![⭐ CasualProtector - The most powerful anticrash and antibot! Optimize fps and tps! [with Aegis]](/data/resource_icons/14/14529.jpg?1577047015){kind=icon}
What is CasualProtector?
Code (YAML):
[/FONT]
#printing all sent packets by player and their values like integers, items, strings etc..
debug-mode: false
#is plugin supposed to check for updates
check-for-updates: true
#print info about reaching packet-limit etc. - print everything to log files! if you want to see all info about exceeding packet limit, kicking players etc - turn it on.
#if you don't want any spam in console about players trying to crash the server, about bots etc. - switch it false.
print-everything: true
#if you want plugin to change the current config to old_config.yml and generate new config with new values (if they exist) - change it to true
replace-to-old: false
optimize-fps:
#it will hide falling blocks like sand - it really fixes fps
sand: true
#it will hide falling blocks like tnt - really good for castle mod, survival
tnt: true
#it will hide all spawned mobs, not recommended on servers like survival, easyhc etc. - if mobs are able to spawn on you server do not enable it
mobs: false
redstone:
#disabled by default.. some of servers doesn't want it so if you just want to use redstone feature - swithc it to true.
enabled: false
#max powered redstones per chunk
limit-per-chunk: 80
#max powered redstones per world
limit-per-world: 450
nbthelper:
enabled: true
block-address-if-invalid: true
check-shulker-boxes: true
#for italian, deutsch, china etc. servers, for e.g. polish server - the 340 is enough and max limit.
page-length-limit: 502
#block firework exploits, thats the better way =( just removing the nbt data from firework item instead of checking it
#it kicks the player
remove-firework-data: true
anti-uuid-spoof:
#change to true if you want to block uuid-spoof exploit
enabled: false
#if plugin is supposed to run async task in asyncplayerprelogin and then check url data etc
runTask: false
logged-from-another-location:
block: false
#check if InputBuffer data > X - if it is, the player is kicked
packet-filter:
#automatically disabled because of small bugs, we are going to develop this in the future.
enabled: false
#blocks executing commands when player is holding book in main hand (prevents unwanted commands executions by player, giving access to plot, giving op, paying money etc)
anti-run-commands:
#replace it with "/plot" or something if you just want to block /plot commands when holding book
#"*" blocks all commands
blocked-commands:
- "*"
#bypassed/whitelisted commands - when you use "*" in blocked commands and "/ah" is in whitelisted-commands players will be able to execute "/ah" command
whitelisted-commands:
- "/auctionhouse"
- "/ah"
- "/post"
- "/letter"
#you only need it enabled when your version is 1.8-1.8.3 or your ALL players have creative gamemode
enabled: true
hacked-items:
bypass-worlds:
#its just an example - if the world's name is survivalx - plugin will bypass the player actions in these worlds
#please use lowercase! e.g. "survival" - not "Survival" or "skyblock" - not "SkyBlock!" it really matters!
- "survivalx"
#if you are using MyItems plugin or AdvancedEnchantments please disable this option.
block: true
#block too big enchantments (over-enchanted items) like sharpness, efficiency lvl 9999 (or just more than max_level - >5)
#it changes the level of enchantment to max level. for example if sharpness has 9999 level it will be changed to max_level (which is the 5 for e.g sharpness).
block-over-enchanted-items: false
sign-exploit:
block: true
#player will not be able to place a sign that alraedy contains a nbt data (text) if you let players do that - just disable it.
block-already-existing-nbt: false
#signs-limit:
#enabled: true
#can place only one sign between 3 seconds
#limit:
# seconds: 3
# message: "&cYou can place only one sign between 3 seconds!"
world-edit-exploit:
block: true
block-place-listener: true #if you are running on spigot 1.13 please turn it off it may cause errors in console
chunk-cleaner: true
ping:
enabled: false
limit: 1200 #if player's ping is bigger than 1200 he will be kicked
check-tps-before: true #checking server's tps before kicks player, when server has lag or something like this player will be not kicked
too-many-items:
enabled: false
limit: 1000 #if there is dropped more than 1000 items on ground they will be removed
arm-animation:
enabled: true
timestamp: 650 #in milliseconds (1000 = 1 second in 1.10-1.13 it's automatically disabled because server adds this patch it itself)
block-payload-book-edit:
enabled: true
block-fully: false #will block editing/signing book without checking nbt
deserialize: true #if you want to make players able to edit and sign book change it to true and change block-fully to false
window-click:
advanced-deserialization: true
max-similar-pages: 10
#checking and finding similar windowclick packets
#when player sends the same windowclick packet 50 times (each space between packets was smaller than 0.5second)
#he will be just kicked. useful feature if someone send spam packets
check-last-packet: true
#limit for the same windowclick packet mentioned upper
check-last-packet-limit: 50
invalid-chars:
#block invalid chars (another than english etc. (e.g china chars, larger than 1 bit)
enabled: true
#is plugin supposed to look for invalid chars in books content
filter-books: false
#"if there is more than 20 chars"
cancel-only-when-count-bigger-than: 20
#plugin will skip these chars.. (they are not checked)
#add here china chars (if you allow china people) or german if you allow german people
#you can remove 'X', it's here just for example
#remember to use 'someChar' instead of "someChar" !!
