Description:
This is a simplistic Anti-Cheat for sourcegames, which will catch some cheaters/hackers (not all).
Little Anti-Cheat also patches some exploits.
Lilac is compatible with Sourcemod Anti-Cheat and will not conflict with it.
That said, there are some notes about SMAC later on that you should read if you have SMAC installed.
Lilac comes with Sourcebans++ support out of the box.
It is not required for Lilac to run, you can use Little Anti-Cheat without it.
Supported Games:
Team Fortress 2
Counter-Strike:Global Offensive
Counter-Strike:Source
Day of Defeat: Source
Left 4 Dead 2
Left 4 Dead 1
Untested games, but should work in:
Half-Life 2 : DeathMatch
Features:
Angle Cheat detector (Detects basic angle exploits used by cheats, like Pitch AA, Legit Anti-Backstab and Duckspeed).
Chat Clear Detector (Detects when cheaters clear the chat).
Basic ConVar checker (Checks clients for invalid ConVars, like sv_cheats).
NoLerp Detector (Detects invalid interpolation, done by some cheats to get higher aimbot accuracy).
Angle Cheat Patch (Patches angle-cheats. Also prevents console getting spammed).
Backtrack Patch (Disabled by default).
FakeLatency/High ping kicker (Disabled by default).
Interp Exploit Kicker (Kicks players trying to abuse interp to get easy facestabs (cl_interp 0.5)).
Macro detector (Disabled by default).
Chat Filter (Prevents invalid UTF-8 characters and wide character spam (Bismillah)).
Name Filter (Prevents illegal characters in name, wide characters are fine tho).
Important Notice!
I highly recommend re-generating the config file if you've used version 1.6.3 or earlier!
The config file will be generated here: cfg/sourcemod/lilac_config.cfg
The reason for this is that the default value for some ConVars have changed.
And several new ConVars have been added, which don't automatically get added to the Config file.
I also heavily suggest people enable the Backtrack patch.
It is disabled by default, for SMAC compatibility (eye_test module).
However, if you aren't using that module (or SMAC at all), it's better to enable the backtrack patch, as it can help weed out legit cheaters (cheaters who try to look legit / hide their cheats).
Bhop Configuration:
The Bhop detection method has been reworked and works completely differently from the previous versions.
There are now "pre-defined configs" which you can pick from.
You can think of these presets as "how aggressive" the detection method will be.
They are as follows:
It's important to note that how these presets work internally *may* change through updates, to improve accuracy and speed... Fine tuning, basically.
At some point, I should write a tutorial on how to use the custom mode.
FAQ
As suggested by Effeff, I should have an FAQ section explaining some of the features and detections.
Plus, I guess I could clear some things up here *before* people ask.
Q: What is Autoshoot?
A:
Autoshoot is when a cheat fires a perfect 1-tick shot.
It's quite common for cheats to do this when using aimbot.
Autoshoot detections work by detecting 1-tick perfect shots that lead to a kill twice in a row (Autoshoot will get logged if another aimbot type was detected tho).
You *can* get a false positive for Autoshoot, but that should be very rare.
It is possible to trigger a false positive if you use "bind mwheeldown/up +attack", as scroll (for some reason) does perfect 1-tick input.
That said, if someone has to go out of their way to do something stupid and abnormal to get a ban, they've basically asked for it.
If this is a problem for you, you can set "lilac_aimbot_autoshoot" to 0.
Important thing to note about Autoshoot, because this feature shoots for you, you cannot tell if someone is using Autoshoot by spectating them, or through STV demos. Autoshoot isn't visible in demos or for spectators.
Q: What is Anti-Duck-Delay? There are so many bans for it, are they false positives?
A:
Are they false positives? In short: No.
Anti-Duck-Delay (Most commonly called FastDuck) is a cheat feature in CS:GO that is available in a LOT of cheats.
In fact, Anti-Duck-Delay is so commonly used by cheaters, that most bans issued by Lilac in CS:GO will be for this.
