ZenithDetector
Multi-Vector Client Detection
Translation Fingerprinting · OpSec / Privacy-Mod Detection · IP Intelligence
Detect hack clients — even the ones built to be invisible — through Minecraft's own systems.
No ProtocolLib. No packet sniffing. No client software required. Just results.
What Is ZenithDetector?
ZenithDetector is a passive, multi-vector client-detection engine for Paper 1.21.4+ servers.
It started as a single trick — abusing Minecraft's sign editor to force clients to reveal themselves through their own translation pipeline. It is now a full detection suite that runs several independent vectors in parallel and combines them into a single confidence verdict, so a cheater has to beat all of them at once instead of just one.
Most checks are completely invisible and leave zero client-side footprint. The ones that need a probe are placed only for the target player and disappear within a tick — other players never see a thing.
How It Works — Multiple Vectors, One Verdict
Each player is examined by several detectors at once. Every detector contributes findings; the engine fuses them into a single risk level (Clean → Low → Medium → High → Critical) plus a hidden-client confidence score, then decides whether to alert, log, or enforce.
Translation Fingerprinting
The original engine. An invisible, single-player server-side sign is filled with translation keys unique to specific clients. The client auto-translates the keys it recognises; the plugin reads the response and compares it against expected fallbacks. Translated text = client identified. A second confirmation pass re-checks only flagged signatures before any alert fires.
Brand & Channel Analysis (100% passive)
Reads the client's brand string and every plugin channel it registers — no probes sent, instant, and impossible for the player to notice. Cross-references brand vs. channels to catch a cheat channel on a "vanilla" brand, brand spoofing, channel hiding, and known spoofer signatures. Works on every client, even ones that block translation probes.
OpSec / Privacy-Mod Detection
Mods like OpSec, ExploitPreventer and NoChatReports exist specifically to hide from anti-cheats by filtering translations, faking resource-pack responses, and stripping chat signatures. ZenithDetector hunts them directly:
- Translation-filter probing with multi-locale "canary" keys that a privacy mod can't selectively whitelist.
- A local-URL timing probe that exploits how these mods block local resource-pack URLs — a structural tell that can't be masked without disabling the mod's own protection.
- Chat-signature analysis that flags paid accounts which advertise signing but never sign (NoChatReports / OpSec "off" mode) — fully passive, and correctly silent on cracked/offline servers.
- Resource-pack spoofer / auto-accept detection (e.g. clients that "accept" a pack they never downloaded).
Resource-Pack Alt Detection
Fingerprints each client's resource-pack cache. Two different accounts that produce the same cache fingerprint are flagged as likely alts — across sessions and across accounts.
Client Identification (info)
Passively identifies legitimate clients — LabyMod , Lunar (incl. Apollo), Badlion,
Companion Mod (optional, authoritative)
For "must-use-our-mod" servers, an optional client mod reports the full, authoritative installed-mod and resource-pack list. See the Companion section below.
Preconfigured Detection — Out of the Box
Dozens of clients and mods ship configured by default. Everything is editable, and you can add your own in seconds.
Hack / Cheat Clients
Meteor · Wurst
Minimap · Radar
Xaero's Minimap · Xaero's Worldmap · JourneyMap · VoxelMap · CivVoxelMap · Entity Radar · Chest Tracker · SeedCracker / SeedMapper
Utility · Automation
Baritone, and more
Privacy / Evasion Mods
OpSec · ExploitPreventer · NoChatReports · Resource-pack spoofers / auto-accept
Legit Clients Identified
LabyMod · Lunar (Apollo) · Badlion · Feather · Essential · 5zig
● Need to detect something not on the list? Add the brand, channel, or translation key to the config — no update required.
IP Intelligence
(optional · privacy-first · off by default)
(optional · privacy-first · off by default)
Turn on a dedicated layer for connection-based detection:
- Alt-account scoring — links accounts by shared IP, subnet, ASN, ISP, login timing and session patterns into a 0–100 confidence score, with human-readable reasons.
- VPN / proxy detection — flags connections coming through VPNs, proxies and hosting providers.
- GeoIP — country / region / ISP / ASN per connection.
- Optional login gate — auto-kick on VPN or on a high alt-score, with custom kick screens and staff bypass lists.
- Lookups —
/zdetect iphistory,/zdetect alts,/zdetect iplookup.
ZenithCompanion — Optional Client Mod
For networks that require their own client mod, ZenithCompanion turns cooperative players into a fully-visible source of truth.
- Authoritative mod & pack list — every installed mod (with per-jar SHA-256) and active resource pack, reported on join. No more guessing from what a client leaks.
- Cheat / X-ray flagging — reported mods are matched against a built-in (and fully editable) cheat list.
