[1.8.8-1.15.2] Anti-VPN | Get the best; save money on overpriced plugins and block VPN users!


Support Discord: https://discord.gg/BWshAvM

Looking for the Waterfall version? Find it here!
Looking for the Velocity version? Find it here!


The first time Anti-VPN is run it will take some time to start up. this is normal, and will very rarely (if ever) take that long again.

Download: Spigot, Jenkins

Wiki
Installation instructions can be found on the wiki here. It it highly recommended to read the wiki.


Confused? Check the wiki!

# How the plugin stores long-term data
# "external" data sources will also be used as messaging
storage:
  engines:
    mysql:
      # Whether or not to use MySQL/MariaDB
      # https://mariadb.org/
      enabled: false
      connection:
        # Address and port of the database instance
        address: '127.0.0.1:3306'
        # The name of the database the plugin will store data in
        # This must be created beforehand
        database: 'anti_vpn'
        # Table prefix for all plugin tables, indexes, keys, and procedures
        prefix: 'avpn_'
        # Database credentials
        username: ''
        password: ''
        # Extra options to use with the database server
        # These values will override any others
        options: 'useSSL=false&useUnicode=true&characterEncoding=utf8'
    redis:
      # Whether or not to use Redis for storage
      # https://redis.io/
      enabled: false
      connection:
        # Address and port of the Redis instance
        address: '127.0.0.1:6379'
        # Redis credentials
        password: ''
        # Storage prefix for all plugin data
        prefix: 'avpn:'
    sqlite:
      # Whether or not to use SQLite
      # https://www.sqlite.org/index.html
      enabled: true
      connection:
        # File name for the database
        file: 'anti_vpn.db'
        # Table prefix for all plugin tables, indexes, keys, and procedures
        prefix: 'avpn_'
        # Extra options to use with the database server
        # These values will override any others
        options: 'useUnicode=true&characterEncoding=utf8'
  settings:
    # The maximum size of the storage engine connection pool
    # Determines the max number of connections to storage engines
    max-pool-size: 4
    # The minimum size of the storage engine connection pool
    # Determines the min number of connections kept alive to storage engines
    min-idle: 4
    # The maximum lifetime of a connection in the pool
    # Should be at least 30 seconds less than any storage engine or infrastructure-imposed connection time limit
    max-lifetime: 1800000 # 30 minutes
    # The maximum number of milliseconds that the plugin will wait for a new connection from the pool before timing out
    timeout: 5000 # 5 seconds
  # The order in which the storage engines will be used
  # The first available engine will be considered the "master" and will be the authoritative data source
  # Keep in mind that, for redundancy, ALL defined and enabled storage engines will be used
  order:
    - 'mysql'
    - 'redis'
    - 'sqlite'

# How the plugin rapidly shares information with other servers along the network
# Note that cross-server chat toggling only works if a messaging engine is provided
# Else any toggled chat will be erased when the player leaves the server
messaging:
  engines:
    rabbitmq:
      # Whether or not to use RabbitMQ for messaging
      # https://www.rabbitmq.com/
      enabled: false
      connection:
        # Address and port of the RabbitMQ instance
        address: '127.0.0.1:5672'
        # RabbitMQ virtual host
        v-host: '/'
        # RabbitMQ credentials
        username: 'guest'
        password: 'guest'
    redis:
      # Whether or not to use Redis for messaging
      # https://redis.io/
      enabled: false
      connection:
        # Address and port of the Redis instance
        address: '127.0.0.1:6379'
        # Redis credentials
        password: ''
  settings:
    # The maximum size of the messaging engine connection pool
    # Determines the max number of connections to messaging engines
    max-pool-size: 5 # + 1 for the receiver
    # The minimum size of the messaging engine connection pool
    # Determines the min number of connections kept alive to messaging engines
    min-idle: 5 # + 1 for the receiver
    # The maximum lifetime of a connection in the pool
    # Should be at least 30 seconds less than any messaging engine or infrastructure-imposed connection time limit
    max-lifetime: 1800000 # 30 minutes
    # The maximum number of milliseconds that the plugin will wait for a new connection from the pool before timing out
    timeout: 5000 # 5 seconds
  # The order in which the messaging engines will be used
  # Keep in mind that, for redundancy, ALL defined and enabled messaging engines will be used
  order:
    - 'rabbitmq'
    - 'redis'

# Where VPN-checking sources are defined
# Beware the more sources that are included (and fail) the worse the performance and the more the lag
sources:
  # The amount of time to globally cache results across all sources
  # This should be as high as possible to avoid rate-limits but as low as possible to ensure results are always up-to-date and accurate
  cache-time: '6hours'

  # The order to try results in
  order:
  - 'proxycheck'
  - 'iptrooper'
  - 'ipqualityscore'
  - 'getipintel'
  - 'iphub'
  - 'iphunter'
  - 'vpnblocker'
  - 'ip2proxy'
  - 'shodan'
  - 'teoh'
  - 'ipwarner'

