Skip to content

Anti-cheat & audit

Splintertree's anti-cheat surface combines the legacy AzerothCore Warden subsystem with extra position / login / packet auditing the Rust workers emit.

Warden

/admin/warden lists every Warden detection (auth.warden_log) — categorised by check type, severity, character, account. Operators can:

  • Drill into a violation: which check fired, the recorded screenshot hash, the detection's signature, the player's recent IP and HW fingerprints.
  • Bulk-resolve / mark as known-false-positive.
  • Whitelist a check for a given account / addon combination.

Cheat dashboards

/admin/anticheat is a Grafana-style dashboard sourced from the anti-cheat stats collector running inside the web-api process. Per-realm trend lines for:

  • Speedhack detections / hour
  • Position rollback events
  • Inventory desyncs
  • Fishing automation hits

Position history

Every player position update lands in a Redis ring buffer; the collector spills to characters.position_history. Detail pages can play back the last N seconds of a player's movement on a 2D map.

IP / login audit

auth.logs_ip_actions carries a unified login audit:

  • Success / failure across web (source = 'web') and game (source = 'auth') login flows.
  • Outcome: success, bad password, banned IP, banned account, …
  • Used by the auto-ban / IP-ban heuristics in the auth server.

Packet audit (debug-only)

When world.world_config.packet_audit_enabled = 1, the world worker records every CMSG → SMSG round trip into a Redis stream; /admin/packet-audit plays them back per-character.