AI Disclosure
IOBIAC is built, maintained and supported by IOBI's Team. The system itself is ours: we studied how GMod servers actually get attacked, came up with the core protection approach, designed the threat model, and decided how each module works. We validated the whole thing on a live server before release.In line with Pivity's AI Usage Policy, here is where AI tools assisted us: scaffolding and running tests so we could get reliable, repeatable results; suggesting refactors and performance improvements that we reviewed and validated; assisting with code generation that we then reviewed, completed and integrated; and drafting documentation that we edited. We can explain why each module, storage choice and technique was chosen, we debug and extend the code ourselves, and we maintain it without depending on AI to reinterpret it.
Overview
We built IOBIAC to deal with the things that actually take a GMod server down: code-execution exploits, backdoors, people quietly handing themselves admin, and the net spam used to lag or crash a box. It runs on the server, drops into any gamemode, and starts working the second the server boots. And it won't false-ban your players, because on a fresh install it doesn't punish anyone at all until you say so.It isn't a re-skinned griefware menu, and it isn't an aimbot scanner. Every layer runs server-side, and we've hardened it against cheats people actually use in this scene, LOKI, Limon, afri, ExploitCity and others, so it reacts to what they really do rather than a checklist of theory.
Why we'd pick it over the usual options
Most anti-cheats get their bad name the first time they ban a regular for nothing. IOBIAC ships warn-only: it watches, scores and logs, and it won't kick or ban a soul until you turn enforcement on yourself. You decide how aggressive it gets.The parts that matter run on the server, not the client. A cheat can own a player's game all it likes, but it can't talk its way past checks it never gets to see.
There's no giant whitelist to babysit either. It learns what your server's normal traffic and console commands look like and flags the odd ones out, so it fits whatever gamemode and addon stack you run without a config session.
It also has a couple of traps most don't have: honeypot channels nobody legitimate ever touches, and a honeytoken, which is a planted secret that only a cheat would ever grab and send back. Those are about as close to a false-positive-proof signal as you get, which makes them safe to auto-ban on.
And it looks after itself. It takes its baseline before any other addon loads, sits on its network pipeline behind a watchdog that puts it back if something tries to shove it aside, and notices if a detector gets quietly switched off. Half the free anti-cheats in this scene are backdoors themselves; this one isn't, and the code is there to read.
What it actually stops
Exploits and backdoors. It owns one inbound network pipeline and looks at every message before it reaches a handler, so a hidden backdoor channel gives itself away the first time it fires.Self-promotion to admin. There's a guard on rank changes that catches someone trying to hand themselves or a mate admin from untrusted code, and it leaves your real admin mod alone, whether that's ULX, SAM, ServerGuard, FAdmin, DarkRP or Helix.
Net floods and oversized packets, the stuff used to lag or crash a server, get rate-limited and size-capped.
- Channels and console commands it has never seen a real player use get flagged.
- Known cheats, by signature.
- Clients that have patched or muted their own copy of the anti-cheat.
How the detection works
There's no single magic trick here. It runs several independent checks and adds them into a per-player score, so getting past one doesn't get you past the rest.Everything inbound goes through IOBIAC first, so backdoor channels, floods and oversized payloads are all judged in one place instead of scattered around the codebase.
The honeypot and honeytoken: poke a trap channel and you've outed yourself; send the planted secret back and you've proven it, because a normal player has no way to produce that value.
The learned allow-set is what catches a brand-new backdoor a signature list has never heard of. It doesn't need to recognise the cheat, it just notices the channel is something your players never touch.
Signatures still pull their weight. On the client it looks for known cheat globals, commands, fonts, files and UI; on the server it digs through the registered network names for exploit strings. That list comes from real leaked cheats and we keep topping it up.
For tampering, it snapshots the clean standard library before any addon loads, then runs randomised, server-driven audits against that baseline. A patched net library or a hooked fire-bullets call shows up as drift. A challenge-response heartbeat means a client that rips the anti-cheat out goes dark where we can see it, instead of just going quiet.
Weak signals stay advisory; strong server-side ones rise to the top of the admin queue. That's the balance we were after: catch the real stuff without burying you in noise.