skipped:
- 'X'
payload:
register-limit: 13 #limit per 60 seconds, if exceeded, player will be kicked
packet-limitter:
#on some servers it's useless and has false detects
#if it has false detects on your server just disable it or increase the packet limit
enabled: false
move-limit-enabled: false
move-limit-per-sec: 750
move-too-big-difference-kick: false
#if player exceed this limit in X seconds he will be kicked
limit: 850
#current sent player packets' amount will be set to 0 after this time
cache-seconds: 1
#if plugin kicks normal players please change it to synchronized
#type: synchronized
#type: cache
type: synchronized
block:
#if player has 30 slots in opened inventory and he tries to click at 31 slot - the event is cancelled.
too-big-slot: true
big-position: true #for creative/vanilla servers
fully-book: false #if player clicked in book he will be kicked from the server (without checking nbt) (book may has too big nbt, it is using for lagging servers)
hopper-creative-crasher: false
buffer-overflow: true
#kicks player if try to use wdl or forge
wdl: true #world downloader
wdl-bypass:
"yooniks"
#disabled by default
forge: false #forge mod
forge-bypass:
"yooniks"
#labymod
lmc: false
lmc-bypass:
"yooniks"
#liteloader mod
liteloader: false
liteloader-bypass:
"yooniks"
proxy: true #if channel contains proxy - server kicks player (proxy is something for lagging and botting servers, and some of them sends pluginmessage with channel 'proxy')
#anti proxy/vpn - IF YOU ARE USING IT ON BUNGEE AND SPIGOT - PLEASE REMOVE IT ON BUNGEE AND USE ONLY ON SPIGOT!!!
bad-ip-checkers:
ipintel:
timeout: 1500
enabled: true
query: "http://www.shroomery.org/ythan/proxycheck.php?ip={ADDRESS}"
result: "Y"
must-equal: false
limitable: false
# message: "You cannot use proxy or vpn!"
stopforumspam:
timeout: 1500
enabled: false
query: "http://www.stopforumspam.com/api?ip={ADDRESS}"
result: "<appears>yes</appears>"
must-equal: false
limitable: false
# message: "You cannot use proxy or vpn!"
ipapi:
timeout: 1500
#change it to true ONLY if you have configured "allowed-countries" - otherwise all "not polish"players will be disconnected
enabled: false
limitable: true
#limit per one minute - if reached limit - players will be allowed to join without checking if they are using vpn (only for 1 minute)
limit: 147
#change this to your country..
#list of all countries: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
allowed-countries:
- "Poland"
#message: "Your country is blocked on this server!"
antibot:
#disable all features without setting everything to false, just one option!
#vpn/proxy checking, channel-verification,two-step-verificatin etc. will be set to false automatically!
disable-all-features: false
#if nickname starts with (e.g) "MCStorm" plugin will disconnect a player
check-nicknames:
enabled: true
blocked:
- "mcstorm"
- "cproxy"
#checking nicknames length
last-name-length-checker:
enabled: true
sensibility: 4
#if there is more than 3 players with similar name (e.g 1723162yooniks 12732173yooniks etc, or yooniks81273172, yooniks1273127312) next connections will be not able to join.
name-similarity-checker:
enabled: true
start: 0
end: 3
max-similar-names: 4
connection-throttle:
enabled: true
#15 seconds in milliseconds
delay: 15000
#I recommend to use it on lobby/auth servers, sometimes it has false detects, Personally I would use it on my server, it kicks ALL bots and only sometimes has false detects.
#already tested with bots - realy great blocking
#if kicking real players very often (or always) please disable it, probably your server uses another payload for getting server version and server is another than 1.8, 1.9, 1.10, 1.12 and 1.13
channel-verification:
enabled: true
#We recommend to keep it false because sometimes it has false detects
#you can switch it false if it kicks real players so they will be able to rejoin
block: false
#block account on 10 minutes if "block" is switched to true
block-minutes: 10
max-accounts-per-ip:
enabled: true
amount: 2 #if there is more players than set at the server with the same ip the next connection will be disconnected
#if player is newbie he has to join second time on server because he will be kicked with reason "please join again"
two-step-verification: true
messages.yml
Code (YAML):
too-many-items:
cleared: On the ground were too many items! I have just removed all items to optimize server!
block:
bedit: You cannot edit book!
proxy: Are you proxy user?!
forge: You cannot join from forge!
wdl: You cannot use worlddownloader mod!
liteloader: You cannot use liteloader mod!
lmc: You cannot use labymod!
invalid-chars: You have just written invalid message! Please use only english letters..
interact:
blocked-item: This item has invalid nbt data (such as too many nbt tags or banned
nbt tags)! You cannot interact with it.
connection-closer:
send-message-to-ops: false
message-to-ops: '&cPlayer %player% has just tried to crash the server!'
send-message-to-players-with-perm: casualprotector.admin
too-many-packets: Sending too many packets! Lag or exploit?
max-entities-on-chunk: 1000
payload:
deserialize:
too-fast-bedit: You are editing book too fast!
jigsaw: Jigsaw client detected!
invalid-book-data: Invalid book data!
antibot:
cannot-join-from-vpn: '&6CProtector: &cVPN/Proxy (banned country/127.0.0.1 ip) detected!'
channel-verification:
broadcast: '&6CasualProtector: &8%player% &chas been recognized as a bot and his
account is blocked now!'
kickmessage: |-
&6CasualProtector: &cYou have been recognized as a bot! Your account has been blocked for &610 minutes
&cIf this is mistake, sorry
too-many-accounts-per-ip: You have more than %limit% accounts at this server with
the same ip!
limiter:
connection-throttle:
disconnect-message: '&6CProtector: &cPlease wait &e{SECONDS}s &cbefore rejoining!'
similar:
names:
disconnect-message: '&6CProtector: &cOn the server are already too many players
with similar nickname! Please change your nickname..'
last-name-length:
disconnect-message: '&6CProtector: &cToo many players with similar nick are
logging in.. Please wait 10 seconds and try again.'
too-big-ping-bypass-permission: casualprotector.pingbypass
double-join: You are verified now, join to server again!
too-big-ping: '&bToo big ping! (Max: {LIMIT})'
bypass-when-tps-under: 18.7
sign-exploit-message: '&cYour sign line has too many or -Redacted- characters!'
anti-run-commands:
when-holding-book: '&6CProtector: &cYou cannot execute commands when you are holding
a book in your hand! We sorry if it''s annoying but it''s only to protect you!
It prevents executing unwanted commands such like paying someone money, adding
his to your plot, or anything!'
anti-wolrd-edit-exploit-message: '&6[CasualProtector] &cYour message contains blocked
words!'
command:
no-permission: You do not have permission! (casualprotector.command)
hacked-items:
over-enchanted-item-message: '&6CProtector: &cYou had over-enchanted item (too big
enchantment level) in your inventory! We have fixed it with normal enchants, have
a nice day! &6=)'
bypass-when-has-lore:
- bypassLoreLOLOLOLO, when lore contains this text HackedItems module will skip
the item. The line is checking as lower case so use "test" instead of "Test"
max-itemmeta-size: 17384
max-enchantment-level: 10
hacked-items-kick-message: '&cHacked items are not allowed on this server! Too big
enchantments or amount.'
uuid-spoof:
kick-message: '&cYour UUID is invalid! Please disable anti-uuid-spoof or re-login
with premium account.'
anti-logged-from-another-location: '&6[CasualProtector] &cPlayer with that name is
already playing on this server!'
prefix: '&8[&6CProtector&8] '
MessagesBungee:
Code (YAML):
antibot:
vpn: "&cYou cannot join from vpn/proxies!"
vpn-enabled: true
too-many-accounts: "&cYou have more than %limit% accounts at this server with the same ip!"
double-join: "&cYou are verified now, join to server again!"
too-many-connections: "&cToo many players logging in! Please wait a few seconds.."
address-blocker-enabled: true
address-blocker-blocked: "&cThis address is blocked!"
too-many-connections-enabled: true
#between 1000 milliseconds
too-many-connections-limit: 5
too-many-connections-message: "&cThere is too many connections between 1 second! Please wait a moment and join again! Probably a bot attack detected."
pluginmessage:
proxy: "&cPlease, do not use proxy on this server!"
wdl: "&cPlease, don't use world downloader!"
forge: "&cDon't use forge, please join using normal launcher!"
register: "&cYou have just sent to many payloads with channel REGISTER try join after 60 seconds!"
ANTIBOT SYSTEM:
How does it work? It's simple. I check the redstones in every chunk. If the redstones amount is too big (e.g 60) the plugin just unpower (unactive) the redstones in current chunk. I also limit the clicking in lever, one click is limited to 1.5s. But how much awesome would it be when I wouldn't add some fun things! That's how the /redstones command looks like.
