From 85dcfb342adc7152ce92f30300a9b6f726e647f6 Mon Sep 17 00:00:00 2001 From: cuqmbr Date: Mon, 7 Jul 2025 14:38:35 +0300 Subject: [PATCH] add and configure sonar antibot --- .dockerignore | 2 + .gitignore | 2 + Dockerfile | 13 ++ src/plugins/Sonar-Velocity.jar | 3 + src/plugins/sonar/config.yml | 213 +++++++++++++++++ src/plugins/sonar/language.properties | 29 +++ src/plugins/sonar/messages.yml | 320 ++++++++++++++++++++++++++ src/plugins/sonar/webhook.yml | 60 +++++ 8 files changed, 642 insertions(+) create mode 100644 src/plugins/Sonar-Velocity.jar create mode 100644 src/plugins/sonar/config.yml create mode 100644 src/plugins/sonar/language.properties create mode 100644 src/plugins/sonar/messages.yml create mode 100644 src/plugins/sonar/webhook.yml diff --git a/.dockerignore b/.dockerignore index 5f45035..2f7009a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -6,3 +6,5 @@ src/plugins/luckperms/libs .crowdin src/plugins/pv-addon-groups/groups.json + +src/plugins/sonar/lib diff --git a/.gitignore b/.gitignore index bb9ca75..f73051b 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ src/plugins/luckperms/libs .crowdin src/plugins/pv-addon-groups/groups.json + +src/plugins/sonar/lib diff --git a/Dockerfile b/Dockerfile index 6699e09..073695b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,6 +47,12 @@ ENV SKINSRESTORER_DB_PASSWORD=0000 ENV VOICE_SECRET=00000000-0000-0000-0000-000000000000 ENV VOICE_SERVERS=lobby="lobby:25565";survival="survival:25565" +ENV SONAR_DB_HOST=127.0.0.1 +ENV SONAR_DB_PORT=3306 +ENV SONAR_DB_NAME=sonar_db +ENV SONAR_DB_USERNAME=sonar +ENV SONAR_DB_PASSWORD=0000 + WORKDIR ${WORKDIR_PATH}/config EXPOSE 25565/tcp @@ -95,4 +101,11 @@ CMD \ # Add server list to Plasmo Voice config awk -v servers_str="${VOICE_SERVERS}" '{ count=split(servers_str,servers_arr,";"); servers_fmt_str = ""; for (i = 1; i <= count; i++) servers_fmt_str = servers_fmt_str servers_arr[i] "\n"; sub(/_SERVERS_/,servers_fmt_str); print }' plugins/plasmovoice/config.toml > plugins/plasmovoice/config.toml.tmp && mv -T -f plugins/plasmovoice/config.toml.tmp plugins/plasmovoice/config.toml && \ + # Add database info to sonar config + sed -i "s/_SONAR_DB_HOST_/${SONAR_DB_HOST}/g" plugins/sonar/config.yml && \ + sed -i "s/_SONAR_DB_PORT_/${SONAR_DB_PORT}/g" plugins/sonar/config.yml && \ + sed -i "s/_SONAR_DB_NAME_/${SONAR_DB_NAME}/g" plugins/sonar/config.yml && \ + sed -i "s/_SONAR_DB_USERNAME_/${SONAR_DB_USERNAME}/g" plugins/sonar/config.yml && \ + sed -i "s/_SONAR_DB_PASSWORD_/${SONAR_DB_PASSWORD}/g" plugins/sonar/config.yml && \ + java -Xms${MEMORY} -Xmx${MEMORY} -XX:+UseG1GC -XX:G1HeapRegionSize=4M -XX:+UnlockExperimentalVMOptions -XX:+ParallelRefProcEnabled -XX:+AlwaysPreTouch -XX:MaxInlineLevel=15 -jar *.jar diff --git a/src/plugins/Sonar-Velocity.jar b/src/plugins/Sonar-Velocity.jar new file mode 100644 index 0000000..1b2ba2f --- /dev/null +++ b/src/plugins/Sonar-Velocity.jar @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:37f8704c02bfd4a5a6932395e68cf6c3835f18d904990f527eb8825e9e6e2bb8 +size 657074 diff --git a/src/plugins/sonar/config.yml b/src/plugins/sonar/config.yml new file mode 100644 index 0000000..1394d63 --- /dev/null +++ b/src/plugins/sonar/config.yml @@ -0,0 +1,213 @@ +# +# /$$$$$$ +# /$$__ $$ +# | $$ \__/ /$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$ +# | $$$$$$ /$$__ $$| $$__ $$ |____ $$ /$$__ $$ +# \____ $$| $$ \ $$| $$ \ $$ /$$$$$$$| $$ \__/ +# /$$ \ $$| $$ | $$| $$ | $$ /$$__ $$| $$ +# | $$$$$$/| $$$$$$/| $$ | $$| $$$$$$$| $$ +# \______/ \______/ |__/ |__/ \_______/|__/ +# +# Need help or have questions? https://jonesdev.xyz/discord +# Source code: https://github.com/jonesdevelopment/sonar +# Documentation: https://docs.jonesdev.xyz/administration/configuring-sonar +# Copyright Jones Development and Sonar Contributors, licensed under GPL-3.0 +# + +# General settings for Sonar +general: + # Should Sonar automatically check for new