Closed andris155 closed 3 years ago
Currently, NoCheatPlus does not protect against large/quickly sent packets. I'm assuming that this exploit is simply doing that using CustomPayload. The only place it does enforce a sane amount of packets is Flying/Moving packets.
ViaVersion does have protection against this, but it doesn't look like you're running that plugin. Taking a look at this plugin (https://www.spigotmc.org/resources/packet-limiter.70217/) it should patch this exploit. I'm going to treat this as an enhancement/feature request rather than a bug.
The error you see in console is unrelated. That should have been fixed in the latest commit/build. If you still see the error after updating, please let me know.
Thanks!
Seems I forgot that NoCheatPlus does actually enforce sane packet speed under PacketFrequnency, but this check is disabled for server versions above 1.8. Not sure if it has been disabled for a reason, but I’ll look into seeing if this could be enabled for all server versions as well.
Full output of /ncp version
Describe the issue
The players crashed my server with onepacketcrasher hack.
How to reproduce the issue
https://www.youtube.com/watch?v=QhtwqaO9_Dg
Extra links/Videos (Including debug logs)
Any possible config options changed or plugins that may cause interference?