I sort the chunks in inventory from the most dangerous to less. The most dangerous chunks are first in gui and these are coloured with &4 (dark red), by simply clicking on it you can teleport to chunks and do whatever you want - maybe the players are trying to lag the server with mechanics?
Permission for admins (broadcast about cancelling redstone actions): casualprotector.redstone.admin
BUNGEE EXPLOITS PATCH
- This plugin protects your server from bots (antibot and antivpn systems), exploits (lags, crashes caused by hack-clients, e.g jigsaw or jessica etc. or bungee exploits) and optimizes tps, fps, reduce lags! We support a lot of mc versions (1.7.x-1.14.x)
- The only thing what the plugin wants from you is install ProtocolLib (it is required for packet listening)
If you're running 1.14, use the latest dev build.If you're running 1.8 through 1.13, use the latest release.If you're running 1.7 or below, use the 3.7.0 release. - We protect against bungee exploits! (e.g. www.youtube.com/watch?v=_vNuZux_c4k, pastebin.com/raw/tjP0DPd2) Please read bungee exploits section. (If someone crashes your server (with a lot of bots or something like a -Redacted-/flood) and you get such errors: https://pastebin.com/raw/tjP0DPd2 or similar ones - please use my bungeecord fork (to get it contact with me on discord: yooniks#2411, remember that my bungeecord fork isnt paid, cprotector plugin is paid resource!). As one of the very few people I patched a "nullping bypass". Thats how the bungee exploits works: I show the results with normal/default bungee and with my custom waterfall.
- We check the redstone and limit them! It really optimize server tps and game perfomance! There are redstone exploits that a lot of newest versions doesn't block just because it's more like a bug. Look at redstone checker section
- As the bonus/In the addition you get my custom waterfall (that has a lot of exploit patches and antibot features)
- Blocks bots (a lot of ways to block bots, look at antibot section)
- Blocks exploits, lags, crashes (look at antiexploit section)
- Blocks some flood packets (like -Redacted-/dos - remember that we don't block all -Redacted-/dos attacks! You have to block it in another way like iptables or something else, we only check flood packets)
- Vpn/proxy/bad ip checking (a lot of configurable ways to block it, you can add your own ip checking! You can set the url and result you want to get)
- Block flood attack (MCSpam etc., bungee crashers/exploits) - edited proxy and spigot code.
- Reduce/remove redstone exploits (redstone checker section). Thanks to redstone limits per chunk the plugin really optimizes tps and reduce lags.
- Allow only specified countries to join (e.g german, poland, china or your country, it's fully configurable)
- Supports bungeecord! Are you running bungeecord? Put the .jar file to your spigot and bungeecord servers!
- Optimize lags, tps (\/ and more)
- Optimize fps - hiding falling blocks like sand and tnt. (really helpful)
- Blocks mods like worlddownloader, labymod, liteloader, forge etc.
- Configurable - The plugin is almost fully configurable! There are configuration files like:config.yml, messages.yml, messagesbunge.yml
Code (YAML):
[/FONT]
#printing all sent packets by player and their values like integers, items, strings etc..
debug-mode: false
#is plugin supposed to check for updates
check-for-updates: true
#print info about reaching packet-limit etc. - print everything to log files! if you want to see all info about exceeding packet limit, kicking players etc - turn it on.
#if you don't want any spam in console about players trying to crash the server, about bots etc. - switch it false.
print-everything: true
#if you want plugin to change the current config to old_config.yml and generate new config with new values (if they exist) - change it to true
replace-to-old: false
optimize-fps:
#it will hide falling blocks like sand - it really fixes fps
sand: true
#it will hide falling blocks like tnt - really good for castle mod, survival
tnt: true
#it will hide all spawned mobs, not recommended on servers like survival, easyhc etc. - if mobs are able to spawn on you server do not enable it
mobs: false
redstone:
#disabled by default.. some of servers doesn't want it so if you just want to use redstone feature - swithc it to true.
enabled: false
#max powered redstones per chunk
limit-per-chunk: 80
#max powered redstones per world
limit-per-world: 450
nbthelper:
enabled: true
block-address-if-invalid: true
check-shulker-boxes: true
#for italian, deutsch, china etc. servers, for e.g. polish server - the 340 is enough and max limit.
page-length-limit: 502
#block firework exploits, thats the better way =( just removing the nbt data from firework item instead of checking it
#it kicks the player
remove-firework-data: true
anti-uuid-spoof:
#change to true if you want to block uuid-spoof exploit
enabled: false
#if plugin is supposed to run async task in asyncplayerprelogin and then check url data etc
runTask: false
logged-from-another-location:
block: false
#check if InputBuffer data > X - if it is, the player is kicked
packet-filter:
#automatically disabled because of small bugs, we are going to develop this in the future.