Anti-Duck-Delay works by inputting a value into your usercmd buttons, that is impossible to input by legit players; only internal cheats can do this.
I understand if this makes you anxious, since there are a LOT of bans for ADD, but this is completely normal.
If someone gets banned for this, they were cheating.
Q: What is NoLerp?
A:
"NoLerp" is when cheats set their interpolation to 0ms (or lower than the minimum possible).
This is often done to increase their Aimbot accuracy.
Q: What are Angle-Cheats?
A:
Angle-Cheats is when a player's view angles are set beyond the limits of the game.
This is often done to create a desync between their model and hitbox, making it harder to shoot them.
It can also be done to execute some other exploits; like in TF2 with Duckspeed.
Note: Lilac currently does not check for yaw, so some desyncs are still possible and not detected.
Q: Are Macros cheats?
A:
No.
Macros are just when a player is using a script to input buttons for them (AHK), or by using scroll to spam some input.
This is why Macro detections can only ban for 15 to 60 minutes, and no more.
Macro detections are by default disabled, because most servers don't care about this.
Q: Does lilac ban for high ping?
A:
Not quite.
The optional high ping kicker (which is disabled by default) in Lilac bans players for 3 minutes, after that, they can reconnect.
The reason for this is simple, if you only kicked high ping players, they could instantly reconnect.
Installation and Setup:
1: Download the ZIP file and unpack all the files to their respective folders.
2: Type "sm plugins load lilac.smx" in console.
Configuration and Detection Logs:
All cheat detections are logged to addons/sourcemod/logs/lilac.log
The configuration file will automatically be generated in your cfg/sourcemod/lilac_config.cfg
The default values are fine as is, and should work optimally.
Optional features are disabled by default.
SMAC (Sourcemod Anti-Cheat) notes:
If you already have SMAC installed, and have the convar/cvar module installed, it is recommended that you disable Little Anti-Cheat's convar checker.
You can do this by changing "lilac_convar" to "0" in the cfg/sourcemod/lilac_config.cfg file.
It is NOT advised that you run Lilac's backtrack patch (lilac_backtrack_patch) if you are running SMAC's Eye-Test module.
Patching Backtracking while running SMAC's Eye-Test module may cause false detections for SMAC.
Either disable the Eye-Test module, disable Eye-Test bans or disable the backtrack patch in Lilac.
The backtrack patch (lilac_backtrack_patch) is disabled by default for this reason.
Updates and Future plans: Updates:
Spoiler
1.7.1
- Reorganized source code to be in separate files.
- - The plugin itself is still a single file, making installation easier.
- - But this should make code easier to follow.
- Removed "Randomized" Backtrack patch method, as the "Lock" method is better.
- Removed old Bhop detection code.
- - Bhop detection now has pre-defined "configs", and a custom mode.
- - "lilac_bhop 1 & 2" have been disabled, if your config already is using those modes, it will automatically swap to "Medium" mode.
- Added SourceIRC support.
- Added new ConVar "lilac_sourceirc" (Default 1), send logs to SourceIRC.
- Added Database logging.
- Added new ConVar "lilac_database" (Default ""). Send logs to MySQL or SQLite.
- Added new Command (lilac_bhop_set), only available if "lilac_bhop" is set to 3 (custom mode).
- Added compile warnings if Sourcebans++, Material-Admin or Updater includes fail.
- - These are just warnings, not errors.
- Added new ConVar "lilac_ban_language" (Default 1), which language should be used for ban reasons.
- - 1 = Server.
- - 2 = Client.
- Added Counter-Strike:Source to the official supported list of games.
- - People use it and don't report issues.
- Added new Macro ConVar mode ("lilac_macro 2"), allows detecting macros without logging.
- Added new ConVar "lilac_macro" (Default 0), detect macro usage.
- Added new ConVar "lilac_macro_warning" (Default 1).
- - 0 = Disabled.
- - 1 = Warn player.
- - 2 = Warn admins.
- - 3 = Warn everyone.
