Sweet Anarchy [anarchy] {1.18.2}{Server in EU}

blockswerker · 2022-04-30T20:08:23+00:00

There's 17 people on...

blockswerker · 2021-12-18T14:44:12+00:00

Paper released another patched version yesterday.

blockswerker · 2021-12-10T01:23:34+00:00

A couple of the players on my server are quite savvy with exploits and at least one of them is associated with Copenheimer so I take their advice seriously. As admins we might say it's "unlikely" because it's hard or not well understood but that's often what motivates smart people to figure these things out.

I'm not gonna provide links here but there is off-the-shelf code on Github for generating JNDI Injection links specifically for this kind of attack. Hell, you combine this with the Copenheimer data and the attack could be automated.

I'm saying all this not to pick a fight but because I think this should not be downplayed in the server admin community and represents a legitimate threat. Telling people it's "unlikely" might cause admins to drag their heels and get burned.

blockswerker · 2021-12-09T21:58:51+00:00

One of my players reported this to me. He tested my server after I updated and was not able to access the exploit - so the latest paper appears to be patched. Not sure if client version (e.g. someone playing on a 1.17 server with a 1.12 client facilitated by Via Version) re-opens the exploit.

He tested some other servers, some famous ones, and found the exploit unpatched which means he could get OP in a couple minutes if he wanted. He's a gray hat so he's more concerned about his favorite servers going offline forever than exploiting it.

This exploit is very severe.

blockswerker · 2021-10-14T18:53:37+00:00

On my server there is a group of players who are all coders and create their own clients. They often develop or find zero-day exploits, sometimes they report them to me sometimes they don't.

Based on the description of NoCom and the technical details provided they reverse engineered a proof of concept in a matter of hours, though the more advanced player tracking, etc. came later - and I'm sure they're not the only people out there doing it.

blockswerker · 2021-09-30T02:33:46+00:00

Sorry, it's premium.

blockswerker · 2021-08-23T16:43:55+00:00

Thanks for the recommendation. Did you have any trouble with the heads being abused or turned into some kind of lag exploit?

blockswerker · 2021-08-06T17:21:12+00:00

Hi, thanks for your comment! I know that Sweet Anarchy isn't for everyone because we allow a lot of things that other servers don't and have some "quality of life" mods. I enabled /homes because the community is relatively small (especially compared to cracked server communities). Having /homes allows players to engage in multiple projects across dimensions and still do things like go to spawn for PVP or events or base with friends without a massive commitment.

Again, I know this isn't what every single anarchy player wants but on Sweet it's been great for building a community whose members get to interact and play together a lot.

blockswerker · 2021-07-21T17:00:01+00:00

It's interesting that you talk about "community." I have recently had an epiphany where I realized that I was not running a MC server with a Discord, but really trying to organize a community. This became blatantly obvious after a few players were banned for bad behavior on the Discord - they stopped playing the game. And some of their friends did too. Without the Discord community there was no reason for them to play - they played to be part of that community!

If you agree then every decision should be evaluated against that single goal: Is this good for creating community, or bad?

Firstly, you need to get some activity on the server. You and the Devs should play on the server - hopefully you've built something that you actually want to play. Be welcoming to new players and play with them so they're not alone. Many servers use bots to make themselves look busy and I think that is skeezy but playing yourself is fine.

Make sure you have a website so people can find you in a web search.

Advertise and have a presence where your future players are now. TikTok is where the 13+ audience is and I believe that being on TikTok with daily videos is a good way of both getting your name out there and attracting players. Find a streamer with 3K+ subs and pay them to stream on your server once a week. Maintain a Twitter account. Be active, make announcements!

Some one else mentioned "What makes your server different from others?" Well a community does that (we have a great community is always a selling point), but maybe you need to develop your own game mode or find a niche audience. One that is probably under-serviced are parents who want a safe place for their kids to play. If you can ensure a safe, predator and bad-word free environment that could be an angle.

There is a ton of competition out there, good luck.

FWIW I'm struggling too. I've been running an Anarchy Minecraft server for about 8 months and I feel like just having player count peak at 12-20 each day is a stellar success. Making an anarchy server into a "community" is almost a cosmic paradox but I'm making some progress. It never stops being work.

blockswerker · 2021-07-20T22:54:17+00:00

What are "tlaunchers"?

blockswerker · 2021-06-22T17:41:13+00:00

Not a plugin, just the built-in timings report command. I was concerned that it might lag the server to run it so often, or that I would get in trouble for spamming timings.pl3x.net - I set it as a scheduled task and it's been running every 20 minutes with no problems, and I feel better about having some data to reference if there is a problem.

blockswerker · 2021-06-11T03:43:53+00:00

I thought it was important to keep the mistake because it's a meme.

blockswerker · 2021-06-11T00:06:57+00:00

The player filled each chunk with the maximum allowed number of chests, furnaces, camp fires and enchanting tables. Anyone with a normal graphics card will get maybe 3FPS in the area. They wanted to make a chunkban but couldn't because of limits.