- Anti-alt — links accounts that share the same physical machine via a persistent install ID and a hardware signature, and surfaces other Minecraft usernames stored locally by launchers on that PC. It never collects passwords, emails or session tokens — usernames only.
- Resilient reporting — a cooperative report still reaches the dashboard even when a client-side anti-detection mod tries to block the in-game channel.
- Branded Discord Rich Presence — show off your server on players' Discord profiles (custom text, image, buttons, elapsed timer).
Platforms: Fabric & NeoForge, Minecraft 1.21.x.
A full companion web app, managed by us — no self-hosting required. Sign in with Discord; your server role drives your access.
Live Detections
See flagged and clean players in real time, filter by severity, search by name/UUID, and drill into any player: session timeline, 14-day activity heatmap, per-finding evidence, detected clients with cover art, and IP / companion intel — all on one page.
Analytics
Org-private stats: 30-day trend, severity distribution, top offenders, most-triggered signatures, and activity by hour and weekday.
Two Connection Modes
- Push — the plugin sends data out to the dashboard. Works on hosts with no open ports (Aternos, free panels, shared hosting).
- Pull — the dashboard reads from your server (whitelist our IP). Includes a built-in firewall-rule generator and an external lock-down verifier.
Multi-Server
Pair as many servers as you like under one organisation — view each gamemode separately or all together.
Visual Config Builder
Generate config.yml, web-api.yml, the privacy-mod module config, and your fingerprints.yml from a form, with a live YAML preview and an "upload your current config to pre-fill" option. Nothing is stored — tweak and re-download freely.
Self-Service Fingerprint Registry
Drop a mod's .jar on the site; a sandboxed parser extracts candidate translation keys (the jar is never executed). Staff verify each entry, and it joins your verified registry — available via a JSON API.
Companion Center
Build, brand and publish your Companion jar, monitor connected players (mod list, threat ranking, alts), and get Discord alerts on flagged joins.
Team & Security
Invite a sub-customer via the Discord bot, manage your organisation, and protect your account with optional 2FA (any standard authenticator app + one-time backup codes).
Commands & Permissions
Code:
COMMAND PERMISSION DESCRIPTION
/zdetect check <player> [modules] zenithdetector.check Run a detection probe
/zdetect gui zenithdetector.check Open the live staff GUI
/zdetect history <player> zenithdetector.check Confirmed-detection history
/zdetect info <player> zenithdetector.check Current / last session status
/zdetect lang <player> zenithdetector.checklang Run a locale probe
/zdetect alerts zenithdetector.alerts Toggle live alerts
/zdetect reload zenithdetector.reload Reload configuration
/zdetect pair <code> <server> zenithdetector.pair Link the server to the dashboard
- zenithdetector.bypass Exempt a player from all probes
Aliases:
/zd and /zdetector. Alerts can be filtered per-module and per-severity with permission nodes. IP-intelligence lookups (/zdetect iphistory · alts · iplookup) unlock when that feature is enabled.Requirements
- Paper 1.21.4+ (any Paper fork — Purpur, Pufferfish, Folia all supported)
- Java 21
- No ProtocolLib, no dependencies required
Performance
Code:
Metric Value
Passive checks (brand/channel) Instant
Full multi-vector scan ~1.5 seconds
Shielded client detection < 100 ms
Confirmation pass ~300 ms
TPS impact None
Memory footprint Negligible
Runs fully async and is Folia-native.
Ready to protect your server?
ZenithDetector works silently in the background — your players will never know it's there, but cheaters will.
Support: HERE
ZenithDetector works silently in the background — your players will never know it's there, but cheaters will.
Support: HERE
Q: Where can I find the license?
A: The license is injected automatically when you download the plugin from BuiltByBit. Otherwise, open a ticket to request it.
Q: Do I need ProtocolLib?
A: No.
Q: Do players have to install anything?
A: No. The Companion mod is completely optional — every other vector works with no client software.
Q: Do I have to host the dashboard?
A: No. It's managed by us. After purchase, join the support Discord and request the customer zdetector role, then sign in at zenithprojects.it/ZenithDetector.
Q: Will it false-flag legit players?
A: Detections are fused from multiple vectors with a confirmation pass and a confidence threshold, and legit clients are identified and whitelisted — designed to keep false positives to a minimum.
Q: Is the plugin obfuscated?
A: Yes.

Hearing it's exactly what your network needed is the best compliment we could ask for, and I'm really glad the support side lived up to it too, keeping our customers happy is the whole point for us
Great timing as well: the big v2.0 update is now live, packed with new detection vectors and features, all included free for existing customers like you. If you ever need anything or have suggestions, you know where to find me on Discord.
Thanks again for the trust and the recommendation!
— Zenith Projects