enabled: false
#blocks executing commands when player is holding book in main hand (prevents unwanted commands executions by player, giving access to plot, giving op, paying money etc)
anti-run-commands:
#replace it with "/plot" or something if you just want to block /plot commands when holding book
#"*" blocks all commands
blocked-commands:
- "*"
#bypassed/whitelisted commands - when you use "*" in blocked commands and "/ah" is in whitelisted-commands players will be able to execute "/ah" command
whitelisted-commands:
- "/auctionhouse"
- "/ah"
- "/post"
- "/letter"
#you only need it enabled when your version is 1.8-1.8.3 or your ALL players have creative gamemode
enabled: true
hacked-items:
bypass-worlds:
#its just an example - if the world's name is survivalx - plugin will bypass the player actions in these worlds
#please use lowercase! e.g. "survival" - not "Survival" or "skyblock" - not "SkyBlock!" it really matters!
- "survivalx"
#if you are using MyItems plugin or AdvancedEnchantments please disable this option.
block: true
#block too big enchantments (over-enchanted items) like sharpness, efficiency lvl 9999 (or just more than max_level - >5)
#it changes the level of enchantment to max level. for example if sharpness has 9999 level it will be changed to max_level (which is the 5 for e.g sharpness).
block-over-enchanted-items: false
sign-exploit:
block: true
#player will not be able to place a sign that alraedy contains a nbt data (text) if you let players do that - just disable it.
block-already-existing-nbt: false
#signs-limit:
#enabled: true
#can place only one sign between 3 seconds
#limit:
# seconds: 3
# message: "&cYou can place only one sign between 3 seconds!"
world-edit-exploit:
block: true
block-place-listener: true #if you are running on spigot 1.13 please turn it off it may cause errors in console
chunk-cleaner: true
ping:
enabled: false
limit: 1200 #if player's ping is bigger than 1200 he will be kicked
check-tps-before: true #checking server's tps before kicks player, when server has lag or something like this player will be not kicked
too-many-items:
enabled: false
limit: 1000 #if there is dropped more than 1000 items on ground they will be removed
arm-animation:
enabled: true
timestamp: 650 #in milliseconds (1000 = 1 second in 1.10-1.13 it's automatically disabled because server adds this patch it itself)
block-payload-book-edit:
enabled: true
block-fully: false #will block editing/signing book without checking nbt
deserialize: true #if you want to make players able to edit and sign book change it to true and change block-fully to false
window-click:
advanced-deserialization: true
max-similar-pages: 10
#checking and finding similar windowclick packets
#when player sends the same windowclick packet 50 times (each space between packets was smaller than 0.5second)
#he will be just kicked. useful feature if someone send spam packets
check-last-packet: true
#limit for the same windowclick packet mentioned upper
check-last-packet-limit: 50
invalid-chars:
#block invalid chars (another than english etc. (e.g china chars, larger than 1 bit)
enabled: true
#is plugin supposed to look for invalid chars in books content
filter-books: false
#"if there is more than 20 chars"
cancel-only-when-count-bigger-than: 20
#plugin will skip these chars.. (they are not checked)
#add here china chars (if you allow china people) or german if you allow german people
#you can remove 'X', it's here just for example
#remember to use 'someChar' instead of "someChar" !!
skipped:
- 'X'
payload:
register-limit: 13 #limit per 60 seconds, if exceeded, player will be kicked
packet-limitter:
#on some servers it's useless and has false detects
#if it has false detects on your server just disable it or increase the packet limit
enabled: false
move-limit-enabled: false
move-limit-per-sec: 750
move-too-big-difference-kick: false
#if player exceed this limit in X seconds he will be kicked
limit: 850
#current sent player packets' amount will be set to 0 after this time
cache-seconds: 1
#if plugin kicks normal players please change it to synchronized
#type: synchronized
#type: cache
type: synchronized
block:
#if player has 30 slots in opened inventory and he tries to click at 31 slot - the event is cancelled.
too-big-slot: true
big-position: true #for creative/vanilla servers
fully-book: false #if player clicked in book he will be kicked from the server (without checking nbt) (book may has too big nbt, it is using for lagging servers)
hopper-creative-crasher: false
buffer-overflow: true
#kicks player if try to use wdl or forge
wdl: true #world downloader
wdl-bypass:
"yooniks"
#disabled by default
forge: false #forge mod
forge-bypass:
"yooniks"
#labymod
lmc: false
lmc-bypass:
"yooniks"
#liteloader mod
liteloader: false
liteloader-bypass:
"yooniks"
proxy: true #if channel contains proxy - server kicks player (proxy is something for lagging and botting servers, and some of them sends pluginmessage with channel 'proxy')
#anti proxy/vpn - IF YOU ARE USING IT ON BUNGEE AND SPIGOT - PLEASE REMOVE IT ON BUNGEE AND USE ONLY ON SPIGOT!!!
