• 0 Players on Java
  • us.mineplex.com
  • Players Online
  • 0 Players on Bedrock
  • eu.mineplex.com
Attention Internet Explorer Users
To have the best user experience on our site please consider upgrading to Google Chrome or Mozilla Firefox

In Discussion A Solution to the Hacker Problem

Discussion in 'General Idea Discussion' started by Sven, Jan 11, 2019 at 12:42 AM.

  1. Sven


    By: Sven

    Hi everyone,

    Before I begin, I want to first acknowledge the solutions I am proposing may seem radical. They may seem foreign, confusing, pointless or put simply, drastic. I implore those who are interested to read the entire forum post and keep an open mind. Of course, I am open to criticism and critique, as I believe the best way to solve a complex issue is with the minds of several people – not just one.

    A couple of days ago, I was in Lobby-1 and a spammer came into the lobby. They were spamming racist, discriminatory, abusive and rude profanity to several players in the lobby. When I asked them why they were doing it, they claimed that they were ‘bored’ and ‘had nothing better to do’. When I recorded him hacking a little later on, the player claimed that he had over 300+ alternative (alt) accounts and that he didn’t care whether he would be punished or not. Although the player was eventually punished, the player stayed true to his word, hopped on another account and continued their spamming. This is an experience that a large portion of the Mineplex community has had to deal with for years and continues to deal with to this day.

    There is no doubt that over the years, hackers, spambots and other rule breakers have been a rampant problem here on the server. Since 2013, Mineplex and its upper management have tried several methods to curb hacker and spambot activity on the server via the Mineplex Anti-Cheat and now GWEN. However, as one can see, although these plugins have been moderately successful in banning rule-breakers automatically, it is only a band-aid solution to the everlasting problem of rule-breakers as hackers (in particular) continue to use their clients and spam bots on alt accounts. The current process of hacking on Mineplex currently proceeds as follows

    1. Hacker uses their client

    2. Member of the community reports the rule-breaker to staff

    3. Staff member observes hacker and punishes them (via ban)

    4. (Optional) Hacker uses a VPN

    5. Hacker uses an alt account and comes back on the server

    6. The player continues using their hacks

    7. Repeat

    One can see how although the hackers’ account is punished, there is currently no or very little defence against the use of alt accounts. Put simply, we are currently taking a REactive approach to the hacker problem by simply banning player’s accounts. Instead, we should be taking a PROactive method of targeting the root cause of this reoccurring issue, being one’s ability to use alt accounts to bypass their punishments. In order to think of a solution, I needed to narrow the problem. What is the problem? For me, the root problem of Mineplex hacking is punishment bypassing. So, the question becomes, what can we do to stop the action of punishment bypass when players use alt accounts? The answer I am proposing is three folded. I will get into these possible solutions a little later after discussing the significance and the urgency of the Mineplex hacking problem.

    As many of you know, the hacking culture on the Mineplx server has significantly tainted several aspects of the Mineplex experience, most particularly with gameplay. We play Minecraft and Minplex, in particular, because we want to have fun. The whole point of Mineplex is that there are several minigames for a player to choose from in order to have fun with their friends. The games on the server are (mostly) designed in a way that emphasizes a player’s skill and requires the player to play more, to get better in order to win. When a hacker is present, the emphasis on skill greatly decreases as the client does the work and makes the game unfair for those who are willing to use their skills to play fairly. The presence of hackers ruins the player experience. When hacks are present, other players are no longer having fun, which in short, discourages them from playing more games, as the mentality of “what’s the point?” becomes increasingly common. As a result of this, players may be more willing to not play games at all or the worst, go to a different server. I am not saying this is particularly the situation on Mineplex; however, there ought to be several players who have succumbed to this train of thought. I fear that if Mineplex does not take “radical” steps soon to curb hackers on the server, players will continue to feel discouraged and be more likely to place their loyalty elsewhere. Now that I have discussed the significance, I will now attempt to explain (the best I can), my vision for the solution to the hacking problem here on Mineplex

    As I previously noted beforehand, I envision the solution to the hacking problem as a three-step approach.

    The first big step is to conduct a punishment overhaul, which entails a change of the type of punishment given to those found using hacks on the server.