- Added new ConVar "lilac_macro_method" (Default 0).
- - 0 = Kick.
- - 1 = Ban (Default ban length is 15 minutes, min possible is 15, max is 60).
- Added new ConVar "lilac_macro_mode" (Default 0), what types of macros to detect.
- - 0 = All.
- - 1 = Auto-Jump.
- - 2 = Auto-Shoot.
- Added new ConVar "lilac_filter_name" (Default 2).
- - 0 = Disabled.
- - 1 = Kick only.
- - 2 = Ban cheaters with newlines in name.
- Added new ConVar "lilac_filter_chat" (Default 1).
- - Filters chat for invalid characters, also blocks Bismillah spam.
- Fixed Swedish translations being in the wrong folder... Yes really :'D.
- Fixed sm_basepath not being respected.
- Fixed ban status message (lilac_ban_status) being spammed.
- Fixed general code ordering to be more efficient.
- Fixed Aimlock detection method being bloated and not running correctly.
- Fixed map teleports causing issues for Aimbot&Aimlock detection and Backtrack patch.
- Fixed false positive for NoLerp on servers which allow any interp ratio (sv_client_min_interp_ratio && sv_client_max_interp_ratio), thanks RoseTheFox!
- Updated default ConVar value of "lilac_noisemaker" to be "1".
- Updated all cheat detections to have a "log only" option.
- - Negative values, example: "lilac_angles -1" will detect Angle-Cheats, but log only.
- - Check ConVar descriptions for more info.
- Updated NoLerp bans to no longer be displayed as ConVar bans.
- - NoLerp bans have their own ban message now, need help updating all translations to reflect this.
- Updated command "lilac_ban_status" to include Lilac's version number.
- Updated outdated coding style.
- Updated German translations, thanks freakexeuLow.
- Updated Norwegian translations, thanks... Me...
- Updated Spanish translations, thanks 4LEJ4NDRO.
1.6.3
- Fixed so SourceTV isn't considered a valid player.
1.6.2 (Never officially released on AM)
- Fixed rare case in TF2 where bumper carts used outside of cart areas in official halloween maps could cause false positives when stood on weird inclines.
1.6.1
- Fixed bug where angle-cheats would ban all players in L4D and L4D2.
1.6.0
- Removed redundant code.
- Added new cheat detection feature for CS:GO (Only), Anti-Duck-Delay/FastDuck.
- Added new BETA (May not work) TF2 cheat detection for Infinite Noisemaker Spam. Since it is in BETA, it WON'T ban, only log! If no false positives are reported, it will perma ban in the future.
- Added BETA auto updater support.
- Added new ConVar "lilac_anti_duck_delay" (Default 1), detect Anti-Duck-Delay/FastDuck in CS:GO.
- Added new ConVar "lilac_noisemaker" (Default 1), detect infinite noisemaker in TF2.
- Added new ConVar "lilac_auto_update" (Default 0), enable this to auto update (Requires updater plugin).
- Added new ConVar "lilac_max_ping_spec" (Default 0), moves players with high ping into team spectator and warns them about potential kick after x many seconds.
- Added Russian warning if MA wasn't included when compiled (command: lilac_ban_status).
- Added new backtrack patch method, Lock. This patch method shouldn't affect laggy legit players much.
- Added a delay for forwards so they won't get spammed to other plugins.
- Fixed overly long ConVar description for "lilac_max_lerp".
- Fixed typo in max ping ConVar description, Thanks 4LEJ4NDRO/ALEJANDRO!
- Fixed a typo in code and translations files.
- Updated Bhop to have a lower chance of false positives, thanks M4rkey and Thundy!
- Updated Ping kicker to wait 100 seconds before kicking instead of 45 seconds.
- Updated Ping kicker to skip testing players who have not been in game for more than 120 seconds.
- Updated default ban length for Bhop to be 1 month instead of permanently, do "lilac_set_ban_length bhop -1" to use the ConVar value "lilac_ban_length" instead.
- Updated Aimlock to check newly connected players for AimLock.
- Updated command "lilac_ban_status" to tell you if bans will go through Sourcebans++, Material-Admin or Basebans.
- Updated command "lilac_ban_status" to show if native ban functions are available.
- Updated so ban status will be printed after all plugins are loaded along with startup message.
- Updated how banning works through Sourcebans++/MaterialAdmin, it will now check if the native exists and not if the plugin by name is loaded.
- Updated ConVar checker to be more basic and less CPU intensive.
1.5.1 (Never officially released on AM)
- Added new command "lilac_ban_status", which prints to server console the status of Sourcebans++ and Material-Admin.
- Removed mat_fullbright comparison, despite it having been removed from queries.
1.5.0
- Added new ConVar "lilac_aimbot_autoshoot" (Default 1), enables autoshoot detection.
- Added new command "lilac_set_ban_length", can be used to overwrite ban length for specific cheat detections.
- Added German, Spanish, Portuguese, Turkish and Ukrainian translations.
- Fixed false Angle-Cheat detections in L4D (Thanks finishlast).
- Fixed false ConVar detection "mat_fullbright" on some community made maps. Lilac will no longer check for this ConVar.
- Fixed some errors in Aimlock detections.
1.4.0 (Never officially released on AM)
- Added support for MateralAdmin (Thanks panikajo and CrazyHackGUT).
- Added new ConVar "lilac_ban_length" (Default 0), sets ban length in minutes (0 = Forever).
1.3.0
- Fixed false Angle-Cheat detections in Left4Dead2 (Thanks larrybrains).
- Updated ConVar "lilac_max_lerp" to be disabled if less than 105.
- Updated where detection logs are stored, from "{gamefolder}/lilac.log" to "{gamefolder}/addons/sourcemod/logs/lilac.log".
1.2.0 (Never officially released on AM)
- Added new ConVar "lilac_ban" (Default 1), set to 0 to disable all banning (useful for those who want to test Lilac before fully trusting it).
- Updated code syntax so older versions of sourcemod can compile and run Lilac.
- Updated ConVar updates to be cleaner, thanks MAGNAT2645!
- Updated ConVar checker to not kick unresponsive clients so quickly.
- Updated the default config location to "cfg/sourcemod", if the old config file is still in the "cfg/" folder, the old file will still be used.
1.1.0 (Never officially released on AM)
- Added new forward for blocking cheat detections (Should be used by bhop/VIP plugins).
- Fixed some false positives for Aimlock detections (Hopefully, still not sure what caused issues for others).
- Fixed aimlock lightweight mode testing 6 players, not 5 (Typos are fun :D).
- Updated backtrack patch to last 1 second instead of 5 (Laggy players should not get punished so harshly now).
1.0.0
- Rewrote large portions of the Anti-Cheat (A complete rewrite?).
- Removed OnGameFrame check in TF2 for taunting players.
- Added translation support, Lilac now supports French, Russian, Norwegian and English.
- Added startup message when Little Anti-Cheat is loaded.
- Added TF2 forward for checking when players are taunting.
- Added new ConVar "lilac_aimlock_light" (Default 1), if enabled, won't check for aimlocks on all players constantly to prevent lag on some servers.
- Added new ConVar "lilac_welcome" (Default 0) saying the server is protected.
- Added new ConVar "lilac_loss_fix" (Default 1), if enabled, ignores some detections on laggy players (packet loss).
- Added new ConVar "lilac_log_misc" (Default 0), if enabled, lilac will log when players are kicked for misc features (high ping, interp exploit and query failure).
- Added new forward when players are banned (lilac_cheater_banned(int client, int cheat)).
- Fixed plugin not loading in CS:GO (Thanks Bottiger).
- Fixed extreme rare case where aimbot detector would look at the wrong victim.
- Fixed cases where Lilac would look a little too far back at tick history.
- Fixed so connecting players can't inherit angle history from previous players.
- Fixed missing punctuation in NoLerp detection log message.
- Fixed a bug where aimlock detections would not expire after 10 minutes, but aimbot detections would (Typos are fun).
- Fixed sourcebans++ compatibility not working (Thanks foon).
- Fixed so repeat tests (aimbot) aren't done between close players.
- Updated interp exploit kicker to display the correct interp convar value.
- Updated several comments and ConVar descriptions to be more clear.
- Updated Aimlock detector to ignore players who are too close to each other.
- Updated Aimlock detector to consider packet loss (if lilac_loss_fix is enabled).
- Updated Aimbot detector to consider packet loss (if lilac_loss_fix is enabled, total_delta detection works regardless).
- Updated Aimbot detector to check for things it previously wouldn't under certain circumstances.
- Updated ConVar detector to query for ConVars every 5 seconds instead of every 2 seconds.
- Updated Backtrack patch to last 5 seconds instead of 10.
- Updated Backtrack patch to use correct random tick ranging from -200ms to max 200ms based on ping.
- Updated "lilac_log_extra" to have an option to also log extra information on every detection, suspicions and kick.
- Updated coding style somewhat, to make it easier to follow and understand.
0.7.1
- Fixed potential for false NoLerp ban if sv_maxupdaterate is updated mid-game and then plugin is loaded.
- Changed high ping players getting kicked after 100 seconds to 45 seconds.
- Changed Aimlock detection to increment after two snaps instead of three.
- Changed so cheaters banned for Chat-Clear can't continue spamming chat.
- Removed "Full" backtrack patch method, it was never used anyway (Old stuff from development/testing).
- Changed backtrack patch to modify tickcount to a random value ranging from 400ms instead of 200ms.
Future plans:
I wish to add more cheat detection methods, specifically for CS:GO.
I also plan on supporting more games.
Special thanks to:
Azalty - for being (rightly) stubborn regarding an issue and for contributing database logging.
Bottiger - For fixing the plugin not loading in CS:GO & General criticisms.
foon - For fixing sourcebans++ support not working.
MAGNAT2645 - For informing me of a better method of handling convar changes.
Larry/Larrybrains - For informing about false Angle-Cheat detections in L4D2.
Finishlast - For informing me about false Angle-Cheat detections in L4D (1).
panikajo and CrazyHackGUT - For helping me add support for MaterialAdmin.
M4rkey and Thundy - For Bhop report.
4LEJ4NDRO/ALEJANDRO - For fixing a typo.
Supported languages and authors:
Simplified Chinese - by RoyZ.
Dutch - by snowy.
Danish - by kS the Man / ksgoescoding.
Norwegian - by me.
French - by Rasi.
English - by me.
Russian - by an anonymous person.
Czech - by an anonymous person.
Brazilian Portuguese - by SheepyChris, Tiagoquix and Crashzk.
In cvar_change, you can actually replace this type of check:
Code:
if (StrEqual(cvarname, "lilac_enable", false)) {
icvar[CVAR_ENABLE] = StringToInt(newValue, 10);
} else if (StrEqual(cvarname, "lilac_sourcebans", false)) {
icvar[CVAR_SB] = StringToInt(newValue, 10);
to:
Code:
if ( convar == hCvar[CVAR_ENABLE] ) { // Store ConVar handles globally as Handle or ConVar (on new syntax) -typed
icvar[CVAR_ENABLE] = StringToInt(newValue, 10);
} else if ( convar == hCvar[CVAR_SB] ) {
icvar[CVAR_SB] = StringToInt(newValue, 10);
// etc...
// The thing is that ConVar Handle is never changed after creating so you don't need to check for convar name
// just directly check convar handle
Also, you should probably add translation support for hardcoded messages.