bad-ip-checkers:
ipintel:
timeout: 1500
enabled: true
query: "http://www.shroomery.org/ythan/proxycheck.php?ip={ADDRESS}"
result: "Y"
must-equal: false
limitable: false
# message: "You cannot use proxy or vpn!"
stopforumspam:
timeout: 1500
enabled: false
query: "http://www.stopforumspam.com/api?ip={ADDRESS}"
result: "<appears>yes</appears>"
must-equal: false
limitable: false
# message: "You cannot use proxy or vpn!"
ipapi:
timeout: 1500
#change it to true ONLY if you have configured "allowed-countries" - otherwise all "not polish"players will be disconnected
enabled: false
limitable: true
#limit per one minute - if reached limit - players will be allowed to join without checking if they are using vpn (only for 1 minute)
limit: 147
#change this to your country..
#list of all countries: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
allowed-countries:
- "Poland"
#message: "Your country is blocked on this server!"
antibot:
#disable all features without setting everything to false, just one option!
#vpn/proxy checking, channel-verification,two-step-verificatin etc. will be set to false automatically!
disable-all-features: false
#if nickname starts with (e.g) "MCStorm" plugin will disconnect a player
check-nicknames:
enabled: true
blocked:
- "mcstorm"
- "cproxy"
#checking nicknames length
last-name-length-checker:
enabled: true
sensibility: 4
#if there is more than 3 players with similar name (e.g 1723162yooniks 12732173yooniks etc, or yooniks81273172, yooniks1273127312) next connections will be not able to join.
name-similarity-checker:
enabled: true
start: 0
end: 3
max-similar-names: 4
connection-throttle:
enabled: true
#15 seconds in milliseconds
delay: 15000
#I recommend to use it on lobby/auth servers, sometimes it has false detects, Personally I would use it on my server, it kicks ALL bots and only sometimes has false detects.
#already tested with bots - realy great blocking
#if kicking real players very often (or always) please disable it, probably your server uses another payload for getting server version and server is another than 1.8, 1.9, 1.10, 1.12 and 1.13
channel-verification:
enabled: true
#We recommend to keep it false because sometimes it has false detects
#you can switch it false if it kicks real players so they will be able to rejoin
block: false
#block account on 10 minutes if "block" is switched to true
block-minutes: 10
max-accounts-per-ip:
enabled: true
amount: 2 #if there is more players than set at the server with the same ip the next connection will be disconnected
#if player is newbie he has to join second time on server because he will be kicked with reason "please join again"
two-step-verification: true
messages.yml
Code (YAML):
too-many-items:
cleared: On the ground were too many items! I have just removed all items to optimize server!
block:
bedit: You cannot edit book!
proxy: Are you proxy user?!
forge: You cannot join from forge!
wdl: You cannot use worlddownloader mod!
liteloader: You cannot use liteloader mod!
lmc: You cannot use labymod!
invalid-chars: You have just written invalid message! Please use only english letters..
interact:
blocked-item: This item has invalid nbt data (such as too many nbt tags or banned
nbt tags)! You cannot interact with it.
connection-closer:
send-message-to-ops: false
message-to-ops: '&cPlayer %player% has just tried to crash the server!'
send-message-to-players-with-perm: casualprotector.admin
too-many-packets: Sending too many packets! Lag or exploit?
max-entities-on-chunk: 1000
payload:
deserialize:
too-fast-bedit: You are editing book too fast!
jigsaw: Jigsaw client detected!
invalid-book-data: Invalid book data!
antibot:
cannot-join-from-vpn: '&6CProtector: &cVPN/Proxy (banned country/127.0.0.1 ip) detected!'
channel-verification:
broadcast: '&6CasualProtector: &8%player% &chas been recognized as a bot and his
account is blocked now!'
kickmessage: |-
&6CasualProtector: &cYou have been recognized as a bot! Your account has been blocked for &610 minutes
&cIf this is mistake, sorry
too-many-accounts-per-ip: You have more than %limit% accounts at this server with
the same ip!
limiter:
connection-throttle:
disconnect-message: '&6CProtector: &cPlease wait &e{SECONDS}s &cbefore rejoining!'
similar:
names:
disconnect-message: '&6CProtector: &cOn the server are already too many players
with similar nickname! Please change your nickname..'
last-name-length:
disconnect-message: '&6CProtector: &cToo many players with similar nick are
logging in.. Please wait 10 seconds and try again.'
too-big-ping-bypass-permission: casualprotector.pingbypass
double-join: You are verified now, join to server again!
too-big-ping: '&bToo big ping! (Max: {LIMIT})'
bypass-when-tps-under: 18.7
sign-exploit-message: '&cYour sign line has too many or -Redacted- characters!'
anti-run-commands:
when-holding-book: '&6CProtector: &cYou cannot execute commands when you are holding
a book in your hand! We sorry if it''s annoying but it''s only to protect you!