    As it currently stands, when a hacker is found to be using hacks, their account is banned with the duration being decided based on the severity of the hack used. Mineplex.com/rules illustrates the severities of different hacks nicely and I encourage you to check it out if you haven’t already. In order to prevent users who are found hacking from bypassing their punishment with the use of an alt account, I am proposing that instead of banning the account for hacks, Mineplex should IP ban the account instead. I envision the severities staying the same and the time duration for the punishment staying the same, which I think is important to note. Now, I can already sense the animosity and the disapproval (especially from staff) about this idea, however, allow me to explain my reasoning. For those who are not aware, the difference between a regular ban and an IP ban is that a regular ban just punishes the specific account, whereas an IP ban bans the IP associated with the account, which means that all accounts under the same IP will be banned as well and thus preventing the hacker from accessing the server.

    The major positive from the usage of IP bans is that staff are able to disable the hacker’s ability to use an alt account with the same IP. This can be really helpful in limiting the user’s ability to access an alt account and to use their hacks on the server. The negative is that it places a lot more “power” in the hands of staff in the sense of a “with greater power comes greater responsibility” mentality. Seeing as Mods+ can currently perm ban a user, I do not see there being a huge difference with temporarily/permanently IP banning a user instead. Obviously, I am not a developer and am unaware if this change can be possible.

    Now you may be asking, “well can’t they just use a VPN to temporarily change their IP to bypass their punishment anyways?” The answer simply put is: yes, absolutely. And that’s where step 2 comes to play.

    The second step is to develop/purchase/use a Minecraft plugin called VPN Blocker. This is a popular type of plug-in that several servers are now using to prevent hackers from bypassing their punishments and coming back to the server.

    One of the major downsides of bans (reg and IP) is that users can simply use a Virtual Private Network (VPN) to essentially change their IP address and bypass their bans. Thankfully, over the years, Minecraft plug-ins have been developed, which brings new hope in the battle against hackers. One of the major breakthroughs in the Minecraft plug-in world is something called “VPN Blocker” or “VPNGuard”. These types of plugins prevent players from joining the server behind any type of anonymizer (whether it be a VPN or a Proxy). This will effectively help reduce spammers/bots and Miscellaneous individuals from joining the server by automatically kicking/banning them if they have an IP address which belongs to a hosting organization. I am not too well versed in the realm of Minecraft plug-ins, so I won’t embarrass myself trying to explain the intricacies of them. With that being said, however, below is a good video showing an example of VPN Blocker/Guard in action from a staff (Admin+) perspective:

    With the combination of using IP bans for hacking-related offences and a VPN Blocker-like plugin, I can see Mineplex being able to better handle and control the hackers that are present on the server. Not only do they prevent a user from using an alt account on the same IP, but the VPN blocker also prevents them from utilizing a VPN to access the server and continue hacking.

    The positives of using a VPN blocker is that they are effective in preventing users with alt accounts from rejoining the server. The IP ban compliments the VPN Blocker because when an IP is banned, the VPN blocker learns and if the user tries to use a VPN, their alt account will be kicked/banned, thus effectively preventing them from coming back. It is important to note that this is a drastic oversimplification of the plug-in and one negative would certainly be that It would certainly not work 100% of the time. However, I would argue that this would greatly reduce hackers who use alts to bypass their punishments.

    Step 3 is rather simple in that Mineplex should also continue to improve the anti-cheat software GWEN so that it continues to improve detecting client users and punishing them accordingly. I would argue that GWEN should still issue regular bans (not IP bans) as it is an automatic process without staff intervention.

    I feel with any good proposals there ought to be a section dedicated to describing the limitations to the solutions I proposed in this thread. The first limitation is whether or not the IP bans concept and VPNBlocker plug-in are possible to develop. As I am unaware of coding in Mineplex, I am unsure whether or not the implementation of IP bans and a VPN Blocker-like plugin is possible with the current configuration. This is something that the Leadership team, Devs, Sr Mods can comment on as this would be important in determining how realistic these changes could be.

