Sonar is a lightweight and easy-to-use anti-bot plugin for your Minecraft server. It supports every client and server version. It's an effective and extensible solution for protecting your Minecraft server against all kinds of bot attacks.
Currently only working on Velocity and BungeeCord — Bukkit support is being worked on
Design and Goal
- Effective, lightweight, and easy-to-use
- No unnecessary features and clean code
- Protection against all kinds of bot attacks
- No player should be annoyed by any sort of captcha
- No sort of checking for VPNs or proxies
- Multi-platform support (Velocity, BungeeCord, and Bukkit)
- New player logins are queued to prevent spam login attacks.
- Fallback is Sonar's main component designed to prevent all types of bots.
- Spigot & BungeeCord
- Duplicate login/status packet spam fix
- Run server ping handling asynchronously
- The Varint decoder is updated to Velocity's improved MinecraftVarintFrameDecoder.
Fallback analyzes a player's behavior before joining the actual server, therefore stopping malicious traffic from ever reaching the backend. It is supposed to be an instant, powerful, and invisible method of verification that should prevent all typical and advanced types of bots.
- Sends the player to a lightweight fake server when they connect for the first time.
- Analyzes if the player is sending the necessary packets.
- Analyzes if the player is sending legitimate packets.
- Checks if the player is obeying client gravity.
- Checks if the player is colliding with blocks correctly.
Fallback also protects from huge spambot attacks since it queues the incoming connections, therefore making it technically impossible to have a ton of bots join the server at the same time.
Fallback is unlikely to ever falsely prevent a player from joining the server since Minecraft uses the TCP protocol which means that packets are always sent in the correct order. Therefore, lag or ping should not affect the bot check. However, there are some edge cases where Fallback might not receive packets within the necessary time period. In this case, Sonar tries to account for these edge cases in order to prevent false positives. For example, some higher Minecraft versions have a bug where the client sometimes sends a packet out of order. Sonar accounts for that and does not falsely blacklist clients. If you or one of your players experiences a false positive, make sure to report it by opening a GitHub issue or a ticket on Discord.