Country restrictions

[ianblankg]

I'm using build #894 for my 1.9 server and the country restriction setting is off but players are notifying me that their country is banned. I tried adding their country but still no luck. To clarify the setting is false but still acting as true. Please fix, I'm losing players.

[sgdc3]

Can you post your config?

[ianblankg]

DataSource:

What type of database do you want to use?

# Valid values: sqlite, mysql
backend: sqlite
# Enable database caching, should improve database performance
caching: true
# Database location
mySQLHost: 127.0.0.1
# Database Port
mySQLPort: '3306'
# Username about Database Connection Infos
mySQLUsername: authme
# Password about Database Connection Infos
mySQLPassword: '12345'
# Database Name, use with converters or as SQLITE database name
mySQLDatabase: authme
# Table of the database
mySQLTablename: authme
# Column of IDs to sort data
mySQLColumnId: id
# Column for storing or checking players nickname
mySQLColumnName: username
# Column for storing players passwords
mySQLColumnPassword: password
# Column for storing players emails
mySQLColumnEmail: email
# Column for Saving if a player is logged in or not
mySQLColumnLogged: isLogged
# Column for storing players IPs
mySQLColumnIp: ip
# Column for storing players lastlogins
mySQLColumnLastLogin: lastlogin
# Column for SaveQuitLocation - X
mySQLlastlocX: x
# Column for SaveQuitLocation - Y
mySQLlastlocY: y
# Column for SaveQuitLocation - Z
mySQLlastlocZ: z
# Column for SaveQuitLocation - World name
mySQLlastlocWorld: world
# Column for RealName
mySQLRealName: realname
# Enable this when you allow registration through a website
mySQLWebsite: false

settings:

The name shown in the help messages.