    Another limitation is the existence of competing priorities among the Leadership Team, the Admins and the Devs. There is clearly a lot going on in Mineplex. There are new game modes coming out, a new (old) lobby, new cosmetics, etc. The people who make these things possible are constantly busy and so a limitation to these solutions’ implementation can be competing priorities. Is reforming the punishment matrix and adopting a VPN Blocker plug-in a priority for the Leadership team? If it is not, then I do not see this going anywhere quite frankly.

    With these three steps, I feel as though we can seriously change the method of punishing hackers here on Mineplex. By using IP bans, a VPN Blocker-like plug-in and continuing to improve GWEN, I strongly believe we can drastically reduce the hackers on the Mineplex server. With the implementation of these solutions, I envision the hacking process to go something like this:

    1. Hacker uses their client

    2. Member of the community reports the rule-breaker to staff

    3. Staff member observes hacker and punishes them (via IP ban)

    4. Hacker uses an alt account and comes back on the server

    5. They fail

    6. Hacker uses a VPN to change their IP and bypass their punishment

    7. They fail again

    8. Player gives up and waits out their punishment or appeals their punishment on website

    Even if this idea is rejected by the community (which I imagine is quite possible), it is important that we (as a community) continue to discuss the issue of hacking and how best we can solve it. As I said in the beginning, more heads are better than one and with everyone’s input, I’m sure we can find a solution to this complex problem.

    Posted Jan 11, 2019 at 1:30 AM
    Starx280 and DepressedZom like this.
  2. Animalll



    So I have just skimmed through this and I am impressed. You have put lots of effort and detail in this post and you have thought of a good solution to hackers. There are some spelling mistakes, but that is to be expected for a post this long and detailed. However, I disagree with this solution. Mineplex has stated that they will not IP ban players, I won't go into this, as there are many posts explaining why they won't IP ban players. I don't think that Mineplex should use a vpn blocker. There are players that use a vpn while playing Mineplex and Mineplex banning vpns would affect all these players. I do agree that Mineplex should continually improve GWEN, as GWEN does need some improvements. Overall, this is a very well detailed post and even though I disagree with the solution, I think this is a great post, and I commend your efforts in making this post.

    Thanks for the post!
    Posted Jan 11, 2019 at 2:24 AM
  3. SashimiDude


    This is a good idea!
    Posted Jan 11, 2019 at 2:28 AM
    EoinSMC likes this.
  4. Sophie_OGrady


    I completely agree with you in your introduction, the outline of the problem and the explanation of its significance. However, the solution is something I don't quite agree with, unfortunately. I'm against IP banning as a complete replacement for normal bans. This is mainly due to these two reasons (which I'm gonna quote from a previous post of mine):

    "Firstly, there's the issue of siblings or roommates sharing the same household and internet, and therefore sharing the same IP. If my sibling hacked on Mineplex and was IP-Banned, me, completely unaware and not responsible for their actions would, therefore, be IP-Banned and be unable to continue to play on the server. This is completely unfair to me as I am not in charge of what other people in my household do, and if they decide to do something I disagree with it's not fair to punish me as a completely innocent bystander. Even though you would be able to appeal, it is also almost impossible to prove that it was my sibling who did this and not me without revealing personal information about ourselves to the staff team. This is something a lot of people would be uncomfortable with and would require a large team of staff members to deal with as it would occur often. It's just not realistic.

    Secondly, people sometimes decide to play Mineplex while on a 'public' internet. Whether it's a school, university, college, library, cafe, business, etc, there are many public spaces which people can go and play Mineplex. Without a doubt, at least one of those players would decide to go on Mineplex twice and hack, and because of the actions of that one person, everyone else in that space using that same internet from then on would be IP-Banned and unable to play Mineplex because of something completely out of their control. This is similar to the idea above that someone who is completely innocent will not be able to play on Mineplex because of the actions of another person. This is just not fair, and will result in a lot of people being IP-Banned from Mineplex unfairly."

    While I disagree with the solution you proposed, I do agree that this discussion is an important one to have to combat the prominent issue of hackers. I do have some alternatives/ideas, which utilise IP's but in a way where innocent people won't be banned.

    So with that being said, here are some ideas of mine -

    Firstly, if a user logs on with an IP that another account is banned on, staff could be alerted and the user could be spectated/watched to see if it's someone continuing to hack on alternative accounts. This could work similar to the /report system, where staff can view a list of possible hackers which they can 'claim' and then watch the user to determine if they are or aren't hacking. The priority/likelihood the player is hacking could also be supplied to staff depending on how many accounts have been banned on that IP, how recently, etc. This would ensure those accounts are found and banned quickly, rather than the user being able to play for an extended period of time on each account. If the user continues to be banned very shortly after joining they will eventually get bored, and something like this would completely prevent innocent players from being banned unfairly.

    Secondly, harsher/longer punishments in general, but especially to those with previous punishments on the same IP. If you ask any staff member, most accounts caught hacking have previous hacking punishments and would have many more on alt accounts. If only these accounts didn't receive such little punishment times, they wouldn't be able to be recycled by hackers over and over again. Currently, from talking to people who have been GWEN banned, it's 5 days first offence, 14 days second offence, and 30 days third offence. These should be increased overall, but especially to those users who have bans under the same IP. For example, if Hacker A has used Account 1, 2 and 3 and has received a hacking punishment on each, it's ridiculous to give Account 4 a 5-day ban as Hacker A can just use all those accounts again once the 5 days is up. Furthermore, when those accounts show up on alt generators in a few weeks from the punishments Hacker B can also use all of them again to hack. If punishments were harsher (for example 30 day first offence, 90 day second offence and perm third offence), and it took into consideration other accounts on the same IP, fewer alt accounts would be available to hackers to use over and over again.

    I also would have to agree with adding in an AntiVPN system in general, but not to combat bypassing bans on alt accounts. Instead, it allows the tracking of users through IP's and allows MP to gather information when they otherwise would have no other information than the account name. Through accessing a user's real IP, and being able to connect it to other accounts, MP can link accounts to the same user and therefore use that information to deal with them in ways I outlined above. Having that knowledge on users is something that's very worthwhile and increases the methods in which alt accounts can be detected, in my opinion.

    Overall, I appreciate your thoughts and ideas on this issue, however, I just can't agree with the solution you proposed for reasons I outlined above. What I can really agree with you on is that an issue such as this requires the mind of several people, and through discussion, I believe practical solutions can result. I hope you can consider my thoughts on your idea, as well as my proposed ideas, and go from there.
    Posted Jan 11, 2019 at 3:56 AM
  5. _spacexplorer_


    i think this is good but what if someone hacks on a school ip no-one else can play then
    Posted Jan 11, 2019 at 5:58 AM
  6. Marzie


    Just wanted to point out that they only really intend to IP ban those that have been network banned. Anyone who spam bots is added as a network banned player and will eventually be IP banned when they come out.
    Mineplex will never purchase or use plugins from off the internet, it just isn't safe and it isn't trustwothy. I want to assume they are very aware of VPNs and probably already plan on blocking these. I'm really not sure why they wouldn't.
    As for GWEN, it's still being slightly worked on and they do indeed plan to improve it as much as they can with every passying day/month/year.

    So I mean I guess your steps are already done and upcoming in the future, just not for hackers all together
    Posted Jan 11, 2019 at 6:17 AM
  7. Unfavorited


    First off, Nice thread! Greatly formatted and easy to read.

    I am going to have to agree with sophie on the situation of IP banning. It's just too risky and like she said staff could potentially punish someone using the exact IP who wasn't hacking because a sibling or even a friend was. Mineplex has been stating that they do plan on IP banning soon and knowing them they wouldn't do it without really thinking it through. Since they were so against it, bringing it in, they wouldn't plan on making any mistakes with it.
    Posted Jan 12, 2019 at 1:51 PM
  8. Sven


    Absolutely, this is not fair at all, which is a negative to IP bans concept in general. The usage of IP bans, in general, is probably the most radical idea that is presented in the forum post, that I agree with. Actions have consequences and although it is not fair (which I agree 100% with you on) it does prevent a user from using the same IP to get back on the server. It may not be fair - but it would be effective in reducing hackers' ability to rejoin the server on an alt account. There requires a balance between what is fair and what is effective. The IP ban concept is not fair, but will it reduce hackers? I think so. IP bans, I admit, will most likely not be adopted, but there has to be another way to prevent someone from using an alt account to bypass their punishment. Until another way is discussed, I do not see there being any other way.

    Agreed 100%

    We do administer IP bans for Network Bans. It may not be realistic but I feel it can be possible. It is whether or not we (being Mineplex) wants to invest human capital and other resources in making it into a reality.

    This is a fair critique in all honesty. However, at the same time, I would argue that the likelihood of Mineplex players being close together geographically speaking is low (especially because there are only max 10k players in the community). From this, I would argue that due to the size of the community, it is unlikely that two mineplex players will cross paths in terms of using the same IP. Once again, there needs to be a blance between what is fair and what is effective. IP banning will not absolutely stop hackers, but it will mame it harder /more strenuous to go to a different IP address and use an alt account.

    This is an intriguing idea because instead of automatically banning/kicking users with the same IP address, Staff can monitor the situation and go from there. With this being said, I feel this would be a huge burden to put on staff and seeing as there are not as many staff as there once was, I think this to work, we would need to have a lot more staff so that they are not overwhelmed with staff requests, /reports and now potentially this IP warning idea as well. But I am intrigued by this idea nevertheless.

    I agree that GWEN bans should be harsher in the duration of the bans it gives to players, however, because GWEN bans are automatic in banning players, I do not think it would be a good idea to give more power to an automatic process - if that makes sense. Additionally, hackers who use alt accounts do not just have one or two or even three alt accounts. They usually have access to as many alt accounts as they wish, so raisng the ban duration given by GWEN would not really change the root issue, which is a hacker's ability to use an alt account on a different IP address to bypass their punishment and continue hacking. For me, our goal is to make it harder for these hackers to use alt accounts to bypass their punishment and by raising the duration may help in cases where the hacker has only one account but will do very little to impact the actvitiy of a hacker who has access to several alt accounts.

    This is an interesting idea and I would agree 100% with this.

    Overall, thank you @Sophie_OGrady for your comments. I really appreciate the discussion and the critiques that you brought. Would love to hear your opinions.
    OP OP
    OP OP Posted Jan 12, 2019 at 4:38 PM,
    Last edited Jan 12, 2019 at 4:44 PM
    Sophie_OGrady likes this.
  9. Titanc


    Love and agree with this idea! :D
    Posted Jan 12, 2019 at 4:40 PM
    Starx280 likes this.
  10. Sven


    Very good point @Marzie I completely agree that the purchasing of a plugin online is not safe, secure or trustworthy especially in the Mineplex context. The VPN Blocker idea (although a product available online for purchase) was included in the original forum post to showcase the type of feature that I believe would help reduce a hacker's ability to utilize a VPN to change their IP and subsequently bypass their ban. What I would suggest is for our incredibly intelligent developers to build a software "in-house" that is Mineplex specific. This obviously has several limitations such as human capital, financial resources, and other resources. But by building a plug-in similar to VPN Blocker, I believe we can make something that is trustworthy, secure and tailored to the Mineplex server. Would love to know your opinion on this! :)
    OP OP
    OP OP Posted Jan 12, 2019 at 4:42 PM
  11. Sophie_OGrady


    Thanks for the reply, @Sven. :)

    In terms of what you're saying in regards to it being effective in reducing hackers, I can't disagree with that. A balance of fairness and effectiveness does need to be reached with something like this. However, I don't believe this degree of unfairness validates the usage of IP bans, and I'd rather nothing be done before this is honestly.

    As I semi-explained later in the post, having access to the user's IP is much more worthwhile than having no information/history on the user. By IP banning you're forcing users to use other methods to join the server on a different IP (which is 100% gonna happen) and doesn't allow any information to be collected on the account. I explain the benefits and what can result from being able to link accounts to one another in the last few paragraphs of my post, and I believe by utilizing that Mineplex can somewhat stop these users effectively without being unfair to anyone.

    Firstly, Network Bans aren't IP bans - they're regular permanent bans.

    What I was saying was unrealistic is the appeal process of siblings who can't play due to a sibling being IP banned. There's no way to really do it without either invading user's privacy severely, or making people responsible and face the repercussions of their sibling's actions.

    As I said above I'm not going to disagree it will reduce the number of hackers, but like you've mentioned, what's fair? The answer to that question is most certainly subjective, but I'd argue that any amount of players being falsely banned is unfair to those users.

