FairPlayMinecraft (Client-side anticheat)

[Lubenica]

You can buy the plugin from https://www.spigotmc.org/resources/fairplayminecraft-client-side-anticheat.17071/

Versions legend: pl: <plugin version> , app: <application version>

​

Do cheaters on your server ruin the gameplay for players that are playing legit, and therefore legit players are going away from your server? You don't have enough time to monitor all the players on your server nor the will to do it? Well, congratulations, you just found a great plugin to put all your worries away!​

FairPlayMinecraft is a client-side anticheat system which eliminates cheaters on a Minecraft server with ease. Players are being checked client side, which means the checks are not done on the server which results zero lag to the server.

• fast and lightweight - players are being checked client side, which means the checks are not done on the server which results zero lag to the server
• you can choose which versions (clients) and mods your players will be able to join with
• your players can be asked to go through the check on every join OR they can be asked to go through the check only if you run /fpmc check <nick> command on them
• active development - this project is being actively developed. I am open for new feature requests and of course for bug reports

Here is a video preview for the system in an early beta version I made a while ago (I am planning to make a new, updated one) so you can see how it works:

​

The system consists of three parts:

1. Spigot/CraftBukkit plugin
This part checks if player has ran the application which is used to scan if player has hacked client installed. Before running the application, player has restricted access to the server (eg. he is not allowed to move, to execute commands... - all that can be configured). When player runs the application which scans its Minecraft installation, the data is sent to the main server and then to the Spigot plugin. So the plugin receives the results and let the player play if it doesn't have any cheats installed, or run a command from configuration file if player has a cheat.

2. The application
The application scans player's Minecraft to see if he/she is running a cheat/hacked client. After that, it sends the results to the server which then does the rest.

3. Main server
The main server is used for the updating system and as a communication between the application and the plugin. It also sends the cheats filter to the application which allows it to determine if player is playing with cheats.

Some of you may think that this is a funny and unusual way of eliminating cheaters but, trust me, it is a good and precise way. I have been running a server with an average of 150 online players with this system. Although many of my players were young, they didn't have difficulties understanding what they have to do in order to play on the server. I must say that my players were very happy about that system because they could (finally) play normally, without cheaters. Also, my staff team had less to do - they did not have to monitor all the players one by one.

1. Download the plugin. It will be in a .zip format. After you upack it, you will see two files - FPMC_plugin.jar and FPMC.exe.
2. Put FPMC_plugin.jar in your "plugins" folder and restart your server. A config file and a welcome.txt will be generated at the following location: plugins/FairPlayMinecraft/.
3. Modify the configuration and welcome file as you wish and restart the server. Welcome file defines the message that will be sent to player that joins the server asking him to run the application.
4. FPMC.exe is the application which has to be ran in order to play on the server. You can upload it somewhere and provide a link to your players or you can just give them this link:
http://fpmc.minex.ovh/download

​

I totally recommend Nitrous Networks, not just because they are sponsoring this project but because I used their services when I had a server running and I can really say they are the best of all that I tried (tried like 5-6 hosting companies). Fast answering and polite support team, excellent performance and great network!
Go with this guys, you won't go wrong

Q: Will FPMC.exe make harm to my computer? My antivirus software detects it as malicious!​

A: FPMC.exe will not make harm to your computer in any way. If your antivirus software flags it as a virus, please contact me so I can report the false-positive to the antivirus software company.
Here is VirusTotal report for the application - https://www.virustotal.com/hr/file/...56fea78eb840315d9dd1781c/analysis/1478883512/

Q: I have multiple BungeeCord instances and the plugin does not work properly for me, did I do something wrong?
A: You did not configure the plugin correctly. If you have multiple BungeeCord instances running, you have to list all the instance's IPs in plugin's configuration file under "multiple_ips" in format IP: PORT (without the space between : and P, I have added that space because if I didn't, a smiley would have appeared)

Many servers are practicing asking players which they suspect are using a cheat to give them a screen share (via Skype, Screenleap or something else). In other words, they are asking players to show them the screen of their computer so they can see if they are really using a cheat. The problem in that is that admins then have to wait for the players to give them a screen share and they can hardly check more then one player at the time.

