Store Page
Project Zomboid
All Discussions Screenshots Artwork Broadcasts Videos Workshop News Guides Reviews

Project Zomboid

Store Page
Project Zomboid Guides Jab's Guides
38 ratings
[Build 41] Craftboid Anti-cheat - Patching Hacking Exploits for Multiplayer Servers
By Jab
How to patch your server to fight against hackers getting admin, teleporting, and killing players.
6
2
2
3
5
2
3
2
2
   
Award
Favorite
Favorited
Unfavorite
Created by
Jab
Online
Category: Modding or Configuration, Multiplayer
Languages: English
Posted
Updated
Dec 31, 2021 @ 7:02pm
Feb 4, 2022 @ 4:26pm
3,331 Unique Visitors
32 Current Favorites
Guide Index
Overview
Disclaimer 
Introduction 
Installing & Uninstalling the Patch 
Links and Info 
Changelog 
Reported Issues 
Comments
Disclaimer
This is an unofficial patch made by me. I have no affiliation, relationship or are employed by TheIndieStone in any way. I cannot be held responsible for any issues with servers that have issues following using this patch. This patch only serves to patch network code that is currently exploitable. This patch does not touch any other area of the code in the game. Use this patch at your own risk.

If you feel like this made a huge impact for your community, feel free to buy me a coffee!

https://ko-fi.com/jabdoesthings
https://www.paypal.com/paypalme/JabJabJab

Discord server: https://discord.gg/u3vWvcPX8f
Introduction
The issue
People are currently using exploits by hacking clients. This is an issue, and well known to have come since the developers warned that this isn't a priority fix. Public servers are targeted by these exploits and have sustained significant damages to their community and players.

Known Exploits
Hackers can:
  • Give themselves admin privileges.
  • Kill other players instantly on the map. (Even if they're God Mode)
  • Teleport people anywhere on the map.

A Solution
I produced this patch to help servers mitigate these attacks while we wait for an official patch.

How it Works
When players attempt to use the listed exploits in hacked clients, they are kicked from the server, appearing in the server's logs:

Example
Jab was kicked from the server. (Reason: Hack detected!, HackType: Teleport)
Installing & Uninstalling the Patch
NOTES
  • This guide assumes you're using the dedicated server variant to host a server.
  • This modifies your Steam installation, NOT THE "Zomboid" CACHE FOLDER!
  • Dedicated Server directory: "..\Steam\steamapps\common\Project Zomboid Dedicated Server\java"
  • This patch only applies to the build version 41.65. If the game is quietly updated, you'll need to reapply this patch. If the version updates and the exploits aren't patched officially, another patch will need to be produced & provided to install.

Install Instructions:
  1. Make sure your server is offline.
  2. Back up your java folder.
  3. Paste the contents of the patch_files folder provided inside of the java folder, overwriting existing files.
  4. Start your server.

Uninstall Instructions:
  1. Make sure your server is offline.
  2. Go to the directory that contains the java folder.
  3. If you backed up your java folder, delete the modified java folder and clone your backup folder, renaming it to java. If you did not back up your java folder, delete the modified java folder and verify your files through Steam. The java folder will be restored through verification to its original state.
  4. Start your server.

Links and Info
(LATEST) Version 1.05_00 BETA 2 download[drive.google.com].

(LTS) Version 1.03_00 download[drive.google.com].

All versions here[drive.google.com].
Changelog
(The full changelog is located here[github.com])

1.05_00 (BETA 2)

SUMMARY:

- Complete rewrite of the patch.
- Reformatted console logs to make it easier to read.
- Created internal API to make new checks much faster & easier to implement.
- Every security check is now controllable via a file `security.yml`, located in `Zomboid/Server`. This allows for
control of every check, turning them off, setting to `ignore` or `kick`, and variables for things such as `distance`
checks.

FIXES:

- Removed safehouse and faction checks due to instability & de-syncs.