  # https://proxycheck.io
  # Results updated Jan 19, 2020
  # Error rate:                     0.00%
  # NordVPN detection rate:       100.00%
  # Cryptostorm detection rate:   100.00%
  # False-flagged homes:            0.00%
  proxycheck:
    enabled: true
    # Optional API key to use
    key: ''

  # https://iptrooper.net/
  # Results updated Jan 19, 2020
  # Error rate:                     0.00%
  # NordVPN detection rate:        96.00%
  # Cryptostorm detection rate:   100.00%
  # False-flagged homes:            0.00%
  iptrooper:
    enabled: true

  # https://www.ipqualityscore.com/
  # Results updated Feb 5, 2020
  # Error rate:                    0.00%
  # NordVPN detection rate:       90.00%
  # Cryptostorm detection rate:  100.00%
  # False-flagged homes:           0.00%
  ipqualityscore:
    enabled: false
    # API key to use (Required for this service, free one available at https://www.ipqualityscore.com/create-account )
    # This plugin would benefit from a premium account/API key, but does not require it
    key: ''
    # Whether or not to detect proxies as VPNs
    proxy: false
    # Whether or not to score IPs as a mobile device (less strict)
    mobile: true
    # Strictness setting to use (0-3)
    strictness: 0
    # Whether or not to flag IPs with recent abuse (such as malware, compromised devices, etc) as "bad"
    recent-abuse: false
    # Threshold above which an IP is considered "bad"
    threshold: 0.98

  # https://www.getipintel.net/
  # Results updated Jan 19, 2020
  # Error rate:                     0.00%
  # NordVPN detection rate:        86.00%
  # Cryptostorm detection rate:   100.00%
  # False-flagged homes:            0.00%
  getipintel:
    enabled: true
    # Contact e-mail in case things go wrong. Required
    contact: '[email protected]'
    # Threshold above which an IP is considered "bad"
    threshold: 0.98

  # https://iphub.info/
  # Results updated Jan 19, 2020
  # Error rate:                    0.00%
  # NordVPN detection rate:       84.00%
  # Cryptostorm detection rate:   96.43%
  # False-flagged homes:           0.00%
  iphub:
    enabled: false
    # API key to use (Required for this service, free one available at https://iphub.info/apiKey/newFree )
    key: ''
    # The block type at which an IP is considered "bad"
    block: 1

  # https://www.iphunter.info/
  # Results updated Jan 19, 2020
  # Error rate:                    0.00%
  # NordVPN detection rate:       60.00%
  # Cryptostorm detection rate:   92.86%
  # False-flagged homes:           0.00%
  iphunter:
    enabled: false
    # API key to use (Required for this service, free one available at https://www.iphunter.info/user/register )
    key: ''
    # The block type at which an IP is considered "bad"
    block: 1

  # https://vpnblocker.net/usage
  # Results updated Jan 19, 2020
  # Error rate:                    0.00%
  # NordVPN detection rate:       64.00%
  # Cryptostorm detection rate:   82.14%
  # False-flagged homes:           0.00%
  vpnblocker:
    enabled: true
    # Optional API key to use
    key: ''

  # https://www.ip2location.com/web-service/ip2proxy
  # NOTE: This info is old
  # Results updated Jul 18, 2019
  # Error rate: 0%
  # NordVPN detection rate: 100%
  # Cryptostorm detection rate: 60%
  # False-flagged homes: 0%
  ip2proxy:
    enabled: true
    # API key to use (Required for this service, free one available using 'demo' or at https://www.ip2location.com/register?id=1006 )
    key: 'demo'

  # https://www.shodan.io/
  # Results updated Jan 19, 2020
  # Error rate:                  55.15%
  # NordVPN detection rate:      90.00%
  # Cryptostorm detection rate:   0.00%
  # False-flagged homes:          0.00%
  shodan:
    enabled: false
    # API key to use (Required for this service)
    key: ''

  # https://ip.teoh.io/vpn-detection
  # NOTE: This info is old
  # Results updated Jul 7, 2019
  # Error rate: 10%
  # NordVPN detection rate: 61.90%
  # Cryptostorm detection rate: 100%
  # False-flagged homes: 0%
  teoh:
    enabled: true