In cvar_change, you can actually replace this type of check:
Code:
if (StrEqual(cvarname, "lilac_enable", false)) {
icvar[CVAR_ENABLE] = StringToInt(newValue, 10);
} else if (StrEqual(cvarname, "lilac_sourcebans", false)) {
icvar[CVAR_SB] = StringToInt(newValue, 10);
to:
Code:
if ( convar == hCvar[CVAR_ENABLE] ) { // Store ConVar handles globally as Handle or ConVar (on new syntax) -typed
icvar[CVAR_ENABLE] = StringToInt(newValue, 10);
} else if ( convar == hCvar[CVAR_SB] ) {
icvar[CVAR_SB] = StringToInt(newValue, 10);
// etc...
// The thing is that ConVar Handle is never changed after creating so you don't need to check for convar name
// just directly check convar handle
Also, you should probably add translation support for hardcoded messages.
Ahh, cool, I'll update that then. ^-^
As for translations... Never really worked with them, I'll look into it tho.
I am ignorant on the topic of translations, so pardon my dumb question here, but but doesn't using translations also force the plugin to require them in order to load?
One of the things I wanted Lilac to be, was a single file, so that it would be easier to install.
Lastly, Sorry for my slow reply, been fairly busy with real life lately (who hasn't been).
I have been working on a massive update tho, version 1.0.0 is right around the corner.
I have tested it a bit, but I won't published version 1.0.0 here until I'm certain it isn't going to create problems.
You can find the latest version here: https://github.com/J-Tanzanite/Littl...lac_rewrite.sp
Ban through sourcebans ++ does not work. The player was banned in the usual way.
lilac_sourcebans = 1
OOF...
Ok so, I've never used sourcebans, and I don't really have a way to test it.
So it's kinda hard to fix that...
I'll try to look into it though.
If anyone else have the same problem, please tell me, and if anyone know how to fix it... pls halp D:
OOF...
Ok so, I've never used sourcebans, and I don't really have a way to test it.
So it's kinda hard to fix that...
I'll try to look into it though.
If anyone else have the same problem, please tell me, and if anyone know how to fix it... pls halp D:
Since you are using the SB++ include, you need to be checking if Sourcebans++ exists, not Sourcebans.
You have to replace it in three locations. Line 354, 398, 404 (in lilac_rewrite.sp). Replace "sourcebans" with "sourcebans++".
Since you are using the SB++ include, you need to be checking if Sourcebans++ exists, not Sourcebans.
You have to replace it in three locations. Line 354, 398, 404 (in lilac_rewrite.sp). Replace "sourcebans" with "sourcebans++".
Ahh, thank you!
I've updated the lines and added you to the credits for that patch (Will be adding a credit listing later).
Also, added translations.
Doing some final testing now before releasing version 1.0.0 here.
You also might want to tone down the log info, it wraps way to easy and makes it a pain to read.
Code:
2020/02/29 03:49:32 [Version 0.7.1] {Name: "A user name" | SteamID: STEAM_0:1:528111416 | IP: 72.10.10.10} is suspected of using an aimbot (Detection: 6 | Delta: 50 | TotalDelta: 50 | Detected: Aim-Snap Aim-Snap2 Angle-Repeat).
2020/02/29 03:49:32 [0.7.1] {"A user name" | STEAM_0:1:528111416 | 72.10.10.10} aimbot (Detection: 6 | Delta: 50 | TotalDelta: 50 | Detected: Aim-Snap Aim-Snap2 Angle-Repeat).
(I don't think you need to add "suspected" since you gave people a warning in your OP that there can be false positives).
Yeah, I might wanna look into shortening those messages a bit...
Or at least add an option to... Didn't even hit me that might be an issue.
However, when it comes to "suspected"... I can't really remove that one.
The first time Lilac is ran, it will add some lines at the top of the log file to reassure admins that there can be false positives for "suspected" detections.
My reasoning behind doing this, is that I've seen people overreact to minor stuff...
So I've attempted to make the language used in Lilac to be very clear so that admins don't think Lilac is "perfect" (nothing is).
Also, I've finished testing version 1.0.0 now, and it is ready. Going to publish it here later today.
I highly recommend you upgrade to that version, as it fixes some bugs and fixes some potential overhead.