It prevents executing unwanted commands such like paying someone money, adding
his to your plot, or anything!'
anti-wolrd-edit-exploit-message: '&6[CasualProtector] &cYour message contains blocked
words!'
command:
no-permission: You do not have permission! (casualprotector.command)
hacked-items:
over-enchanted-item-message: '&6CProtector: &cYou had over-enchanted item (too big
enchantment level) in your inventory! We have fixed it with normal enchants, have
a nice day! &6=)'
bypass-when-has-lore:
- bypassLoreLOLOLOLO, when lore contains this text HackedItems module will skip
the item. The line is checking as lower case so use "test" instead of "Test"
max-itemmeta-size: 17384
max-enchantment-level: 10
hacked-items-kick-message: '&cHacked items are not allowed on this server! Too big
enchantments or amount.'
uuid-spoof:
kick-message: '&cYour UUID is invalid! Please disable anti-uuid-spoof or re-login
with premium account.'
anti-logged-from-another-location: '&6[CasualProtector] &cPlayer with that name is
already playing on this server!'
prefix: '&8[&6CProtector&8] '
MessagesBungee:
Code (YAML):
antibot:
vpn: "&cYou cannot join from vpn/proxies!"
vpn-enabled: true
too-many-accounts: "&cYou have more than %limit% accounts at this server with the same ip!"
double-join: "&cYou are verified now, join to server again!"
too-many-connections: "&cToo many players logging in! Please wait a few seconds.."
address-blocker-enabled: true
address-blocker-blocked: "&cThis address is blocked!"
too-many-connections-enabled: true
#between 1000 milliseconds
too-many-connections-limit: 5
too-many-connections-message: "&cThere is too many connections between 1 second! Please wait a moment and join again! Probably a bot attack detected."
pluginmessage:
proxy: "&cPlease, do not use proxy on this server!"
wdl: "&cPlease, don't use world downloader!"
forge: "&cDon't use forge, please join using normal launcher!"
register: "&cYou have just sent to many payloads with channel REGISTER try join after 60 seconds!"
ANTIBOT SYSTEM:
- Accounts limit for accounts per ip (configurable) - if player exceed it his connections to server (also his bots) will be cancelled with specified reason.
- Vpn, proxy checking - we send a http request to API's that respond very fast with the result (bot or normal player) - you can disable vpn/proxy detectors in bad-ip-checkers section in config.yml. You can add your own ip checker, it's very easy, just take a look at already existing detectors in the section.
- Checking last player's name length and compare it, if there were too many connections with the same name length - bots will be not able to join
- Compare half of player's name with online players' name, if these are similar - more bots (with similar nicknames) will be not able to join.
- ConnectionThrottle - 1 address can connect to server every 15 seconds (very useful) - obviously you can change the delay. (we recommend to set connection-throttle in spigot config to -1)
- If player name is similar to 3 other players' name he will be not able to join, e.g "1283217juniks_ 812372123juniks_, deathbot122, etc.." - the next bot will be not able to join, and bots will have to change their nicknames.
- If player is using vpn or proxies ip he will be not able to connect to the server (configurable)
- Player has to connect again to server if he is newbie (double-join/re-connect) - deathbots and other bots without double-join will be not able to join. If he is verified he doesn't have to re-connect again.
- Plugin checks first packets from player - if these are recognized as invalid (or are sent too late) - bot is kicked and his ip is blocked for 10 minutes.
- There is a pingchecker! If player's ping is bigger than set and tps are above 19.8 he will be kicked. Often bots have very big ping so they will be kicked from the server.
- Bungee exploits patch (look at bungee exploits patch section)
- Nbt exploit (mainly hacked items like written_book with too many pages etc. (windowclick, blockplace spam etc))
for example - player is trying to send very large data to server and server is reading that very long time - then server is lagging and crashing - that's nbt exploit.
for example: normal book can has about 50 pages and 255 characters in it, but hack-client can send 10000 pages and 100000 characters in one page (or just 1000 lists that have 1000 sublists that have 1000 other sublists..) - that will lag and crash server, this plugin prevents it and kicks player, inform administrators in logs - there is no lag or crash.
- Packet-Filter checks all Client packets and their InputBuffer#remaining, really useful feature, blocks most of exploits.
- Run commands (e.g in books, executing commands without player permission - adding to plot, paying money etc.)
- Firework exploit (too big Flight size that crashes the server)
- If there are more than XXX tags in nbtCompound - nbt is recognized as invalid and event is cancelled, player is kicked
- Spam packets: register, arm animation etc. if there are more players = arm animation exploit works better, more packets = more lags - i did a time period between sending arm animation packets and some more. (since 1.12 it's useless)
- Invalid packets.. e.g: client position, player can send invalid position packets, e.g too big x,y,z coordinates (or pitch and yaw)
- Payload exploits (like too many register packets, or too big size of channels, too big mc|bedit data etc.)
- Checking last 50 windowclick packets. If they are very similar (and the space between each packet is less than 0.5 sec) player is disconnected. Useful for detecting spam packets.
- Sign exploits (too much lines, characters in sign etc)
- Command exploits like worldedit commands (//calc with arguments etc)
- Hacked items (too big enchantments/over-enchanted items or amount of item)
- Hopper creative crasher (common on creative servers, when hopper is placed noone can join on the server until server administrator will remove the world data)
- Buffer overflow - something like nbt exploit, you can read more here: https://en.wikipedia.org/wiki/Buffer_overflow
- Fix skull (skullexploitpatch code used) and chunk exploits
- Fix armorstand and egg exploits
- Fix duplications like book, sign
- Map and mobspawner crasher
- Command exploits (like pex or worldedit)
- Anti logged from another location (if we can call it exploit)
- UUIDSpoof exploit (with cache-system)
- Custompayload (jigsaw and many more)
- Player's ip is blocked from joining on server for 10 minutes if he tries to crash server
- and many more! (This plugin was specifically created to prevent exploits)
- Honestly - CasualProtector can replace 10+ anticrash plugins on your server and it's much better than every anticrash plugin. I have made lots of my own exploits so I completely know how to fix them and how they work.
How does it work? It's simple. I check the redstones in every chunk. If the redstones amount is too big (e.g 60) the plugin just unpower (unactive) the redstones in current chunk. I also limit the clicking in lever, one click is limited to 1.5s. But how much awesome would it be when I wouldn't add some fun things! That's how the /redstones command looks like.
I sort the chunks in inventory from the most dangerous to less. The most dangerous chunks are first in gui and these are coloured with &4 (dark red), by simply clicking on it you can teleport to chunks and do whatever you want - maybe the players are trying to lag the server with mechanics?
Permission for admins (broadcast about cancelling redstone actions): casualprotector.redstone.admin
BUNGEE EXPLOITS PATCH
- To get it just write me message on discord: yooniks#2411. What do you have to do? Just replace your already existing proxy server (bungee/hexacord/waterfall/travertine) with my bungee fork It will fix a lot of exploits, floods and bot attacks. It's not paid! You get it for free with cprotector.
- If you are developer - I can give you access to my private github repository with a fork of waterfall that contains bungee_exploits.patch file which is a patch for all common exploits (invalid handshake, null ping crasher etc. very popular in 2019, a lot of networks are being crashed by it)
- casualprotector.admin (or op) - informs about kicking player
- casualprotector.command - access to /casualprotector command
- casualprotector.pingbypass - bypass for pingchecker
- /casualprotector reload - reloads the configuration (you need restart if you want new messages etc. to be displayed!)
- /casualprotector bypass [nick] - add player's to bypass list (he has bypass for vpn/proxy detectors and all antibot features)
- World downloader mod
- Badlion
- Forge
- LiteLoader
- LabyMod (called lmc in config.yml)
- Since 3.8.4.10 cprotector version (14.10.2019) Worlddownloader and forge are blocked very well and are supported at 1.14.4!
- We have our own logs! If you want to know who was crashing/lagging your server (or doing bot attack) just look in logs file in directory of plugin! (remember to switch print-everything in the config.yml - otherwise nothing will be displayed in the logs or console)
- You can disable almost every module! Like blocking nbtexploits, uuidspoof, and everything! Just read the configuration and switch some values to false.
- Update checker - if there is a new version of casualprotector, plugin will inform you about that!
- some more..
- Discord: yooniks#2411
- E-mail: [email protected]
- Discord server: https://discord.gg/J3PTJp8
- marlon233 - spanish
- pompiere1 - italian
- BackWheel - chinese
- space - german
- many thanks!
![(-20% off for first 10 buyers) ⭐ ChatTags ⭐ THE BEST TAGS/TITLES PLUGIN [1.7.x-1.12.x]](/data/resource_icons/5/5591.jpg?1506881554){kind=icon}