helpHeader: AuthMeReloaded
sessions:
    # Do you want to enable the session feature?
    # If enabled, when a player authenticates successfully,
    # his IP and his nickname is saved.
    # The next time the player joins the server, if his IP
    # is the same of the last time, and the timeout time
    # hasn't expired, he will not need to authenticate.
    enabled: true
    # After how many minutes a session should expire?
    # 0 for unlimited time (Very dangerous, use it at your own risk!)
    # Consider that session will end only after the timeout time, and
    # if the player's ip has changed but the timeout hasn't expired,
    # player will be kicked out of sever due to invalidSession!
    timeout: 10
    # Should the session expire if the player try to login with an
    # another IP Address?
    sessionExpireOnIpChange: true
restrictions:
    # Can not authenticated players chat and see the chat log?
    # Care that this feature blocks also all the commands not
    # listed in the list below.
    allowChat: false
    # WARNING: use this only if you need it!
    # Allow unlogged users to use all the commands if registration is not forced!
    allowAllCommandsIfRegistrationIsOptional: false
    # Commands allowed when a player is not authenticated
    allowCommands:
    - /login
    - /register
    - /l
    - /reg
    - /email
    - /captcha
    # Max number of allowed registrations per IP (default: 1)
    maxRegPerIp: 4
    # Max allowed username length
    maxNicknameLength: 25
    # When this setting is enabled, online players can't be kicked out
    # due to "Logged in from another Location"
    # This setting will prevent potetial security exploits.
    ForceSingleSession: true
    # If enabled, every player will be teleported to the world spawnpoint
    # after successful authentication.
    # The quit location of the player will be overwritten.
    # This is different from "teleportUnAuthedToSpawn" that teleport player
    # back to his quit location after the authentication.
    ForceSpawnLocOnJoinEnabled: false
    # This option will save the quit location of the players.
    SaveQuitLocation: true
    # To activate the restricted user feature you need
    # to enable this option and configure the
    # AllowedRestrctedUser field.
    AllowRestrictedUser: true
    # The restricted user feature will kick players listed below
    # if they dont match of the defined ip address.
    # Example:
    #   AllowedRestrictedUser:
    #   - playername;127.0.0.1
    AllowedRestrictedUser:
    - playername;127.0.0.1
    - Hamoksha_2001;50.118.162.97
    # Should unregistered players be kicked immediately?
    kickNonRegistered: false
    # Should players be kicked on wrong password?
    kickOnWrongPassword: false
    # Should not logged in players be teleported to the spawn?
    # After the authentication they will be teleported back to
    # their normal position.
    teleportUnAuthedToSpawn: false
    # Minimum allowed nick length
    minNicknameLength: 3
    # Can unregistered players walk around?
    allowMovement: true
    # Should not authenticated players have speed = 0?
    # This will reset the fly/walk speed to default value after the login.
    removeSpeed: false
    # After how many time players who fail to login or register
    # should be kicked? Set to 0 to disable.
    timeout: 60
    # Regex sintax of allowed characters in the player name.
    allowedNicknameCharacters: '[a-zA-Z0-9_]_'
    # How far can unregistered players walk? Set to 0
    # for unlimited radius
    allowedMovementRadius: 5
    # Enable double check of password when you register
    # when it's true, registration require that kind of command:
    # /register <password> <confirmPassword>
    enablePasswordConfirmation: true
    # Should we protect the player inventory before logging in? Requires ProtocolLib.
    ProtectInventoryBeforeLogIn: true
    # Should we deny the tabcomplete feature before logging in? Requires ProtocolLib.
    DenyTabCompleteBeforeLogin: true
    # Should we hide the tablist before logging in? Requires ProtocolLib.
    HideTablistBeforeLogin: true
    # Should we display all other accounts from a player when he joins?
    # permission: /authme.admin.accounts
    displayOtherAccounts: true
    # WorldNames where we need to force the spawn location for ForceSpawnLocOnJoinEnabled
    # CASE SENSITIVE
    ForceSpawnOnTheseWorlds:
    - hub
    # Ban ip when the ip is not the ip registered in database
    banUnsafedIP: false
    # Spawn Priority, Values : authme, essentials, multiverse, default
    spawnPriority: authme,essentials,multiverse,default
    # Maximum Login authorized by IP
    maxLoginPerIp: 0
    # Maximum Join authorized by IP
    maxJoinPerIp: 0
    # AuthMe will NEVER teleport players !
    noTeleport: false
    # Regex syntax for allowed Chars in passwords.
    allowedPasswordCharacters: '[\x21-\x7E]_'
GameMode:
    # ForceSurvivalMode to player when join ?
    ForceSurvivalMode: false
security:
    # Minimum length of password
    minPasswordLength: 5
    # Maximum length of password
    passwordMaxLength: 30
    # this is very important options,
    # every time player join the server,
    # if they are registered, AuthMe will switch him
    # to unLoggedInGroup, this
    # should prevent all major exploit.
    # So you can set up on your Permission Plugin
    # this special group with 0 permissions, or permissions to chat,
    # or permission to
    # send private message or all other perms that you want,
    # the better way is to set up
    # this group with few permissions,
    # so if player try to exploit some account,
    # they can
    # do anything except what you set in perm Group.
    # After a correct logged-in player will be
    # moved to his correct permissions group!
    # Pay attention group name is case sensitive,
    # so Admin is different from admin,
    # otherwise your group will be wiped,
    # and player join in default group []!
    # Example unLoggedinGroup: NotLogged
    unLoggedinGroup: unLoggedinGroup
    # possible values: MD5, SHA1, SHA256, WHIRLPOOL, XAUTH, MD5VB, PHPBB,
    # MYBB, IPB3, IPB4, PHPFUSION, SMF, XENFORO, SALTED2MD5, JOOMLA, BCRYPT, WBB3, SHA512,
    # DOUBLEMD5, PBKDF2, PBKDF2DJANGO, WORDPRESS, ROYALAUTH, CUSTOM(for developpers only)
    passwordHash: SHA256
    # salt length for the SALTED2MD5 MD5(MD5(password)+salt)
    doubleMD5SaltLength: 8
    # If password checking return false, do we need to check with all
    # other password algorithm to check an old password?
    # AuthMe will update the password to the new passwordHash!
    supportOldPasswordHash: false
    # Cancel unsafe passwords for being used, put them on lowercase!
    #unsafePasswords:
    #- '123456'
    #- 'password'
    unsafePasswords:
    - '123456'
    - 'password'
    - 'qwerty'
    - '12345'
    - '54321'
registration:
    # enable registration on the server?
    enabled: true
    # Send every X seconds a message to a player to
    # remind him that he has to login/register
    messageInterval: 10
    # Only registered and logged in players can play.
    # See restrictions for exceptions
    force: true
    # Do we replace password registration by an email registration method?
    enableEmailRegistrationSystem: false
    # Enable double check of email when you register
    # when it's true, registration require that kind of command:
    # /register <email> <confirmEmail>
    doubleEmailCheck: false
    # Do we force kicking player after a successful registration?
    # Do not use with login feature below
    forceKickAfterRegister: false
    # Does AuthMe need to enforce a /login after a successful registration?
    forceLoginAfterRegister: false
unrestrictions:
    # below you can list all account names that
    # AuthMe will ignore for registration or login, configure it
    # at your own risk!! Remember that if you are going to add
    # nickname with [], you have to delimit name with ' '.
    # this option add compatibility with BuildCraft and some
    # other mods.
    # It is CaseSensitive!
    UnrestrictedName: []
# Message language, available : en, de, br, cz, pl, fr, ru, hu, sk, es, zhtw, fi, zhcn, lt, it, ko, pt
messagesLanguage: en
# Force these commands after /login, without any '/', use %p for replace with player name
forceCommands: []
# Force these commands after /login as a server console, without any '/', use %p for replace with player name
forceCommandsAsConsole: []
# Force these commands after /register, without any '/', use %p for replace with player name
forceRegisterCommands: []
# Force these commands after /register as a server console, without any '/', use %p for replace with player name
forceRegisterCommandsAsConsole: []
# Do we need to display the welcome message (welcome.txt) after a register or a login?
# You can use colors in this welcome.txt + some replaced strings :
# {PLAYER} : player name, {ONLINE} : display number of online players, {MAXPLAYERS} : display server slots,
# {IP} : player ip, {LOGINS} : number of players logged, {WORLD} : player current world, {SERVER} : server name
# {VERSION} : get current bukkit version, {COUNTRY} : player country
useWelcomeMessage: true
# Do we need to broadcast the welcome message to all server or only to the player? set true for server or false for player
broadcastWelcomeMessage: false
# Should we delay the join message and display it once the player has logged in?
delayJoinMessage: true
# Should we remove join messages altogether?
removeJoinMessage: true
# Should we remove leave messages?
removeLeaveMessage: true
# Do we need to add potion effect Blinding before login/register?
applyBlindEffect: false
# Do we need to prevent people to login with another case?
# If Xephi is registered, then Xephi can login, but not XEPHI/xephi/XePhI
preventOtherCase: true

