Contributorshoton, Rqcco, Celebrimbor, Janmm14, geNAZt, Elevated
- 1.8
- 1.9
- 1.10
- 1.11
- 1.12
- 1.13
- 1.14
- 1.15
- 1.16
Please read all of the overview carefully before purchase! By purchasing AAC you confirm that you have read the entire overview and you agree to the ToS below
AAC Support
What is AAC
- For feature requests, errors, bugs and bypasses, use the Issue Tracker
- For simple questions about AAC, ask in the resource discussion
- For general discussion and support, join our Discord server
AAC is a powerful anti-cheat plugin for Minecraft servers. You can evaluate its capabilities at the official test server:
test.kons.co
It features 7 broad checks which collectively cover a wide variety of cheat modules.
Note that AAC does not feature specific checks for inventory-related cheats or walking speed scaffolds. You may wish to consider the open-source AACAdditionPro for those and other niche checks. AACAdditionPro is not affiliated with AAC.
- Delays mitigates cheats that attempt to speed up actions that normally take a certain amount of time. It covers modules such as FastBreak, Regen, FastBow, FastEat, and similar. Statistical methods are used to ensure the check is robust and accurate during periods of server and network lag.
- Move covers many forms of movement cheats, including flight, speed, step, phase, timer, etc. The move check adapts to a wide variety of different situations, blocks, potion effects, attribute modifiers (1.9+), liquids and more. It accounts for subtle differences in movement between client versions using the ViaVersion API, and accurately checks players flying with an elytra or riding horses.
- Aimbot, Autoclicker and Hitbox collectively detect many different combat cheats, such as killauras, aimassists, and reach or hitbox cheats. These checks have been rigorously tested, feature built-in lag compensation and are equally accurate in PvP and PvE scenarios.
- Interact detects and prevents players from interacting with blocks that they cannot see. For example, it can stop players from breaking blocks behind walls, 'expand' scaffold cheats, and placing blocks outside of their line of sight.
- Misc looks for various subtle indicators that a player is cheating, such as invalid rotations or specific packets that are often accidentally sent by hacked clients.
AAC does not check players that are flying, in creative or spectator mode, or that are connected via GeyserMC.
Why AAC
AAC is fast
AAC has phenomenal performance. On this server with 140-150 players, AAC uses less than 4% of the tick, and less than 2ms in total, equivalent to less than 0.03%/tick per player.
AAC is asynchronous by design, performing the majority of its work at the packet level rather than on the main server thread. It has undergone extensive internal optimisation and is incredibly lightweight as a result. It achieves its performance despite still analysing every single movement, interaction and attack that occurs on your server.
AAC is easy to use
AAC does away with cryptic check names, abbreviations and incomprehensible numbers. Instead, we have the AAC Player Analysis.
Spammy violation messages are replaced by a clear explanation of what AAC knows about a given player which requires no specialist knowledge to understand. The detail is still available for those who want it, and can be seen in /aac debug or by hovering over entries in a player analysis.
AAC works out of the box, with a lenient default config that's designed for maximum stability. Alerts are short and unintrusive, and you can ask to be shown fewer alerts, or turn them off entirely and allow AAC to automatically handle cheating players.
AAC is automated
Many of AAC's checks can automatically prevent cheaters from impacting your server - this is called mitigation. For example:
This process works silently in the background, has lag compensation built in and generous buffers by default to minimise the effect on legitimate players.
- The move check can teleport players down if they try to fly
- The delays check can replace blocks that were broken too quickly
- The hitbox check can block attacks that are out of range
- etc.
AAC can also execute commands when it is more certain that a player is cheating. These are called actions and are completely configurable. You can combine any set of features into a threshold group, and configure arbitrary commands to execute when their combined score reaches a certain value. By default, AAC's threshold groups:
It's easy to disable actions and mitigation, or to make them more strict or more lenient in the configuration file.
- Print the player analysis in the console for future reference
- Reset the player analysis so the threshold action is not executed again when the player rejoins
- Kick the player with a default kick message
AAC is intelligent
AAC takes many factors into account when analysing each player. It knows that new players are more likely to cheat than established players, and that a frequently changing remote address can indicate a compromised account. It automatically excludes Bedrock players connected through GeyserMC from checking, and understands differences between Minecraft client versions connected through ViaVersion or ProtocolSupport. Player analyses are generated by aggregating data from all of AAC's features and provide a realistic summary of their likelihood of cheating.
Compatibility
AAC is designed to be broadly compatible. However, AAC may be incompatible with any plugins that might interfere with packet/event listeners or make players appear as if they are cheating. For example:
AAC is incompatible with security managers that are enforced by some shared hosting providers
- Plugins that speed up block breaking, or that break blocks on behalf of a player
- Plugins that continuously apply velocity to give the effect of flight
- Only on 1.8.x servers Attribute Modifiers applied to items or armour
- Non-vanilla enchantments or potion effects
- PerWorldPlugins
- Other anti-cheat plugins
AAC is tested on Spigot and Paper. Other forks may be compatible, though we cannot test or guarantee this. In particular, any server forks that change NMS mappings, bounding boxes or packet handling may be incompatible.
