Lightweight and easy-to-use anti-bot plugin for your Minecraft server. Supporting every client and server version.
An effective and extensible solution for protecting your Minecraft server against all kinds of bot attacks
Releases | Issues | Pull Requests | Discord | License
- Effective, lightweight, and easy-to-use
- No unnecessary features and clean code
- Protection against all kinds of bot attacks
- No player should be annoyed by any sort of CAPTCHA
- No sort of checking for VPNs or proxies
- Multi-platform support (See supported versions)
- Fallback is Sonar's main anti-bot component
- Sonar queues new player logins to prevent spam login attacks
- Sonar checks the handshake packets for legitimacy
- Sonar makes sure some packets cannot be duplicated illegitimately
Fallback analyzes a player's behavior before joining the actual server, therefore stopping malicious traffic from ever reaching the backend. It is supposed to be an instant, powerful, and invisible method of verification that should prevent all typical and advanced types of bots.
- Sends the player to a lightweight fake server when they connect for the first time.
- Analyzes if the player is sending the necessary packets.
- Analyzes if the player is sending legitimate packets.
- Checks if the player is obeying client gravity.
- Checks if the player is colliding with blocks correctly.
Fallback also protects against huge spambot attacks since it queues the incoming connections, therefore making it technically impossible to have a ton of bots join the server at the same time.
Fallback is unlikely to ever falsely prevent a player from joining the server since Minecraft uses the TCP protocol, which means that packets are always sent in the correct order. Therefore, lag or ping should not affect the bot check. However, there are some edge cases where Fallback might not receive packets within the necessary time period. In this case, Sonar tries to account for these edge cases in order to prevent false positives. If you or one of your players experiences a false positive, make sure to report it by opening a GitHub issue or a ticket on Discord.
If you want to build your own version of Sonar, please take a look at the Sonar building documentation.
You can also take a look at the gradle documentation for a better understanding of Gradle.
If you are interested in contributing, you can check out the Contributing Guidelines for detailed instructions.
Sonar is licensed under the GNU General Public License 3.0.
- Special thanks to the contributors of Sonar.
- The Varint decoding was taken from Velocity.