    I wouldn't say the likelihood of players being close together geographically is low, and in my opinion, it'd be quite likely that there are users using the same IP considering the spaces I've listed typically have thousands of people. I'd also say there's a lot more than 10k players in the MP community, considering there's 20K on both the Discord and Forums alone. Those platforms would only have a percentage of the total MP community, so I'd say providing a max 10K is a drastic underestimate.

    Monitoring the situation and going from there is exactly why I suggested something like this as it completely prevents false bans from sharing IP's. It allows only users who are breaking the rules to be punished through alerting staff.

    I do understand the workload it puts on staff, however, it's not something they'll be forced into doing. Similar to reports, I envision it to be something optional for them to do, and only if they have the time to. Even if staff don't have time to look at some of these notifications, they'll be able to look at at least some of them which is better than nothing, in my opinion.

    It's also possible to integrate the /report for hackers and this idea into one, so the list staff member sees displays both user /report'd hackers and users who share an IP with a banned account. This way it isn't something overwhelming yet they can still be aware/notified these users are on the network if they wish to.

    I understand what you're saying with giving more power to an automatic process such as GWEN, but isn't IP banning an automatic process with banning accounts which try to login but share an IP with a banned account? It bans them, no questions asked or manual interference/checking involved.

    A lot of alt accounts are recycled by hackers rather than being dedicated to a singular one. People who used alt gens and shops a while back know that prior to incredibly short hacking punishments, the majority of them would already be banned for either hacking or bot spam/advertising which slows the process down. Nowadays, as so many of these recycled alt accounts are used over and over and by multiple different hackers, there's really not much preventing the recycling of them as the maximum GWEN ban is 30 days, and that's after the 3rd offence.

    I understand the goal is to make it harder for hackers to use alt accounts, and I believe the suggestions I provided (in combination) will accomplish that.

    Of course!
    Posted Jan 13, 2019 at 2:48 AM
  12. EoinSMC


    Sven said for a plugin like VPNGuard to be developed, not just use one of the 2 he mentioned. Or at least thats what I interpreted it to be
    --- Post updated ---
    100% agree btw great thread Sven
    Posted Jan 13, 2019 at 3:32 AM
  13. Callum5771


    Sven bud!

    Fun to the side, I also believe that something does need to be done. I also believe that VPN's are a problem as only a small number of players actually use them, I suggest that mineplex does block VPN's (or VPN IP addresses) this would significantly lower the amount of Staff Requests, of which we do both help out in, which is great for us players and staff.

    As for GWEN, I think that 'she' not only adds personality to the server, but also isn't a problem, and is quite a good anticheat, but I know a lot of players will disagree with this, but to those players I say keep an eye on the GWEN> prefix in chat and how it is popping up every few minutes, especially in lobbies. She is doing her job with success, of course, there is always room for improvement.

    I think it's also important that that staff are PROactive instead of REactive, yes, I totally agree. But, they can only do this if the punishment system allows them too, which requires a change in rules, hence I'm going to tag @Toki because she's awesome, to hear her opinion.

    For everyone, I <3 you all and hope to see you soon, I'm always helping out in StaffRequest so feel free to message me! I hope to see you soon!

    Stay awesome, and thanks for bringing this issue up @Sven .
    Posted Jan 13, 2019 at 4:17 AM
  14. millsmolls


    I hate that if your sibling, or someone in your household is hacking, because then you log on, they then think you're an alt, you then say that your their sibling or friend and they just can't believe you (which I understand since that's an overused excuse.) My brother hacks quite a lot, luckily he doesn't on Mineplex though since I warn him not to. He got banned on a server, then I was banned for being his ALT, and I'm a completely different person who has never hacked. That's the thing that I find annoying and unfair, but there's nothing really to resolve this particular issue.
    Posted Jan 13, 2019 at 5:09 AM
  15. Ender Rivka

    Ender Rivka

    I agree with all of your points. I've always been a supporter for IP bans. Although some innocent people can't play, think of how many hackers couldn't play! That's a lot. Positives outweigh the negatives, and using a VPN blocker is a good idea for solving the VPN problem. I see no flaws.
    Posted Jan 13, 2019 at 11:21 AM

Share This Page