🔎Prechecks
So its time to setup your config and connect to your server right?
Prechecks is the "checks" that our anticheat is doing before the player/client spawns into the server so we can check him while the player is joining and decide to block or allow him to join your server.
What is this?
Lets start learning you some things about Pegasus and believe me when you understand it you are gonna love it!
First, let's discuss "New Accounts". As you can imagine, we won't determine for you how many days an account should be considered new. This is entirely your decision. However, a good starting point is around 70 days.
Spoofer Detection
I'd like to share some insights about spoofers. Spoofers remove traces of their connecting accounts, allowing 'cheaters' to use new accounts to reconnect.
Here, we have two ideas. The first one is to block new accounts. 'kickNewAccounts' will check if the client connecting has a combination of new accounts (Steam/Discord/first-time connecting to your FiveM server). If that's true, then either the player is completely new to the FiveM, Discord, and Steam communities, or, if luck isn't on our side, they've decided to connect to your server for first time with a brand new steam and discord account. Yes, that could happen, but in my experience, out of 400 rejections on my server, only one person came seeking support and assistance. So, it's a 400:1 ratio, which I believe is in our favor.
The second method for detecting spoofers involves tokens, which are like unique player IDs or hardware identifiers. Each player has a distinct token. We've noticed that some low-quality cheat executors/spoofers don't erase these tokens, while others do.
Here's our approach: If a user has an unusually large number of tokens, far more than a typical player would have, it raises a red flag. It suggests that the client may have used a spoofer on other servers before. On the other hand, if the number of tokens is very low, it indicates that the client has likely erased them using a spoofer.
To handle this, we've introduced two variables: MaxTokens and LimitedIdentifierNumber. MaxTokens sets a limit on how many tokens a user can have to join the server. LimitedIdentifierNumber helps us identify if a user has fewer identifiers than the average legitimate client.
You can adjust these variables based on your server's needs. Fine-tuning them may require some debugging.
Furthermore, we have 'TotalStrikes', which is a powerful tool for identifying and rejecting suspicious accounts. Take a look at the screenshot below; each ⚠️ represents one strike.
-a81a284fd7cfa9b6310a39e0c839395e.png)
In this example, I have one strike. If it were my first time connecting to the server and I wasn't a member of the Discord server, I would have three strikes.
To be more explainable lets see a cheater that tried to use a spoofer
-5721259f089174a5434191ac922e1503.png)
| Cheater | Legit |
|---|---|
-89e2a6394ef2d2a33556dfe76d91a521.png) | -f72f05738781c40078b6af5aa8926bb5.png) |
Are you noticing any differences?
In addition to all of that, in the prechecks, we have other checks that a typical anti-cheat system includes, such as blocking VAC-banned players, preventing VPN usage, countering XSS attacks, and blacklisting certain player names.
Is that all? Not quite! We have one more feature you might appreciate.
Known ISPs (Internet Service Providers): For those of you who might not be familiar with what an ISP is, it stands for Internet Service Provider, which is the company that provides your internet access.
So, when a player connects to our server, we gather information about their ISP. We've created a table where you can add the most commonly used ISPs after debugging and identifying them frequently among players connecting to your server.
For instance, here in Greece, we often encounter Vodafone, Cosmote, and Wind, so I've added them to the config file, effectively 'whitelisting' these ISPs.
| Discord Connection Logs | Configuration File |
|---|---|
-374065f89e93cf9f3800ec3834ed4b9b.png) | -64ac87f7f3d10342533758d943401272.png) |
Why NiaouBreGatoula? Why have a 'whitelist' system for ISPs? Well, many script kiddies use VPN providers that employ clever techniques to avoid being detected as VPN users. They can effectively hide their poor-quality ISP service. Let's examine a scenario where a cheater uses this method to bypass our VPN detection and is caught by our ISP-based detection system.
In this scenario, we can see that the VPN detection isn't triggered, but our ISP detection is (Keep in mind that even i live in greece its the first time i am hearing this ISP provider 🥞 ). For this reason, we add one strike to that individual. 😉
So, I believe that covers everything about prechecks. I hope you've grasped them quickly because understanding them can lead to a healthier community.
Now, you might be wondering, "What if cheaters read all of this and easily bypass them?" Well, that's precisely it. I don't mind if they attempt to bypass all these measures. What I do care about is making it significantly more challenging for them to join servers protected by Pegasus compared to servers that are not protected by Pegasus.