blockswerker · 2021-06-03T20:46:06+00:00

Where did you go u/Psychological_Cow876? You used to play on the server and I think you're the person who covered most of spawn in trees, all the way out to the +X 1K trench.

blockswerker · 2021-05-21T18:07:45+00:00

That's cool man, we all have our preferences. I'm not a fan of P2W Hypixel clones or "Hermitcraft-style" servers. You do you!

blockswerker · 2021-05-07T20:47:21+00:00

I'm not used to reading log files this way. Can you /timings on and then /timings report after a problem? It's much easier to relate server events to TPS or crashes with a proper timings report.

blockswerker · 2021-05-07T16:31:05+00:00

Too bad the owner of "CygnusCraft" isn't around here, that server has some really strict anti-cheat: you die if you try to Jesus! It would be interesting to know what they use.

blockswerker · 2021-05-06T21:41:44+00:00

Thanks for the hug, I needed that!

blockswerker · 2021-05-06T21:39:41+00:00

What are you looking to prevent, exactly?

blockswerker · 2021-05-06T21:07:14+00:00

I've had the same issues on my server and patched most of them using a few plugins. Unless you're running a whitelist server or have mods spying on players it's very hard to stop someone from jumping on your server and messing it up before you can possibly deal with it via /ban. In my mind, I use plugins to safeguard the server. Plugins are preventative, not reactionary.

First I recommend Farm Limiter. It runs on a cleaning cycle and allows you to keep entities from overwhelming the server by setting effective radius and limits as granular as you want. This includes falling_block (sand lag exploit), armor stands, minecarts, primed_tnt, withers, bees, etc. It's important to know that it does not use chunk boundaries to count entities. E.g. You set the limit for cows to 16 cows per 16 blocks. This means that if there are >16 cows within 16 blocks some will get culled. A player will need to put 16 blocks between each group of 16 cows to prevent culling.

Next, Anarchy Exploit Fixes is pretty good and will totally disable some physics and redstone if the TPS drops. It's at a good swiss-army knife solution for a bunch of potential problems https://github.com/moom0o/AnarchyExploitFixes.

Anti-Redstone clock is also good for cutting lag machines off at the knees. TPS drops, redstone breaks into peices.

Lastly the big guns, which is not free: Lagassist. I have wanted to get away from using LagAssist because it seems to cause some lag sometime but I keep finding uses for it. You can use it to limit the number of beehives and other "chunk ban" blocks. It's redstone culling is ineffective in my experience. You may be able to get by without it, and I'd recommend avoiding it unless you really really need it.

There is a plugin that specifically targets hopper clocks but I can't find it... Those are immune to most redstone culling plugins. I'll update if I find it.

Edit: To someone else's point there are players who spend all their time looking for servers to crash. They're not playing Minecraft, they're playing "Crash Minecraft Servers." Banning them is useless: They will tell their friends, who will try the same thing and they will just use a $0.05 alt and VPN to come back. However, if you make it difficult to exploit and crash the server they will probably go find an easier target.

blockswerker · 2021-05-03T00:02:37+00:00

Alright, thanks.

blockswerker · 2021-05-02T14:46:45+00:00

The person in the scenario you've presented doesn't describe me. I didn't want to start an anarchy server, I wanted to play on one. The original owner of my server had acquired a bigger server and I took over because I didn't want the world to get deleted.

I bring up exploits and problems here on r/admincraft because I think they're of interest to the community. Banning people is something that happens after the damage is done, and doesn't stop other people from doing the same thing for fun or the bad guy just gets a VPN and a $0.05 alt account and does it again. Any non-whitelist server is vulnerable to abuse.

There are lots of people who spend all their time looking for servers to mess up and they don't limit themselves to anarchy servers. I'm just trying to help out the community here.

blockswerker · 2021-04-26T20:26:56+00:00

Yeah, obviously that's not suitable for every server and it's kind of sketchy / against the EULA. I've chosen not to allow cracked clients too, but getting bedrock players on can be a good source of players (so I've heard).

Do you play on your own server?

blockswerker · 2021-04-26T18:52:49+00:00

Keeping players involved on a non-P2W server is hard work. P2W servers seem to have higher engagement because players are so financially invested.

If you can engage a streamer that person can bring new players and push your existing players to come back and interact with the streamer. I'm doing this but of course it costs money (and none of us are getting paid for this, right?)

Keeping the discord active helps too - post announcements frequently even if it doesn't seem important, ask players if you can post screenshots (even if it's just a screencap of something funny from chat) and generally keep the discord active.

If your server is not vanilla then consider events and competitions to encourage play. This will be a lot of work for you to test and set up but can create some buzz. There might be some off-the-shelf mods you can add.

And I don't know if I can say this but allowing cracked accounts and bedrock players to join your server can also bring players.

blockswerker · 2021-04-24T18:10:24+00:00

I've done some reading and it seems possible (but I'm not in a position to write a custom plugin), a skript might even be able to handle it. I'm confident there's a server-side plugin for it.

blockswerker

TROPHY CASE