-1F1F2A?style=for-the-badge){kind=icon}
Support me on Patreon!
This plugin - "StAC" - and the ones bundled with it, can detect, log, patch, and punish for a majority of the cheats, macros, and unfair scripts available for Team Fortress 2, including:
- pSilentAim / NoRecoil / Angle Repeat cheats
- Plain aimsnap / Aimbot cheats
- Auto bhop cheats
- Fake eye angle cheats
- NoLerp cheats
- Some FoV cheats
- Newlines/invalid characters in chat messages
- Cmdnum manipulation (clientside nospread)
- Tickcount manipulation (backtracking) - Thank you to J_Tanzanite, author of LilAC!
- Interp/lerp abuse
- Clients using +right/+left inputs
- "Ping reducing" cheats (and patches "pingmasking" by legit clients as well)
- Clients purposefully not authorizing with Steam
- Cheat to cheat communication
- Several server crashing and server lagging exploits
- Admin spoofing
- Unkickable players
I hate cheaters. Everyone does. But you know what I hate more? Taking the sweet time out of my day to catch them. A lot of TF2 cheats do a lot of the same things, and if you know what to look for, you can detect their patterns and ban them automatically!
But wait. Don't server-side anticheats suck?
They don't have to.
Of course, there's limitations to what this plugin can do. It can't scan the memory or programs on your computer, it can't see exactly what keys you're pressing on your keyboard, and players don't live inside the server room, so there's always the factor of lag and loss.
But StAC is written so that it has as few false detections as possible, because no one wants to get banned when they weren't cheating. I've reverse engineered cheats, installed them myself (on an alt, don't worry!) and I've tested and refined this plugin over the course of years and thousands of hours of work so that it ignores legit clients, and only goes after naughty cheaters.
Even better, this plugin is set up to be as easy to use and install as possible, so you don't have to be a sourcemod guru to get rid of cheaters on your nfoserver.
- "a fork of SMAC with a few added features"
- "broken high school computer science level code"
- "it's broken"
- "very easy to bypass"
- "Is it really anti-cheat or just a joke?"
- ~500 cheaters banned on my servers alone
- In use in countless other server networks, including Uncletopia, the now dead Creators.TF, and more
- Install and configure Discord API for Discord Webhook logging, if you'd like
- download the latest release (called
stac.zip) from here. StAC automatically includes the latest versions of SourceTVManager, SteamWorks, Connect, and Conplex, and will not run without them. If you have issues with installation, feel free to join the discord and I'd be happy to help you out. - extract the downloaded zip, and copy all the folders inside of it into
/tf/addons/sourcemod/on your tf2 server. Overwrite any files if prompted. - restart your server
The current list of cvars and admin commands is listed here. The defaults should be good for most people, if you want to the plugin to autoban. If not, you can set any "detection" cvar to 0 to never ban, and to -1 to never even log or check in the first place. If you want to edit cvars,
- wait 30 seconds after doing the above
- edit
/tf/cfg/sourcemod/stac.cfgto your liking - restart your server again
You should be good to go!
This plugin is compatible with SourceBans, gbans, and the default TF2 ban handler, and auto detects which it should use. The plugin, by default, logs the currently recording demo (if one is recording) to the sourcebans ban message. To disable this, set stac_include_demoname_in_sb to 0.
This plugin prints detections to any clients on the server with the sm_ban permission, and the running SourceTV bot, if one exists. It saves more verbose logs to /tf/addons/sourcemod/logs/stac/stac_month_day_year.log by default, as well. To disable this verbose logging to file, set stac_log_to_file to 0. This plugin can also log to a Discord channel via a webhook, in combination with zipcore's Discord API plugin. Edit /tf/addons/sourcemod/configs/discord.cfg, to look like the following code snippet, and StAC will print all detections to that channel as well.
"Discord"
{
"stac"
{
"url" "discord webhook url"
}
}
Though I wrote StAC to throw as few false positives as possible, I can't guarantee perfection. I also can't guarantee that everything will always work how it's supposed to. Please submit a bug report if you can reproduce a way to trigger false positives, or for any bug or feature request. If you're more comfortable talking to me personally about it, join the development discord for StAC here: https://discord.gg/tUGgCByZVJ
StAC isn't perfect. It can't be, no anticheat can, but especially not a serverside one. It does what it can, with the information available to it. This means, in simple terms, it's not gonna ban every single cheater. I essentially take the philosophy of a popular php malware scanner:
"Of course it's trivial to bypass [[StAC]], but its goal is to catch skiddies and idiots, not people with a working brain. If you report a stupid tailored bypass for [[StAC]], you likely belong to one (or both) category, and should re-read the previous statement.
TL:DR; If you want actually good anticheat, pester Valve to hire more anticheat engineers, or play Open Fortress and/or Team Fortress 2 Classic, which are source mods of TF2 that I head both the anticheat department of, of which I have access to client code to much more easily prevent people from cheating.
LilAC: https://forums.alliedmods.net/showthread.php?t=321480 - JTanz rocks!
SMAC: https://github.com/Silenci0/SMAC
SSaC: Private - [AS] Nacho Replay, dog, and Miggy - RIP
Backwards - coding
Asherkin - coding
Addie - coding
JoinedSenses - coding
Everyone else in the sourcemod discord who had to put up with my asinine questions
Aad
dog - beta testing
elektro - beta testing
Creators.TF Community - beta testing
Cheddzy - for the COOL ass icon
Nanochip - rare code audits
Miggy - this one's for you, bud.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent