location as cheats occur
-use /crep to see cheat reports
-use /crep 1 to see a list of players together with their various statistics
-use /cdebug to see even suspected cheats to be verified later
-use /cchk NAME to check someone immediately
-use /watch NAME to spectate suspect/detected cheater, /unwatch to return to normal
managing moderators:
-edit names inside anticheatsettings.moderators in settings.lua
-Any player with kick privileges is moderator and is additionaly ignored by cheat checks. Use this for admin only - cheaters can then see who moderators are.
2. this mod works well with basic_vote mod. After cheater has been positively detected anyone can use /vote to kick, remove interact or kill cheater. Vote in this case is cast anonymously, under the name #anticheat.
I urge the mod author to actually release the source code of it, it's not a security threat at all. (We don't allow proprietary mods in Mod Releases, by the way.)
Source is provided - just not for the sensitive part of checking. complete source - making it easy for cheaters to see what they should look for kinda defeats the purpose of it. So we have 2 possibilities:
1. weaken it by providing full source
2. play it smarter
rnd wrote:Source is provided - just not for the sensitive part of checking. complete source - showing cheaters what they should look for kinda defeats the purpose of it. So we have 2 possibilities:
1. weaken it by providing full source
2. play it smarter
What license do you suggest?
The license used currently is fine (GPLv3+), but it's nothing if the full source code isn't available. Also, random server-side checks are not really weakened by providing source code…
But a binary-only mod only makes it harder to fix and improve.
If you write the server/client in the correct way using client side prediction / server side reconciliation, there is no need to use anti cheat, as the algorithms include it - the server simulates movement on its end, as well as on the client, to make sure there's no problems. But Minetest doesn't do this, and it's a little late to do add this
does not always return name of node at player feet position, for player positions where pos.y<0 it actually returns node 1 below player feet position. Another thing:
When player jumps and then lands on floor with sneaking sometimes player:getpos() will report player y-position not at integer.5 ( 4.5 for example), but something like integer.49888...288 ( strangely this number is always the same). This causes minetest.get_node(player:get_pos()).name to read position 1 block down again - making it unnecessarily difficult to read correct position without rounding it first.
2016-10-21 23:56:38: ERROR[Main]: ModError: Failed to load and run script from /home/juraj/.minetest/mods/anticheat/init.lua:
2016-10-21 23:56:38: ERROR[Main]: /home/juraj/.minetest/mods/anticheat/init.lua:94: attempt to call local 'anticheat_routines' (a nil value)
2016-10-21 23:56:38: ERROR[Main]: stack traceback:
2016-10-21 23:56:38: ERROR[Main]: /home/juraj/.minetest/mods/anticheat/init.lua:94: in main chunk
string.dump(function)
Returns a binary representation of the given function, so that a later loadstring on that string returns a copy of the function. Function must be a Lua function without upvalues.
-> maybe binary made on windows can't be loaded on linux. In this case someone needs to do it on linux.
i was curious so i installed minetest 0.4.14 under linux ubuntu from and gave it a try. Did:
0. installed minetest using Synaptic Package manager under Lubuntu
I'm assuming the bin file is compiled lua. Does compiled lua need to be run with identical lua versions? This is just a guess btw. I know to decompile lua, version IS important in many cases.
# Prevent mods from doing insecure things like running shell commands.
secure.enable_security = false
This will open vulnerability for any mod to run shell commands on your server or pc. Maybe it would be better to use "request_insecure_environment()" function in your mod so people can include it in the "secure" list instead of disabling the security for all mods ;)
# Comma-separated list of trusted mods that are allowed to access insecure
# functions even when mod security is on (via request_insecure_environment()).
#secure.trusted_mods =
But the following things shouldn't work:
Using some insecure functions like require(), os.execute(), or debug.getlocal().
Running compiled Lua bytecode.
It's trivial to decompile lua bytecode. If someone is going to take the time to try and find a weakness in an anticheat system, compiling lua to bytecode isn't going to do much to stop them.
I think that you should make the mod open-source because:
Your license assumes that your code is open-source (GPL v3.0)
This defeats the whole purpose of the linux operating system
With your license you would have to give the code when someone asks (see #1)
This is not allowed in mod releases
And for what?
If you don't want cheaters to analyze the code to cheat undetectably, the cheater would go to the next server. I mean, the server list shows the mod list! If I were a cheater and I saw an anticheat mod, I would not go on that server.
bigfoot547 wrote:I think that you should make the mod open-source because:
Your license assumes that your code is open-source (GPL v3.0)
This defeats the whole purpose of the linux operating system
With your license you would have to give the code when someone asks (see #1)
This is not allowed in mod releases
And for what?
If you don't want cheaters to analyze the code to cheat undetectably, the cheater would go to the next server. I mean, the server list shows the mod list! If I were a cheater and I saw an anticheat mod, I would not go on that server.
That is all.
Cheers, bigfoot547.
For what it's worth,
The code is pretty solid and has done a great job deterring cheaters on the Just Test 2 server. :)