If you set "check_command_enabled" to true in the configuration file, players will not have to go through the check (run the application) on every join, but only when an admin asks them to do so. For example, an admin suspects that player "abcd" is using cheats. He will then execute command /fpmc check abcd so the player abcd would have to go through the check - he will be asked to run the application and he will have restricted access (he won't be able to move, to execute commands and so on) until he does.

# Set true to things that you would like to be forbidden while waiting for player to run the application
restrictions:
    movement: true
    chat: false
    commands: true
    protect_inventory: true
    interactions: true
    protect_from_monsters: true
    inventory_open: true
# The message that will be sent to player after he goes through the check and doesn't have a cheat
messages:
    success: '&aThank you! You can play now and have fun =)'
# Command(s) that will be executed if player tries to join with cheats
punishment:
    command:
     - 'kick %player% Cheats are not allowed on this server!'
     - ''
     - ''
# Command(s) that will be executed if player does not have a cheat
no_cheat_command:
   - ''
   - ''
# Set true if you want your admins who have fpmc.notify permission to be notified if someone tries to join using a cheat
notify_admins:
    enabled: false
    message: '&c%player% &fhas tried to join with a hacked client!'
# Do you want to be able to use /fpmc check <nick> command instead of forcing players to go through the check on join?
check_command_enabled: false
# Set true if you want all attempts of joining with a cheat to be logged in log.txt
logging_enabled: true
# Should instructions for running the application be autobroadcasted every x ticks?
autobroadcast:
    enabled: false
    interval: '0'

# Read the instructions bellow
bungeecord_support:
  enabled: false
  address: ''
  ip: localhost
  port: 11414

# Enable if you made your custom versions filter
use_custom_versions_filter: false
# Enable if you want Forge to be enabled on your server (you have to create a mods filter first)
use_filter_for_forge: false

# If you have enabled the /fpmc check command and want players who leave the server when being asked to go through the check to be punished, set this to true and define a command which will be run on the Spigot server, or/and a command which will be executed on BungeeCord instance
left_during_check_punishment: false
left_during_check_punishment_command_spigot: 'ban %player% You denied to go through the check!'
left_during_check_punishment_command_bungeecord: ''

The "restrictions" section is easy to understand. If you want to disable movement for players who did not run the application yet, you will have to set "movement" to true. If you, for example, want to forbid executing commands you will set "commands" to true.

Benefits of using BungeeCord support:

• players won't have to go through the check when they are switching between servers
• players won't be able to execute BungeeCord commands when being asked to go through the check (for example they won't be able to avoid the check by going to another server with command /server)

This is how you can enable BungeeCord support:

1. Put the plugin in "plugins" folder in your BungeeCord server
2. Start the BungeeCord server, then stop it.
3. A configuration file config.yml will be generated in /plugins/FairPlayMinecraft. There you can change the port the plugin and BuneeCord will be using to communicate. Default is 11414. You don't have to change this. Change it only if there's something else running on that port. Don't set that the same as your server's port!
4. Start the BungeeCord server.
5. Put the "FPMC_plugin.jar" in "plugins" folder in your Spigot server and start it.
6. A config.yml in /plugins/FairPlayMinecraft will be generated. Under "bungeecord_support", set "enabled" to true, set "address" to the address your BungeeCord instance is listening to (in format IPORT, for example 172.16.254.1:25565), set "ip" to the IP address of the BungeeCord and set "port" to the port you set in the config.yml of the BungeeCord.
7. Start the server!

