jonesdevelopment
Bug Report: False positive with transaction check
General information
Players are joining to server, and randomly sonar throws false positivies
Steps to reproduce
- Join to the server
Sonar dump
[Sun 13:18:22 INFO Sonar] Сгенерированный дамп: {"memory":{"total":"3.3 GiB","max":"16 GiB","free":"1 GiB","used":"2.3 GiB"},"runtime":{"virtualCores":4,"jvmArguments":["-Xms128M","-Xmx16384M","-Dfml.queryResult\u003dconfirm","-Dlog4j2.formatMsgNoLookups\u003dtrue","-Dterminal.jline\u003dfalse","-Dterminal.ansi\u003dtrue","-DIReallyKnowWhatIAmDoingISwear\u003dtrue","-Djdk.module.illegalAccess\u003ddeny","-Duser.timezone\u003dEurope/Moscow","-DPaper.IgnoreJavaVersion\u003dtrue","-DPurpur.IgnoreJavaVersion\u003dtrue","-XX:+UseNUMA","-Dlog4j2.formatMsgNoLookups\u003dtrue","-Dfym_st\u003dtrue","-XX:G1HeapWastePercent\u003d10","-XX:+OptimizeStringConcat","-XX:+TieredCompilation","-XX:+EliminateLocks","-XX:+UseSuperWord","-XX:+OptimizeFill","-XX:LoopUnrollMin\u003d4","-XX:LoopMaxUnroll\u003d16","-XX:+UseLoopPredicate","-XX:+RangeCheckElimination","-Dfile.encoding\u003dUTF-8","-XX:+DisableExplicitGC","-XX:+UseFastJNIAccessors"],"vmName":"OpenJDK 64-Bit Server VM","vmVendor":"Eclipse Adoptium","vmVersion":"21.0.4+7-LTS"},"os":{"name":"Linux","arch":"amd64","version":"5.15.0-100-generic"},"sonar":{"version":"2.1.9 (0c8106ea)","platform":"BUKKIT","gitBranch":"main","gitCommit":"0c8106ea"}}
Additional information
[Sun 13:15:53 INFO Sonar] 92.249.98.22 (754) не прошел проверку бота на: expected T ID -29784, but got -7360 [Sun 13:15:54 INFO Sonar] Zoon52178.91.99.176 (763) подключился. [Sun 13:13:59 INFO Sonar] 178.178.242.121 (754) не прошел проверку бота на: failed CAPTCHA too often [Sun 13:14:02 INFO Sonar] NoPet178.178.242.121 (754) подключился. [Sun 13:14:03 INFO Sonar] 178.178.242.121 (754) не прошел проверку бота на: expected T ID -18120, but got -31228 [Sun 13:14:03 INFO Sonar] 178.178.242.121 (754) был занесен в черный список за слишком большое количество неудачных попыток [Sun 13:15:20 INFO Sonar] Zoon52178.91.99.176 (763) подключился. [Sun 13:15:21 INFO Sonar] 178.91.99.176 (763) не прошел проверку бота на: expected T ID -30298, but got -9890
Im using Grim
That's weird... I've tried it with packetevents/Grim before and it worked fine. Can you share a list of your plugins? Also please make sure to update to the latest version of Sonar.
It should be fixed whenever https://github.com/jonesdevelopment/sonar/issues/398 is implemented. I'm currently sick, so it could take some more time before being implemented.
Yes, i can share.
[18:34:10 INFO]: Paper Plugins: (3): [18:34:10 INFO]: - BKCommonLib, FancyHolograms, LogFilter [18:34:10 INFO]: Bukkit Plugins: (82): [18:34:10 INFO]: - AdvancedCrates, AfkPool, ajLeaderboards, AntiProxy, *AntiWorldDownloader, AuthMe, AxSmithing, BAirDropX, BAuction, BetterEconomy [18:34:10 INFO]: BetterRTP, BetterStructures, BLib, BlockParticles, Boss, BSpawner, Chatty, Chunky, Citizens, CMI [18:34:10 INFO]: CMILib, ConditionalCommands, CoreProtect, DecentHolograms, DeluxeMenus, Duels, EasyPayments, ExecutableItems, FacilisCommon, FastAsyncWorldEdit [18:34:10 INFO]: fmPotionStacker, GrimAC, GUIPlus, HamsterAPI, holoclear, KatsuChest, keycard, LiteBans, LootChest, LPX [18:34:10 INFO]: LuckPerms, LWRespawn, MarsGenerator, MoonGenerator, MotdChanger, My_Worlds, MyCommand, NBTAPI, *NewbieChat, nnTNTs [18:34:10 INFO]: ntdAntiRedstoneCrash, packetevents, Pirate, Pl-Hide-Pro, PlaceholderAPI, PlayerCrasher, PlayerPoints, PlugManX, ProtectionStones, ProtocolLib [18:34:10 INFO]: PSAddon, PvPManager, SCore, Seller, Sonar, SpacePlugin, spark, TAB, TerraformGenerator, ToCheckPlayer [18:34:10 INFO]: WorldGuard, WorldGuardExtraFlags
And,
[18:36:40 INFO]: Current Purpur Version: 1.20.6-2233-0d6766e (MC: 1.20.6)*
- You are running the latest version Previous: 1.20.6-147-e41d44f (MC: 1.20.6)
i will test update, and send results, (and rec with false, if it still)
Some plugin on your server seems to be injecting improperly. I'm guessing it has something to do with either HamsterAPI or another plugin using packets. Sonar has been tested with packetevents, so I'd exclude PlayerCrasher, packetevents, and GrimAC from the list of plugins that could cause this problem.