updates? + # Sonar uses the GitHub API to check if the current version is outdated + check-for-updates: true + # Should Sonar log players' IP addresses in console? + log-player-addresses: true + # Maximum number of players online with the same IP address + max-online-per-ip: 3 + +# Sensitivity settings for the attack tracker +# Only edit this if you know what you're doing +attack-tracker: + # Minimum number of new players in order for an attack to be detected + min-players-for-attack: 8 + # Amount of time that has to pass in order for an attack to be over + # (This value represents the time in milliseconds: 1 second = 1000 milliseconds) + min-attack-duration: 30000 + # Number of times an incident has to be reported to be acknowledged as an attack + # This number acts as a buffer to filter out false attack notifications + min-attack-threshold: 2 + # Amount of time that has to pass in order for a new attack to be detected + # (This value represents the time in milliseconds: 1 second = 1000 milliseconds) + attack-cooldown-delay: 3000 + +# You can connect Sonar to a database to keep verified players even after restarting your server +# Note: IP addresses are saved in plain text. You are responsible for keeping your database safe! +database: + # Type of database Sonar uses to store verified players + # Possible types: NONE, MYSQL, MARIADB, H2 + type: MARIADB + # File in Sonar's plugin directory used for the H2 database + filename: verified_players + # Host address for authenticating with the SQL database + host: _SONAR_DB_HOST_ + # Port for authenticating with the SQL database + port: _SONAR_DB_PORT_ + # Name of the SQL database + name: _SONAR_DB_NAME_ + # Username for authenticating with the SQL database + username: _SONAR_DB_USERNAME_ + # Password for authenticating with the SQL database + password: '_SONAR_DB_PASSWORD_' + # How many days should Sonar keep verified players in the database? + maximum-age: 5 + +# Every new login request will be queued to avoid spam join attacks +# The queue is updated every 1 second (20 ticks) +queue: + # Number of concurrent queue polls per 1 second + max-polls: 30 + +# Every new player that joins for the first time will be sent to +# a lightweight limbo server where advanced bot checks are performed +verification: + # When should Sonar verify new players? + # Possible types: ALWAYS, DURING_ATTACK + # - ALWAYS: New players will always be checked (Recommended) + # - DURING_ATTACK: New players will only be checked during an attack + timing: ALWAYS + checks: + # Checks if the players' falling motion is following Minecraft's gravity formula + # All predicted motions are precalculated to save performance + gravity: + # Should Sonar check for valid client gravity? (Recommended) + enabled: true + # Should Sonar make the player solve a CAPTCHA if they fail the gravity check? + captcha-on-fail: false + # The number of ticks the player has to fall to be allowed to hit the platform + max-movement-ticks: 8 + + # Checks if the player is colliding with blocks spawned below them + collision: + # Should Sonar check if the player collides with blocks? (Recommended) + enabled: true + + # Checks if the client sends proper packets when entering a boat + vehicle: + # Should Sonar check if the player properly enters a boat? + enabled: true + # Minimum number of packets sent by the client + minimum-packets: 2 + + # Make the player type a code from a virtual map in chat + map-captcha: + # When should Sonar make the player solve a CAPTCHA? + # Possible types: ALWAYS, DURING_ATTACK, NEVER + # - ALWAYS: New players will always receive a CAPTCHA + # - DURING_ATTACK: New players will only receive a CAPTCHA during an attack + # - NEVER: New players will never receive a CAPTCHA (Recommended) + timing: NEVER + # Path to the background image Sonar uses for the CAPTCHA + # If the image isn't found, a noise will be used as the default background. + # You can put the name of the file here