Example part of the config.yml for BungeeCord support on Spigot server:

bungeecord_support:
    enabled: true
    address: '172.16.254.1:25565'
    ip: '172.16.254.1'
    port: 11414

(if for example the BungeeCord instance is running on 172.16.254.1:25565)

fpmc.bypass.all - player with this permission cannot be checked on join or when somebody executes /fpmc check command on him
fpmc.bypass.join - player with this permission cannot be checked on join
fpmc.bypass.command - player with this permission cannot be checked when somebody executes /fpmc check command on him
fpmc.check - player with this permission is able to use command /fpmc check <nick>
fpmc.notify - players (admins) with this permission will be notified in game with a message if a player tries to join the server using a cheat (if enabled in config!)

Note: Players who are OP automatically have the fpmc.bypass permission and therefore they don't need to run the application.

As of version 5.0.0 you can create your own filter - choose with which versions (clients) your player will be able to join. To do that, go to http://fpmc.minex.ovh/fpmc/versions.php and follow the instructions there. You can add the default filter there which allows players to join using all vanilla and all Optifine versions and along with it you can add your own versions (clients) by clicking the "Add versions (cliens)" button. After you have created your list, click "Download filter" and put the file version_filter you will download in /plugins/FairPlayMinecraft/. Then set "use_custom_versions_filter" in config to true and restart your server!

The plugin does not just simply allow players to join with Forge, but it checks the mods player has installed because there are cheats you can install using mods in Forge. That's why you can of course make your own list of mods which will be allowed on your server here: http://fpmc.minex.ovh/fpmc/forge.php
Just drag the .jar of the mod in the area and do that for all your mods. Then click "Download filter" and put the file forge_filter you will download in /plugins/FairPlayMinecraft/. After that just set "use_filter_for_forge" to true and restart your server!

There is currently one method and one event included in the API:

FPMCAPI.sendCheckRequest(player, boolean) - sends the check request to the specific player

player = player you want to check
boolean = true if you want to send the player the message from welcome.txt or false if you don't want to send him a message

HasCheatEvent event - is triggered every time when a player goes through the check (runs the application)

event.getPlayer() - returns the player who went through the check
event.hasCheat() - returns 1 if player joined using cheats or 0 if the player does not have a cheat

FairPlayMinecraft works on the principle of whitelisting. All legit (original) versions of Minecraft and all Optifine versions are whitelisted and only with them you can join the server. Forge is currently not supported.

The plugin should work on any Spigot version. It has been tested on the latest 1.7, 1.8 and 1.9 builds. The application currently works only on Windows OS. I am working hard to make it work on Linux and OS X (Linux version is coming soon!).

​

If you need help, found a bug, found a cheat that this system doesn't block or something is not working for you, please use the "Discussion" to contact me. You can also send me private message.
If something is not working well for you, please don't go straight forward to the reviews section and give the plugin a bad rating. Please report the problem first so I can fix it.
Thank you!

Refunds are not allowed!
You are not allowed to give away this plugin to other people!
You are not allowed to decompile or modify the plugin/application!
Please do not leave a bad review if something is not working for you but contact me first.

If you find any bugs please report them here:
https://github.com/Lubenica98/FairPlayMinecraft/issues
Thank you!

I want to thank in advance to all users who decide to buy my plugin and support me in developing it!
​

 

[Lubenica]

How is it "borderline stupid" to say something that only really effects hackers rather than everyone is better than something that effects every single player.

It is, because you haven't tried it. You can't compare two things if you haven't tried one of those. How do you know that the thing you have tried is better then the one you didn't? You don't.

Pretty much this^. It's easier to block them after they join than to attempt your method.

Like I said, my system checks and punishes players automatically. If you think manually checking players for cheats is easier, then okay, it's your opinion.

Well, I am currently using MarkElf's config of NoCheatPlus on my server and I haven't experienced a SINGLE player bypassing his configuration that he didn't block ASAP.

You don't know that.

Your method costs money

Yes it does, but that config you are comparing my plugin with also costs money.

I'd rather be notified if someone is hacking after them playing for a little bit, than have my players spend time doing a lot of extra work just to verify themselves.

