-
Notifications
You must be signed in to change notification settings - Fork 3
Moonlight Client Checking
Reflex Moonlight comes with an extra BadPackets component that can sometimes detect cheats on players' computers without making them install any software, just from server-side! This is done using a Minecraft bug and is only possible for 1.8 clients.
To make everything silent and confuse hackers more, Reflex does not check players' "computers" right after they join the server. The check starts running slowly while the players are fighting and usually requires cheaters to be in combat for about 5 seconds to be caught. After that, depending on player's client and some other factors, they will either lag or get kicked from the server.
It's extremely important to note that this check cannot know if a certain player is running a hacked client at the moment. It can only know if a player has some specific cheating-related files installed on their computer, no matter if they are using these files at the moment or not.
This means that if a player has installed a hacked client a long time ago, even if now they join your server with vanilla, they will still be detected, lagged and/or kicked.
For this reason it is strongly recommended to notify your players about the presence of this sort of a check on your server and tell them to delete any cheating-related files from their computers before playing on your server (cleaning up the .minecraft folder is usually enough).
Moreover, since this is an exploit, running this check on your players without a prior notice might be illegal in some countries. So, once again, it is strongly recommended to let your players know their files might be checked.
At the moment, we let this check detect AlphaAntiLeak installation. Although AAL is generally just a Java application protection service ("anti-leak"), sadly, most (nearly all) of the applications protected by it are Minecraft hacked clients. One of the most popular non-cheating applications distributed through AAL is Lunar Client, and, at the moment, you have to tell your players to delete it (or move it in a different folder) to play on your server if you want to enable the client checking feature. We believe detecting tens of AAL-hosted hacked clients worths blocking a single "legit-modded" one.
UPDATE: as of Reflex 10.14-3, there is a configuration option
allow_aal. If you have many players using Lunar, make sure to set it totrueto disable AlphAntiLeak installation detection!
In order to enable client checking, just navigate this option in Reflex's config.yml and set it to true:
enable_client_checking: true