As previously said, this will be fixed after #398 is implemented. It may take a few weeks, so until then, I recommend running a binary search on your plugins to check if any of them are causing issues.
Some plugin on your server seems to be injecting improperly. I'm guessing it has something to do with either HamsterAPI or another plugin using packets. Sonar has been tested with packetevents, so I'd exclude PlayerCrasher, packetevents, and GrimAC from the list of plugins that could cause this problem.
or LPX
@MahadRegent Quick question, what do you use HamsterAPI for? I see ProtocolLib and packetevents on the server, but why do you need a 3rd, less known and less maintained packet listener API plugin? (I've never tested Sonar with HamsterAPI.)
@MahadRegent Quick question, what do you use HamsterAPI for? I see ProtocolLib and packetevents on the server, but why do you need a 3rd, less known and less maintained packet listener API plugin? (I've never tested Sonar with HamsterAPI.)
ExploitFixer
ExploitFixer
I do not see that plugin in his plugins list.
others do not use, this is from the author of exploitfixer
others do not use, this is from the author of exploitfixer
I know, that's why I was wondering why the plugin is installed in the first place. If he's using LPX, there should be no need to keep HamsterAPI on the server.
I have used ExploitFixer, but now using LPX. I think, i forgot to remove the lib.
I have used ExploitFixer, but now using LPX. I think, i forgot to remove the lib.
Let me know if the issue still persists after removing HamsterAPI.
[21:40:41 INFO]: [Sonar] (765) не прошел проверку бота на: expected T ID -21284, but got -7160 [21:40:48 INFO]: RlrSanta lost connection: Disconnected [21:40:53 INFO]: [Sonar] zara20 (765) подключился. [21:40:54 INFO]: [Sonar] (765) не прошел проверку бота на: expected T ID -7157, but got -5532 [21:40:54 INFO]: [Sonar] (765) был занесен в черный список за слишком большое количество неудачных попыток [21:40:55 INFO]: Galaxy773 issued server command: /spawn
no, its still false
[21:42:15 INFO]: Paper Plugins: (3): [21:42:15 INFO]: - BKCommonLib, FancyHolograms, LogFilter [21:42:15 INFO]: Bukkit Plugins: (77): [21:42:15 INFO]: - AdvancedCrates, AfkPool, ajLeaderboards, AntiProxy, *AntiWorldDownloader, AuthMe, AxSmithing, BAirDropX, BAuction, BetterEconomy [21:42:15 INFO]: BetterRTP, BetterStructures, BLib, BlockParticles, Boss, BSpawner, Chatty, Chunky, Citizens, CMI [21:42:15 INFO]: CMILib, ConditionalCommands, CoreProtect, DecentHolograms, DeluxeMenus, Duels, EasyPayments, ExecutableItems, FacilisCommon, FastAsyncWorldEdit [21:42:15 INFO]: fmPotionStacker, GrimAC, GUIPlus, holoclear, KatsuChest, keycard, LiteBans, LootChest, LPX, LuckPerms [21:42:15 INFO]: LWRespawn, MarsGenerator, MoonGenerator, MotdChanger, My_Worlds, MyCommand, nAntiBot, NBTAPI, *NewbieChat, nnTNTs [21:42:15 INFO]: ntdAntiRedstoneCrash, packetevents, Pirate, Pl-Hide-Pro, PlaceholderAPI, PlayerCrasher, PlayerPoints, PlugManX, ProtectionStones, ProtocolLib [21:42:15 INFO]: PSAddon, PvPManager, SCore, Sonar, SpacePlugin, spark, TAB, TerraformGenerator, ToCheckPlayer, ToParticlePunch
nAntiBot i just tested, because on my server is +- 30k cps attack, but it's isn't working good
nAntiBot i just tested, because on my server is +- 30k cps attack, but it's isn't working good
It will probably be hard to handle without any good antiddos protection, but I may be wrong.
nAntiBot i just tested, because on my server is +- 30k cps attack, but it's isn't working good
it's good for cps attack
Sorry, but I am pretty sure this can't be fixed in Sonar 2.0 simply because of the way it injects. Look out of announcements regarding 3.0 on the Discord: https://jonesdev.xyz/discord