Your opinion.

 

[Lubenica]

Well, I don't care if your method has better detection. It'll piss a lot of players off, and they'll just leave instead of playing. Just on that note, I will not use your method if it just pisses players off.

I didn't say it is better, just that you can't compare it to something else because you haven't tried it.

It's not manual. It's automatic monitoring by the server. Your method detects if they have a hacked client in their versions folder, and some players do. I've had players that accidentally had their hacks on, and some players only use hacks when they're allowed to. Your method is just fucking ridiculous because it bans for even having a hacked in the past.

It doesn't ban, it executes the command you set in the configuration file. It doesn't punish if you had a hacked client in the past, it punishes you if you are having it at the moment of being checked.
Watch your language.

Configuring a file doesn't cost money though. I'd rather use a free plugin that I can configure myself, but I only mentioned MarkElf's configuration because it's a premium method that really proves itself over yours.

Again, you can't compare two things if you haven't used one of those.

 

[PoluxKing]

WHat about injected clients :/

 

[Lubenica]

WHat about injected clients :/

Some types of injected clients are blocked, but some are near impossible to detect.

 

[Lubenica]

Vouch for Lubenica awesome guy.

Thank you!

 

[Lubenica]

New video is online:

 

[Lubenica]

The plugin is now on a discount for a limited time!
You can buy it here: https://www.spigotmc.org/resources/fairplayminecraft-client-side-anticheat-5-discount.17071/

 

[Cinque]

What about Mac/Linux users?

 

[Lubenica]

What about Mac/Linux users?

The application version for Linux has been released a few days ago and for Mac is planned.

 

[Lubenica]

In the latest update you can see using which client your players joined the server with! (http://i.imgur.com/NBlJ1ax.png)

 

[Nelix7]

Hello, I'm sorry if my English is not very good.
I know this Anti-Cheat and detects 95% of all the cheats that exist.
Lubenica is right there are many injectables very complicated to detect.
I read in this post comments of disrespectful and ignorant people.
As these people allow themselves to criticize something they do not know or not have used,
please do not speak or comment if you have not used the product.

I read the comment of Black Reaper,
You say AAC is a smart choice?

Please do not talk nonsense if you have no idea.
AAC is full of bugs there are also many clients for AAC bypass.
An Anti-Cheat with lag fluctuations can give false positives.
Also the Anti-Cheat of Badlion GCheat is very easy to bypass.

There are 460 videos on YouTube different cheats bypassing the Anti-Cheat AAC.
https://www.youtube.com/results?search_query=bypass+aac

I congratulate Lubenica for her great work.

 

[Bryce]

I had made one of these a couple years ago. I had built it into the launcher itself because using "mods" dis-allowed checking for injected/spoofed hacks. Even then, It basically compared classes, their size, and ran them against a grey list to check for hacks. I had abandoned the project due to the fact players aren't willing to install 3rd party content anyways. I am hoping, once I am done my launcher, we can start enforcing anti-cheats like this one, or the one I made, due to the fact that my launcher (combined with a plugin) acts as a fastDL server. This allows Minecraft clients to download required mods/files & mount them before joining the server. You could easily include an anti-cheat using this method. Client side anti-cheats are clearly the way to go, as you can pretty much (if you're a good programmer) find patterns that will lock down most of the cheats out there. This does not include custom made cheats, or the ones that were made for the purpose of being hidden. If you need any help with this project, i'd gladly share my knowledge with you. I was basically able to scroll down wizardhax, and every cheat I tried (6 or 7 ish), I had managed to find a way to detect. Not sure if its different these days. I may re-start my project once my launcher is done, but who knows.

GL!

 

[AndSec]

Uses this server hosting company to help with plugins and tech support they respond in under 15 hours!

Viralhosting.co

Free Test plan is waiting for you! Check it out!

 

[Lubenica]

Thanks guys for the support! There is also a test server if you want to see the anticheat in action: fpmc.nitrous.it