if the file is in Sonar's plugin directory + background: '' + # Style of the map CAPTCHA (Default: 'modern'). + # To use the old design, set this to 'legacy'. + style: modern + # How many CAPTCHA answers should Sonar prepare? + # This task happens asynchronously in the background + precompute: 500 + # How long should Sonar wait until the player fails the CAPTCHA? + # (This value represents the time in milliseconds: 1 second = 1000 milliseconds) + max-duration: 30000 + # How many times must a player fail the CAPTCHA before failing the verification? + max-tries: 3 + # Characters (letters/numbers) that are allowed to appear in the answer to the CAPTCHA + # It is not recommended to add numbers or letters that might look like one another. + # You should only edit this if you know what you're doing + alphabet: abcdefhjkmnoprstuxyz + + # Checks if the players are sending a valid client brand to the server + client-brand: + # Should Sonar check for valid client brands? (Recommended) + enabled: true + # Regex for validating client brands during verification + valid-regex: ^[!-~ ]+$ + # Maximum client brand length during verification + max-length: 64 + + # Regex for validating usernames during verification + valid-name-regex: ^[a-zA-Z0-9_]+$ + # Regex for validating client locale during verification + valid-locale-regex: ^[a-zA-Z_]+$ + + # If enabled, the player will be transferred back to the origin server + # after successfully passing the bot verification. + # This feature was introduced by Mojang in Minecraft version 1.20.5 + # https://docs.jonesdev.xyz/administration/configuring-sonar/configuring-the-verification/using-1.20.5+-transfers + transfer: + # Should Sonar transfer the player to the origin server (instead of kicking them)? + # For this to work, you must enable the feature in your server's configuration. + # Additionally, you might want to reduce the amount of login rate-limiting + # performed by Velocity or other proxies/plugins, as this might prevent the + # player from being transferred correctly. + # If your server allows Bedrock players to join via Geyser, make sure to set up + # TransferTool for Geyser, so Bedrock players are redirected to the correct server. + # https://github.com/onebeastchris/TransferTool + enabled: false + # Which server should Sonar transfer the player to when the verification is passed? + # Please enter the server IP used by players to normally connect to your server. + # For example, you can put "mc.hypixel.net" or a direct IP like "1.1.1.1" + destination-host: play.my-server.com + # Which port should Sonar use when transferring the player to the origin server? + # If your server does not need a port to connect to, you can leave this as 25565. + destination-port: 25565 + + # The gamemode of the player during verification + # Possible types: SURVIVAL, CREATIVE, ADVENTURE + # - SURVIVAL: all UI components are visible + # - CREATIVE: health and hunger are hidden + # - ADVENTURE: all UI components are visible + gamemode: ADVENTURE + # Daylight time in the verification world + # You can find all daylight times here: + # https://minecraft.wiki/w/Daylight_cycle + # This is only a visual setting and does not change the verification process! + # If this value is set to 1000, the packet will not be sent. + time-of-day: 1000 + # Sonar caches most packets it sends to the client, including the LoginSuccess packet. + # Which username should Sonar use for the LoginSuccess packet? + # The username will not be visible to the player without client modifications + cached-username: Sonar + # Should Sonar log new verification attempts? + log-connections: true + # Should Sonar log new verification attempts during attacks? + log-during-attack: false + # Should Sonar log every single movement/position change during verification? + # This is not recommended for production servers but can be helpful for spotting errors. + debug-xyz-positions: false + # Should Sonar