  # https://ipwarner.com/
  ipwarner:
    enabled: false
    # API key to use (Required for this service, free one available at https://ipwarner.com/register )
    key: ''

mcleaks:
  # The amount of time to globally cache results
  # This should be as high as possible to avoid rate-limits but as low as possible to ensure results are always up-to-date and accurate
  cache-time: '1day'
  # Optional API key to use (e-mail API author, following instructions from "I'm frequently hitting your rate limit/my server has large influxes of players" at https://github.com/TheMrGong/MCLeaksApiClient#faq )
  key: ''

action:
  vpn:
    # The kick message to display to players who are using VPNs
    # If left blank, will not kick the player
    kick-message: '&cPlease disconnect from your proxy or VPN before re-joining!'
    # The commands that CONSOLE will run for players who are using VPNs
    # Use %player% as a placeholder for the player's (real) name
    # Use %uuid% as a placeholder for the player's uuid
    # Use %ip% as a placeholder for the player's IP
    # If left blank, will not run anything
    commands:
      - ''

    algorithm:
      # The algorithm method
      #
      # Options:
      # - Cascade
      #   The plugin will go down the "sources" list, sequentially, until a valid source is found
      #   It will then query that source and return the result
      #   This will result in essentially "the first valid result" being returned
      # - Consensus
      #   The plugin will try every source in the "sources" list at once
      #   It will then strip invalid results, and calculate the ratio of results from the remaining sources
      #   This will result in essentially "the ratio of valid results" being returned
      method: 'cascade'

      # Only used for "consensus" mode
      # The minimum ratio of APIs that must agree before a player is kicked
      # For example, if set to "0.6" then at least 60% of sources must agree that the IP is a VPN
      # The value can range from 0 to 1, and will be clipped at those values
      min-consensus: 0.6
  mcleaks:
    # The kick message to display to players who are using MCLeaks accounts
    # If left blank, will not kick the player
    kick-message: '&cPlease discontinue your use of an MCLeaks account!'
    # The commands that CONSOLE will run for players who are using MCLeaks accounts
    # Use %player% as a placeholder for the player's (real) name
    # Use %uuid% as a placeholder for the player's uuid
    # Use %ip% as a placeholder for the player's IP
    # If left blank, will not run anything
    commands:
      - ''

  # IPs and ranges to ignore when checking for VPNs and/or MCLeaks accounts
  ignore:
  - '127.0.0.0/8'
  - '::1/128'

connection:
  # The amount of time to cache lookups in-memory
  # Higher values require more memory
  # Lower values will hit Storage/APIs more frequently
  # Generally the default is good enough to prevent many sequential lookups from choking resources, but still keep memory usage low
  cache-time: '1minute'
  # The number of threads to use for web operations
  threads: 4
  # The maximum number of milliseconds that the plugin will wait for an API to respond before timing out
  timeout: 5000 # 5 seconds

# When true, logs some extra output to the console so you can see if/why things might be failing
debug: false
# Default language (affects console output)
lang: 'en'

stats:
  # Whether or not to send anonymous usage statistics to bStats
  # True: Send anonymous stats; let the author know how well the plugin is doing and how it's used!
  # False: Do not send stats and make the author sad :(
  usage: true
  # Whether or not to send anonymous errors to the author
  # True: Send errors anonymously to Rollbar and/or GameAnalytics so the author can fix them!
  # False: Do not send errors and wonder why any bugs you encounter haven't been fixed
  errors: true

update:
  # Whether or not to automatically check for updates and notify the console if found
  check: true
  # Whether or not to notify players with the avpn.admin permission node
  notify: true

# Config version, no touchy plz
version: 4.12


/avpn reload - Reloads the plugin configuration. This will disconnect and reconnect (if appropriate) any services configured in the config.yml file.
/avpn test - Test an IP through the various (enabled) services. Note that this forces a check so will use credits every time it’s run.
/avpn check - Check an IP using the default system. This will return exactly the same value as any other API call.
/avpn score - Scores a particular source based on a pre-made list of known good and bad IPs. Note that this forces a check so will use credits every time it’s run.


avpn.admin - allows access to the /avpn reload, /avpn test, /avpn check, and /avpn score commands
avpn.bypass - players with this node bypass the filter entirely


Please consider donating to support this free plugin!
pp_logo_h_150x38-png


According to the GDPR, you must specify that you are storing IP information to your players in a privacy policy when using this plugin (actually you need that if you’re running a vanilla server without this plugin because of server logs). Depending on how data provided from this API is used, you may be required to manually remove some data from the databases.
Disclaimer: I am a plugin developer, not a lawyer. This information is provided as a “best guess” and is not legal advice.


API documentation can be found on the wiki here.

Services that didn’t make the cut

stopforumspam
Error rate: 0%
NordVPN detection rate: 38.1%
Cryptostorm detection rate: 10%
False-flagged homes: 0%
6 Likes

ugh I cant even rate it 1 star for no reason here, this is dum /s

is great plugin I stuck it on my server and haven’t had vpns since (tho I don’t think I really had that issue in the first place so idk if it works)

So why would people disallow vpn connections?

1 Like

The main reason we used it was for alt detection and ban evasions. If someone logged in with a new account on a new IP, we were forced to assume it was a new player. If you can just switch to a new VPN, then ban evasions become very easy. Also it mucks up alt account detection.

Ah, I see

I use it since december and it work perfectly !

And use just proxycheck and iphub sources, it’s enough to block every VPN without false-flagged.