ExternalBoardOptions:

MySQL column for the salt, needed for some forum/cms support

mySQLColumnSalt: ''
# MySQL column for the group, needed for some forum/cms support
mySQLColumnGroup: ''
# -1 mean disabled. If u want that only
# activated player can login in your server
# u can put in this options the group number
# of unactivated user, needed for some forum/cms support
nonActivedUserGroup: -1
# Other MySQL columns where we need to put the Username (case sensitive)
mySQLOtherUsernameColumns: []
# How much Log to Round needed in BCrypt(do not change it if you do not know what's your doing)
bCryptLog2Round: 10
# phpBB prefix defined during phpbb installation process
phpbbTablePrefix: 'phpbb_'
# phpBB activated group id, 2 is default registered group defined by phpbb
phpbbActivatedGroupId: 2
# WordPress prefix defined during WordPress installation process
wordpressTablePrefix: 'wp_'

permission:

Take care with this options, if you dont want

# to use Vault and Group Switching of
# AuthMe for unloggedIn players put true
# below, default is false.
EnablePermissionCheck: false

BackupSystem:

Enable or Disable Automatic Backup

ActivateBackup: false

set Backup at every start of Server

OnServerStart: false

set Backup at every stop of Server

OnServerStop: true

Windows only mysql installation Path

MysqlWindowsPath: 'C:\Program Files\MySQL\MySQL Server 5.1\'

Security: SQLProblem:

Stop the server if we can't contact the sql database

    # Take care with this, if you set that to false,
    # AuthMe automatically disable and the server is not protected!
    stopServer: true
ReloadCommand:
    # /reload support
    useReloadCommandSupport: true
console:
    # Remove spam console
    noConsoleSpam: false
    # Replace passwords in the console when player type a command like /login
    removePassword: true
    # Copy AuthMe log output in a separate file as well?
    logConsole: true
captcha:
    # Player need to put a captcha when he fails too lot the password
    useCaptcha: false
    # Max allowed tries before request a captcha
    maxLoginTry: 5
    # Captcha length
    captchaLength: 5
stop:
    # Kick players before stopping the server, that allow us to save position of players, and all needed
    # information correctly without any corruption.
    kickPlayersBeforeStopping: true

Converter: Rakamak:

Rakamak file name

    fileName: users.rak
    # Rakamak use ip ?
    useIP: false
    # IP file name for rakamak
    ipFileName: UsersIp.rak
CrazyLogin:
    # CrazyLogin database file
    fileName: accounts.db

Email:

Email SMTP server host

mailSMTP: smtp.gmail.com
# Email SMTP server port
mailPort: 465
# Email account that send the mail
mailAccount: ''
# Email account password
mailPassword: ''
# Custom SenderName, that replace the mailAccount name in the email
mailSenderName: ''
# Random password length
RecoveryPasswordLength: 8
# Email subject of password get
mailSubject: 'Your new AuthMe Password'
# Like maxRegPerIp but with email
maxRegPerEmail: 1
# Recall players to add an email?
recallPlayers: false
# Delay in minute for the recall scheduler
delayRecall: 5
# Blacklist these domains for emails
emailBlacklisted:
- 10minutemail.com
# WhiteList only these domains for emails
emailWhitelisted: []
# Do we need to send new password draw in an image?
generateImage: false
# The email OAuth 2 token (leave empty if not used)
emailOauth2Token: ''

Hooks:

Do we need to hook with multiverse for spawn checking?

multiverse: true
# Do we need to hook with BungeeCord ?
bungeecord: false
# Send player to this BungeeCord server after register/login
sendPlayerTo: ''
# Do we need to disable Essentials SocialSpy on join?
disableSocialSpy: true
# Do we need to force /motd Essentials command on join?
useEssentialsMotd: false
# Do we need to cache custom Attributes?
customAttributes: false

Purge:

If enabled, AuthMe automatically purges old, unused accounts

useAutoPurge: false
# Number of Days an account become Unused
daysBeforeRemovePlayer: 60
# Do we need to remove the player.dat file during purge process?
removePlayerDat: false
# Do we need to remove the Essentials/users/player.yml file during purge process?
removeEssentialsFile: false
# World where are players.dat stores
defaultWorld: 'world'
# Do we need to remove LimitedCreative/inventories/player.yml, player_creative.yml files during purge process ?
removeLimitedCreativesInventories: false
# Do we need to remove the AntiXRayData/PlayerData/player file during purge process?
removeAntiXRayFile: false
# Do we need to remove permissions?
removePermissions: false

Protection:

Enable some servers protection ( country based login, antibot )

enableProtection: false
# Countries allowed to join the server and register, see http://dev.bukkit.org/bukkit-plugins/authme-reloaded/pages/countries-codes/ for countries' codes
# PLEASE USE QUOTES!
countries:
- 'US'
- 'GB'
- 'RU'
- 'CA'
- 'KW'
# Countries blacklisted automatically (without any needed to enable protection)
# PLEASE USE QUOTES!
countriesBlacklist:
- 'A1'
# Do we need to enable automatic antibot system?
enableAntiBot: false
# Max number of player allowed to login in 5 secs before enable AntiBot system automatically
antiBotSensibility: 5
# Duration in minutes of the antibot automatic system
antiBotDuration: 10

VeryGames:

These features are only available on VeryGames Server Provider

enableIpCheck: false

[ianblankg]

@sgdc3 see anything out of place in the config?

[sgdc3]

try to set country blacklist to []

[sgdc3]

countriesBlacklist: []

[sgdc3]

and add A1 to whitelisted countries

[ianblankg]

Worked! Thank you

[sgdc3]

A1 stands for proxy IPs. Does this issue happened only with player from a specific group of regions or with the same isp?

[sgdc3]

@ianblankg

[ianblankg]

The players were using hotspot shield, I didn't know that until after I brought this up to them.

[sgdc3]

Fine, just one suggestion: you should deny proxies, players are able to bypass ipbans and attack your servers with bots with them. (And they can bypass the region restriction too!)