also check Geyser (Bedrock) players? + # This feature is experimental and might cause issues + # If this is disabled, Bedrock players will be skipped + check-geyser-players: false + # The time since the player stopped sending packets before disconnecting + # (This value represents the time in milliseconds: 1 second = 1000 milliseconds) + read-timeout: 8000 + # The time since the server stopped sending packets before disconnecting the player + # (This value represents the time in milliseconds: 1 second = 1000 milliseconds) + write-timeout: 10000 + # How long should a player wait before reconnecting during verification + # (This value represents the time in milliseconds: 1 second = 1000 milliseconds) + rejoin-delay: 5000 + # How long should Sonar remember the number of failed verifications for a player? + # (This value represents the time in milliseconds: 1 second = 1000 milliseconds) + remember-time: 120000 + # How long should an IP address be denied from logging in when failing the verification too often? + # (This value represents the time in milliseconds: 1 second = 1000 milliseconds) + blacklist-time: 600000 + # How often does a player have to fail the verification in order to be blacklisted? + # (Set this value to 0 to disable the blacklist entirely) + blacklist-threshold: 2 + # List of protocol IDs which are unable to join the server at all + # You can find the full list of all protocol IDs here: + # https://wiki.vg/Protocol_version_numbers + # For example, Minecraft 1.20 has the ID 763. + blacklisted-protocols: [] diff --git a/src/plugins/sonar/language.properties b/src/plugins/sonar/language.properties new file mode 100644 index 0000000..f1240bc --- /dev/null +++ b/src/plugins/sonar/language.properties @@ -0,0 +1,29 @@ +# +# /$$$$$$ +# /$$__ $$ +# | $$ \__/ /$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$ +# | $$$$$$ /$$__ $$| $$__ $$ |____ $$ /$$__ $$ +# \____ $$| $$ \ $$| $$ \ $$ /$$$$$$$| $$ \__/ +# /$$ \ $$| $$ | $$| $$ | $$ /$$__ $$| $$ +# | $$$$$$/| $$$$$$/| $$ | $$| $$$$$$$| $$ +# \______/ \______/ |__/ |__/ \_______/|__/ +# +# Need help or have questions? https://jonesdev.xyz/discord +# Source code: https://github.com/jonesdevelopment/sonar +# Copyright Jones Development and Sonar Contributors, licensed under GPL-3.0 +# + +# Which language should Sonar use for all configurations? +# For this to take effect, restart your server or reload Sonar. +# +# Values will not be translated if you change your language +# when all configuration files already exist. +# If you still want all configuration files to be translated, +# you have to reset the configuration, messages, and webhook settings. +# +# You can view a full list of existing translations here: +# https://docs.jonesdev.xyz/sonar/translations +# If a translation does not exist yet, Sonar will use English (en) +# +# If you set this option to "system", Sonar will use the system language. +language=system diff --git a/src/plugins/sonar/messages.yml b/src/plugins/sonar/messages.yml new file mode 100644 index 0000000..068075d --- /dev/null +++ b/src/plugins/sonar/messages.yml @@ -0,0 +1,320 @@ +# +# /$$$$$$ +# /$$__ $$ +# | $$ \__/ /$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$ +# | $$$$$$ /$$__ $$| $$__ $$ |____ $$ /$$__ $$ +# \____ $$| $$ \ $$| $$ \ $$ /$$$$$$$| $$ \__/ +# /$$ \ $$| $$ | $$| $$ | $$ /$$__ $$| $$ +# | $$$$$$/| $$$$$$/| $$ | $$| $$$$$$$| $$ +# \______/ \______/ |__/ |__/ \_______/|__/ +# +# Need help or have questions? https://jonesdev.xyz/discord +# Source code: https://github.com/jonesdevelopment/sonar +# Copyright Jones Development and Sonar Contributors, licensed under GPL-3.0 +# + +# Placeholder for every '' in this configuration file +prefix: Bebrashield Bot Protection » +# Placeholder for every '' in this configuration file +support-url: https://discord.gg/xsyy7d8RfG +# Placeholder for every '
' in this configuration file +header: + - Sonar + - '' +# Placeholder for every '