It won't ban your players
Worth being blunt about, because it's the whole reason we built it this way. Out of the box IOBIAC is warn-only. It detects, scores and logs, and nothing auto-kicks, auto-bans, drops a packet or strips a rank until you flip enforcement on, ideally after you've watched it run clean for a few days.A false positive can't punish anyone by itself. Alerts land with your admins, with one-click Ban, Kick, Warn or Whitelist, so a person is always the one deciding. When you're ready, enforcement is opt-in and per-feature: switch on only what you trust, and you can let the high-confidence server-side hits like honeypot probes and returned honeytokens auto-ban on their own without touching anything else.
If an anti-cheat has ever banned your own regulars, that's the part that matters here.
Performance
It's written for what srcds actually is, single-threaded, and for a busy DarkRP or Helix server. No per-frame scans, no per-entity traces, nothing that gets pricier as your prop count climbs.Rough cost, around 30 players at 66 tick:
- Idle, nobody cheating, which is nearly all the time: under 0.1% of a tick, just a couple of cheap watchdog and heartbeat checks.
- Normal play, about 500 packets per second: roughly 1-2%.
- Heavy network burst, about 1500 packets per second: roughly 3-6%.
Compatibility
- Windows and Linux dedicated servers, VPS or VDS. Pure Lua, no native binaries, nothing platform-specific to install.
- Any gamemode: DarkRP, Helix, TTT, Sandbox and custom. Nothing is wired to one framework.
- Recognises the common admin mods: ULX and ULib, SAM, ServerGuard, Evolve, FAdmin, DarkRP, Helix and NutScript.
English and Russian included.
Installation, about two minutes
- Drop the addon folder into garrysmod/addons.
- Restart the server or change the map.
- That's it. It loads from a single entry point, so watch the console for the load lines.
Configuration and going live
It's all in one config file, with comments on the thresholds and intervals. The rollout we'd suggest:- Install it and leave it on defaults. It's warn-only, so let it watch a few days of real traffic while the allow-set learns what's normal on your server.
- Skim the log and the panel, and make sure your legit addons and admin tools aren't getting flagged.
- Turn on enforcement once you're comfortable, the master switch plus the per-feature ones. Promote the honeypot and honeytoken hits to auto-ban if you want; they're safe for it.
Admin tools
A live panel that scores everyone connected, shows their last detection and status, and gives you one-click Ban, Kick, Warn and Whitelist.- On-demand screenshots. Ask for a suspect's screen; the capture is nonce-bound so it can't be faked.
- IP intelligence: alt-account correlation, Steam family-share detection, and optional VPN or proxy lookups, off by default.
- Quarantine, for when you want to watch someone without kicking them.
- A detection log you can filter by name, SteamID, category or date.
- Live network analytics and on-demand exploit-string discovery.
Permissions are granular. Every function is its own permission and they all show up in SAM and ULX, so you can give a moderator the panel and warnings without giving them the ban button.
Built to survive someone who's actually trying
An anti-cheat that can be switched off in one line isn't worth much. IOBIAC takes its baseline before any other addon loads, so it's measuring against the real standard library rather than something already tampered with. It holds its spot on the network pipeline behind a watchdog that reinstalls it if something tries to replace or disable it. It catches state-level tampering, a detector quietly turned off, a handler swapped out, an attempt to mute its own reporting, and puts things back. And between the server-driven audits and the heartbeat, a client that strips it out goes dark visibly instead of slipping away unnoticed.What you get
- The full addon as a single drop-in folder.
- One documented config file with safe defaults.
- English and Russian language files.
- Ongoing signature and corpus updates.
Notes
IOBIAC is a server-side tool: exploits, backdoors, RCE, privilege escalation, network abuse and client tampering. It is not a behavioural aimbot or ESP detector, and we'd rather say that plainly than have you buy the wrong thing. It's the layer that keeps your server from being crashed, backdoored or taken over.It's safe to run alongside your existing admin mod and other addons, and it's hardened against real, leaked cheats rather than theoretical ones. Runs on Windows and Linux dedicated servers, VPS or VDS.