AAC is tested and known to be compatible with:
Many plugins can be made compatible with AAC with relatively little effort:
- mcMMO
- ViaVersion, ViaBackwards, ViaRewind, ViaRewind-Legacy-Support (installed on backend servers, not bungeecord)
- GeyserMC (requires Floodgate on backend servers - Setup Instructions)
- OldCombatMechanics
- ProtocolSupport (though most testing is done on Via*)
Usage
- Make sure any Bukkit events that you fire are subclasses of the actual event (e.g. fire FakeBlockBreakEvent instead of BlockBreakEvent)
- Make sure you don't modify or send packets on behalf of a player
- As a last resort, hook into AAC's API and call addExemption and removeExemption as necessary.
AAC will work to detect and mitigate cheating automatically without user intervention.
If you're interested in finding suspicious players, run /aac status and try clicking any names highlighted in yellow or red.
An AAC alert looks like this:
Code (Text):
AAC player - Spectate
You can click on the player name for more information or on 'Spectate' to teleport to them.
Installation
Multiversion servers
- Download AAC and ProtocolLib and place them in your plugins directory. Pay attention to the overview of ProtocolLib to determine which version you need to download.
- Restart your server.
- Give staff members appropriate permissions. We suggest: aac.alerts, aac.status, aac.spectate and aac.check
- Read through /aac help in-game
- Optional Configure the kick commands in config.yml to your liking
Bungeecord
- If you use ViaRewind, make sure you are on 1.5.3 or above.
- If you use ViaVersion, make sure you are on 3.2.1 or above.
Permissions and Commands
- AAC must be installed on all backend servers where you want alerts/detection.
- Configure a MySQL database in config.yml. All backend servers must be connected to the same database.
- Set bungeecord: true for cross server alerts in config.yml.
- To execute commands on the proxy server, consider installing CommandSync
AAC provides the following permissions and commands.
aac.bypass
Allows a player to completely bypass all of AAC's checks. This permission is checked on join - adding or removing it has no effect for a player that is already online.
aac.status
Gives access to /aac status. Can be executed alone for a list of all online players, colour coded and sorted by analysis score. Can be executed with a player argument for a detailed analysis of the player's actions to date.
aac.exempt
Gives access to /aac exempt, which can be used to temporarily allow a player to bypass AAC's checks. Exemptions applied by this command can be toggled at any time, persist between logins and across multiple backend servers, provided that they are connected to the same database.
aac.spectate
Gives access to /aac spectate (alias /aac spec). This teleports a staff member to a target player, optionally setting their gamemode or executing other arbitrary comamnds (such as vanish). Running the command without a player argument will teleport the staff member back to where they were before spectating.
aac.sudo
Gives access to /aac sudo, which forces the given player to execute a given command. This command is generally not needed by staff and facilitates various things in the config file (such as making a staff member run /vanish before spectating a player)
aac.reset
Gives access to /aac reset, which purges database entries for the given player. This effectively resets AAC's analysis of that player. Useful for testing purposes.
aac.check
Gives access to /aac check, which forces AAC to immediately analyse a player. Normally, AAC will periodically analyse players on the server as necessary. This command can be useful if you have a large number of players online and you need more information on a specific player.
aac.alerts
Allows a player to view alerts from AAC, and also gives access to /aac alerts. This command can be used to set your alert level to normal, reduced, or off. Running the command with no arguments will print your current alert level. In reduced alerts mode, only red level alerts will be shown.
AAC will broadcast an alert if a player's analysis score exceeds yellow_score or red_score in config.yml. The alert will not be broadcast again unless this categorisation changes.
aac.debug
Gives access to /aac debug. When run without arguments, this command prints detailed information about AAC's detections relating to every player on the server. This can be reduced to specific players by specifying player names. Debug can be toggled by running the same command again. A video with debug enabled, or at minimum a log from debug in the console, is crucial for bug reporting.
aac.reload
Gives access to /aac reload, which reloads AAC's checks and configuration file. This also resets the database connection, invalidates internal caches and resets internal data for every player and entity on the server.
API
Spoiler: API
@Janmm14 has kindly made the AAC API available from their maven repository:
The API and its version is only updated when the API changes.
Code (XML):
<repository>
<id>janmm14-public</id>
<url>https://repo.janmm14.de/repository/public/</url>
</repository>
<dependency>
<groupId>de.janmm14</groupId>
<artifactId>aac-api</artifactId>
<version>5.0.0</version>
</dependency>
The API-only jars can also be downloaded at https://github.com/konsolas/AAC-Issues
ToS
By downloading the plugin, you agree to the following:
Reviews
- You are not permitted to -Redacted- the plugin in any form, including as a part of any software package.
- You are not permitted to decompile or modify the plugin in any form.
- You will not file a chargeback, dispute, or perform any similar action. Doing so will result in your licence revoked along with further action from SpigotMC
- The exception to this is if you have already contacted SpigotMC, and they have approved a chargeback. If this is the case, we will gladly refund your money.
- You will not use, or facilitate the use of, AAC to develop bypasses or exploits.
- We reserve the right to change these Terms at any time, and you agree to abide by the most recent version of this.
Please do not use the reviews section for support requests or bug reports - instead use the listed methods at the top of this overview.