One part of: The Ultimate Server Guide
This guide is part 3 of the ultimate server guide. For all other server stuff, check out the ultimate server guide. Includes: Making a server, using plugins, great plugins to have, stopping cheaters and griefers, and a noob's guide to permissions!
The Ultimate anti grief/cheat guide
How to stop cheaters and griefers dead in their tracks
- If you liked it, please Diamond and maybe Favourite ^_^
- Also, subscribe to me if you want more tutorials!
This setup will allow you to have a cheat/grief free server, but you should still learn how to use the plugins!
If a server doesn't have these plugins (or equivalent) you shouldn't bother playing on it.
It is the sole responsibility of a server owner to protect their server against griefers and cheaters. Here is a list of plugins to make it incredibly difficult for them to do anything on your server. I have given suggestions for the best plugins to have but you can just search on bukkit.org for an alternative if you prefer. NEVER give access to these plugins except to admins you 100% trust.
This is the bare minimum you need, or If you are running a really bad computer that you think really can't handle many plugins. Consider installing the remaining plugins available in the full version below to properly protect your server.
The definitive anti-cheating plugin. Stops flying and speed hacking, PvP hacks, chat spam, and more.
The best method of stopping X-rayers is using an ore obfuscation plugin. This basically means that every block appears to be an ore, making it impossible to see where any ores are. There is no risk of corruption to you world, it doesn't take up many resources, and it virtually won't affect your legit players. This is the only real way of stopping X-rayers having a huge advantage.
Before: You can see all ores, After: Everything appears to be ore. See this image
To view alternatives to ore obfuscation check the bottom of the guide
This a plugin which allows you to check where any griefing has taken place (blocks placed or broken) and then rollback everything within a certain radius or by a certain player. Example: 1 or more people destroys a load of houses and then places swastikas all over the map. You use the plugin to find out who did it, and then undo everything they did in one very simple command.
This is used to protect areas so that no-one can grief in the first place. There are alternatives you can find for yourself. I recommend using World Guard for protecting server things - spawn, shops etc. WorldGuard can also be used to stop fire spread, tnt, lava, water, creeper explosions and more. However I also recommend residence, because that allows people to buy their own protected land rather than having your mods/admins going round wasting time having to protect people's houses.
Allows you to lock doors and chests to prevent theft. As easy as it sounds.
To provide a very high level of security for your server.
You need to be able to backup your world in case of corruption, crashes, problems with your rollback plugin etc. It is also recommended to get an autosave plugin to save your world periodically.
NoCheat offers spam protection, but I highly recommend STAB or SpamGuard for an extra layer of control and protection. STAB features to note: log IP and name of any player that enters, kick for first offence of spamming, BAN for 2nd offence of spamming, log of anyone who has spammed once - this allows you to see who is using hacks. Incredibly useful features!
Invisible admin facility:
This allows you to turn invisible, stop mobs targeting you and disable pickup of items. Allows you to follow players without possibility of detection, very useful for watching new players and stalking players you think may be cheating/hacking/griefing. DO NOT use any other type of vanish plugin. Use VanishNoPacket.
Stopping lag from people deliberately dropping items
If you deliberately drop huge amounts of items it causes a massive amount of lag, which is very useful for griefers to create distractions. NoLagg helps prevent this and DropClear allows you to remove any drops.
Optional: Use MCBans
It is up to you whether to use MCBans. You cannot use MCBans for cracked servers. It is a system that allows you to globally ban players. Players that get enough bans are permanently banned from joining any server that uses MCBans. It can help put off some types of griefers, and stops griefers who have been globally banned from even joining your server. However make sure you read the MCBans pages to decide whether it is right for you. If you think you want to use MCBans read this
Important non-plugin stuff
Disable /version and /plugins commands
Disabling /version and /plugins prevents griefers from knowing what build of Bukkit you use, and which plugins you are protected by. This is very much to your advantage! They are available to everyone by default, so simply add a negative permissions node to everyone apart from your admins.
normal permissions node:
negative PermissionsEX node: (removes access to a particular command)
negative bPermissions node
The permissions nodes you need to restrict are:
Keep ontop of new exploits [IMPORTANT]
This is an incredibly important part of keeping a cheat/grief free server, but also one of the hardest things to do well. Try to search and find new exploits that are available in minecraft and the current build of Bukkit. It isn't easy, it is something you gradually get better at as you keep doing it. Once you know the exploits, let your admins know them and put procedures in place to detect and prevent them on your server. One of the best ways to do this is to actually become a griefer/cheater and learn the 'tricks of the trade'. I like to call it ethical cheating. Once you know what hacks are used it is much easier to notice when someone is using them.
Keeping track of exploits to get around plugins.
Keep track of duping (duplication) exploits. E.g. piston bug in beta 1.72
Keep track of exploits in the game: Godmode, flying bypasses, anti-invisibility hacks, invisibility hacks, PvP hacks, food exploits.
Alternative to Ore Obfuscation
Stopping X-rayers is a hotly contested topic. I personally weigh heavily towards using ore obfuscation. Why do I not suggest the following measures? I think there are too many disadvantages, and I hate people being able to cheat on my server.
Some cheaters will inevitably slip through the net.
Checking on players takes up time!
X-rayers still have all the advantages: avoiding lava, seeing ores, seeing hidden bases/chests
Clever cheaters can remain fairly undetectable.
If you do choose to use these alternatives, I highly recommend disabling '/plugins' so they do not have any idea what plugins you are using to protect against X-rayers. Here are my suggestions for the alternative:
This is a neat, effective plugin. It logs ores players find, the time they found it, the co-ordinates and the ratio of how far they mined before finding veins of ore. This allows you to notice suspicious findings and teleport to their mines and checkout whether their mines are clearly the result of Xraying to valuable ores.
This broadcasts to the server when anyone finds diamonds, which can help your players notice a cheater as well as your staff.
A lightweight plugin. Ores found are logged, and this plugin also allows you to set 'traps'.
This plugin is a bit more functional. In the logs, it also monitors the light level where the diamond was mined, and the number of ores in the vein. Also has the option to give a random item to all players on the server.