FOSS gamedev and creative worlds

I have two hackers that regularly visit my server (maybe the same person under different names). They are apparently able to give themselves any block they want, they build diamond block castles, drop full stacks of diamond blocks around the map. They fly through walls and pretty much do just about whatever they please.

To stop the issues I have blocked the entire 84.172.0.0/16 address range at the firewall (iptables -A INPUT -s 84.172.0.0/16 -j DROP for linux users). Unfortunately since I switched server I didn't have this setup and I got hit again last night, by ano_ubeccu

Is there anything that can be done about the main issue, being able to have an inventory full of any block they want?

It seems the ban has to match the ip address and username. Before I blocked with my firewall they could log back in after a few days with the same username and a different IP address. Can that be changed to block the ip address or username?

Would it be possible to trick the server to allow one client to act as another? It seems the hacker that hit my server yesterday placed blocks in protected areas, and the protection all happens server side obviously, it verifies the user placing the block matches the username of the landowner on file. It would seem to me that the only way to do that would be to make the server think you were a different player.

So I'm just throwing all that out, seeing if anybody else has had similar problems, and seeing if the devs have any ideas that could help keep this from happening.

AFAIK its not possible to cheat like this. The inventory and protection is handled server side, and there is no way to get arround that.

PilzAdam wrote:AFAIK its not possible to cheat like this. The inventory and protection is handled server side, and there is no way to get arround that.

Any idea how this guy was able to get over 2600 diamonds, craft them into diamond blocks and make a castle with them overnight?

Hybrid Dog wrote:Maybe it helps if you set disable_anticheat to false.

Isn't anti cheat mainly about how fast they move and how far away they are when they try to mine something?

BrandonReese wrote:Any idea how this guy was able to get over 2600 diamonds, craft them into diamond blocks and make a castle with them overnight?

Flying through stone, breaking any nearby diamond ores (possibly with an X-Ray).

BrandonReese wrote:Any idea how this guy was able to get over 2600 diamonds, craft them into diamond blocks and make a castle with them overnight?

They're either using one of the mods legitimately or found an exploit in one.

BrandonReese wrote:It seems the ban has to match the ip address and username. Before I blocked with my firewall they could log back in after a few days with the same username and a different IP address. Can that be changed to block the ip address or username?

Sure? AFAIK it is so that Minetest 0.4.7 bans name and IP.

Edit: An ability to make IP range bans in Minetest would be nice for new Minetest versions like Minetest 0.4.8 or 0.4.9

Cooper97 wrote:Edit: An ability to make IP range bans in Minetest would be nice

+1

Below is a video and an article about serious problems in the Minecraft community:
http://www.youtube.com/watch?v=bawdxMClMiQ
http://whatculture.com/gaming/7-worst-online-gaming-communities.php/2
An efficient way to keep hackers and hacked clients in check is the only way to prevent the same thing from happening to the Minetest community.

Problem is, anticheat still gives too many false positives. Whether you autoban right away, or gradually raise a violation level until they are banned.

I dont know if something like PunkBuster might help, or perhaps unique client IDs that we can ban, since IPs and names can be changed.

mauvebic wrote:Problem is, anticheat still gives too many false positives.

Even the new fixed one?

PilzAdam wrote:Even the new fixed one?

Yeah, a number of legitimate players were banned and had to be un-banned, so all i could use it for is posting messages to the log.

mauvebic wrote:

PilzAdam wrote:Even the new fixed one?

Yeah, a number of legitimate players were banned and had to be un-banned, so all i could use it for is posting messages to the log.

What did Minetest say they were doing wrong? Moving too fast?

moving too fast, and digging unbreakable nodes, which to my knowledge, i dont have :/

mauvebic wrote:moving too fast, and digging unbreakable nodes, which to my knowledge, i dont have :/

If you were falling from a high place would it count you as moving too fast?

Evergreen wrote:

mauvebic wrote:moving too fast, and digging unbreakable nodes, which to my knowledge, i dont have :/

If you were falling from a high place would it count you as moving too fast?

No, downwards movement is ignored.

is cloud the only unbreakable node, if not, what makes nodes unbreakable?

mauvebic wrote:is cloud the only unbreakable node, if not, what makes nodes unbreakable?

You cant break stone with your hand.

PilzAdam wrote:

mauvebic wrote:

PilzAdam wrote:Even the new fixed one?

Yeah, a number of legitimate players were banned and had to be un-banned, so all i could use it for is posting messages to the log.

What did Minetest say they were doing wrong? Moving too fast?

I was one of the false-positive thingy influenced guy. I used to dig nodes at one place, then move about 50-100 blocks away, and interact with those blocks while the server updated. I guess that flagged the 'interacted_too_far'

Hybrid Dog wrote:

PilzAdam wrote:

mauvebic wrote:is cloud the only unbreakable node, if not, what makes nodes unbreakable?

You cant break stone with your hand.

No, you only need to dig very long.

You can't break stone with your hand at all, it has a different level making it unbreakable by hand. Someone correct me if I am wrong in any way.

Hybrid Dog wrote:

Dan Duncombe wrote:

Hybrid Dog wrote:No, you only need to dig very long.

You can't break stone with your hand at all, it has a different level making it unbreakable by hand. Someone correct me if I am wrong in any way.

https://github.com/minetest/minetest/blob/master/src/game.cpp#L2620
Do you believe me now?

https://github.com/minetest/minetest/blob/master/src/game.cpp#L2709
The dig time stays at 0 if the node is not diggable. My point stands.