How do I secure my server?

There are many types of hacks in this day of age of Minecraft with dozens of hacked clients meant to slide under the radar of most cheat detections. So, which anti-cheat should you go for?

To stop the most common cheat, Xray, Paper has built-in anti-Xray support. Simply go to paper.yml in your server files and change it to enabled, then change the engine-mode to 2. This will require slightly more bandwidth for your players, but it will stop nearly all Xray. A good guide for configuring your anti-Xray settings can be found HERE

NOTE: existing lag may cause ghost blocks to appear for players on engine-mode 2.

Anti-VPN (blocks VPNs)

Although there are legitimate uses for a VPN, they can also be used to bypass an IP ban or to avoid being detected as a secondary account.  This plugin restricts users without the bypass permission to be unable to connect with a VPN.

AltFinder (Restricts secondary accounts)

Players are usually able to bypass punishments by using a different account.  This plugin gives admins the ability to quickly check whether an account has connected with the same IP as any other account, which means the accounts are related.

2FA+ (Protects staff accounts)

Hackers may attempt to gain access to staff accounts in order to control the server.  This plugin can be configured to require admins to use two-factor authentication so that even if a hacker gains access to an admin’s Minecraft account, they are unable to play on it.

NoCheatPlus with Captain_Obvious’ config or Matrix

NoCheatPlus and the free version of Matrix are free anti-cheats which offer significant improvements over the vanilla anti-fly as well as detecting other forms of hacks commonly used on clients such as Wurst. They are recommended by many due to the plug and play feature set as well as its improvements over other free alternatives and vanilla protection. It functions to an extent and is highly recommended for those who don’t want to spend money on anti-cheat software.

AAC + AACAdditionPro with Celebrimbor’s config

AAC is a long-standing anticheat that has been with the community since 2015. Unlike alternatives that have popped up over the last 3 years, this anti-cheat has been proven to be stable and has been used on many popular networks in the past. However, with premium anti-cheats, there is always a debate on which is best and it is better to look at an updated list of most premium anti-cheats and see for yourself which one is most likely to be suited for your use case.

It should be noted that the “best” anti-cheat doesn’t exist. The No.1 anti-cheat isn’t something that can be definitively measured. If you were to get specific, there are different levels of anti-cheats and in many cases on specifically small scale servers, a premium anti-cheat is generally not needed. Just having an active community alongside competent staff will mostly perform better than an anti-cheat. They are designed to be an aid and not an automated system in this specific scenario.

However, in a larger community, it is better to have an anti-cheat of decent quality. As to ensure that there isn’t an unfair advantage between players in a scenario where individually looking at each player would be an arduous and tedious task and more subtle forms of hacking might appear as the variety of players increase. This branch of cheating would be harder to detect without having large amounts of experience especially in a scenario without an anti-cheat where you can not confirm your suspicions.

For large networks, it is generally advised to go with a more up-market anti-cheat which can better accommodate larger player counts without issues and false detections. There are many examples of up-market anti-cheats yet there is also the issue of potential scams and abandoned solutions in which case getting a custom anti-cheat from a respected developer would work better.

Feel free to compile a list of anti-cheats here.

[egg link]