ADDED_FEATURES:

- Added Kotlin support.
- Added YAML support.
- Added ANSI support for console logs.
- Added `Zomboid/Server/security.yml` for servers to tweak all security checks as needed.
- Added `Zomboid/Logs/Craftboid/security.log`. This log is appended to everytime a player triggers an active security
check. This also survives server restarts.
- Added checks for `SandboxOptions` packets.
- Added checks for `RemoveItemFromSquare` packets.
- Added checks for `StartFire` packets.
- Added checks for `SledgehammerDestroy` packets.
- Added checks for all database packets.
- Added pretty text when starting the server with Craftboid installed.

IMPROVEMENTS:

- Internal code hooks for security checks are now reduced to one-line calls.
- ChatFilter uses precompiled Regex patterns to make sorting and censuring texts faster.
Reported Issues
If you see a player report that they got kicked for hacking, it is most likely a false positive. Let them know and gracefully carry on. Most hackers or malicious actors like these won't invest time into these sorts of attacks so you'll most likely be talking to an affected player. It's still good to keep a watch over those players if this recurs.

Unfortunately I cannot thoroughly check each security check (~50 checks), for issues with edge-cases and popular mods to see if any of them trigger checks. This is why I gave server admins full control over what checks are active, what they say, and additional options provided for certain checks.

If you have a specific security check not working properly, go into Zomboid/Server/security.yml and either tweak available settings (such as distance), or modify the check to either mode: ignore to prevent the execution and not kick players or mode: off to fully disable the check.

Report issues to this Discord Server in #reported-issues: https://discord.gg/u3vWvcPX8f
44 Comments
< >
Jab  [author] Oct 26, 2023 @ 8:11am 
Hey. I am in the process of updating these posts with the 41.78.16 version of the anti-cheat.
Singtech Feb 22, 2022 @ 12:33pm 
Hey Jab, just wanna thank you so much for your mod. It's been helping many communities greatly! The first community I was in that used your mod lost maybe 30-50% of our playerbase after installing it....so many cheaters out there xD
Minidoracat Feb 20, 2022 @ 9:07pm 
Can you increase the detection of modifying the identity group and directly ban it?
Minidoracat Feb 20, 2022 @ 9:05pm 
Two hackers have been detected and kicked
But after they re-logged in, they still got admin and broke the server
https://cdn.discordapp.com/attachments/456737824725794827/945180998432342077/unknown.png
https://cdn.discordapp.com/attachments/456737824725794827/945184036324778044/unknown.png
ゅmix Feb 18, 2022 @ 8:55am 
RESPECT
Master Splinter Feb 13, 2022 @ 2:24pm 
It'll show in your console Craftboid running.
KAISA折枝 Feb 12, 2022 @ 11:13am 
How do I test if it's working?
Jab  [author] Feb 5, 2022 @ 11:14am 
I'm aware of an issue with a check that appears to trigger from normal PZ code. I'm not sure what's kicking it ATM however remove_item_from_square.distance is the check responsible. I'd suggest trying a distance of 256.0 and mode: ignore as a temporary fix while I work on BETA 3.
Jab  [author] Feb 4, 2022 @ 4:25pm 
You also have complete control over every security check! (50 right now) Head over to the security.yml file to read on how you can control each check and set default values for every check too.

This update is a complete rewrite. It took a minute however I think this approach is a more balanced solution for everyone. I don't know what mods your servers use, however you can disable each check individually if a mod complains about the check. (Or if my check is buggy!)

Thanks for all the support.
Jab  [author] Feb 4, 2022 @ 4:25pm 
@everyone,

It's been a fun week. I managed to rewrite the whole patch and go through a phase of testing. Since there'a a rise in new exploits (And I kept delaying the release due to this), I decided to upload a BETA version for people to use while I keep adding more known cheats & exploits popping up.

You now how a fully integrated chat filters system to prevent people from making usernames containing phrases! Message in chat in-game are censored with the same phrases added to a filters.txt file.