Brazil's biggest MU Online portal — since 2003
Tutorial Intermediate Tutoriais

How to Configure Anti-Bot on MU Online Server

Learn to set up anti-bot protection on your MU Online server with GameServer.ini settings, SQL detection queries, and automated banning via SQL Server Agent.

VI ViciadosMU Team · Updated on 3 jul 2026 · ⏱ 12 min read

Why Anti-Bot Protection is Essential for Your MU Online Server

Bots and trainers are one of the greatest threats to the economy and gameplay experience on MU Online private servers. They accumulate Zen, rare items, and experience automatically, completely unbalancing the server within hours. Unprotected servers are typically overrun by bots within 72 hours of opening. This guide covers the complete anti-bot system configuration available in MuServer Season 6 — from .ini file adjustments to SQL stored procedures scheduled automatically.


Prerequisites

  • Access to the server installation directory (e.g., C:\MuServer\)
  • SQL Server Management Studio (SSMS) connected to the MuOnline database
  • SQL Server Agent enabled (for job automation)
  • Administrator access to GameServer and ConnectServer
  • Full backup completed before making any changes
Atenção: Always perform a complete backup of configuration files and the database before modifying any security parameters. An incorrect anti-bot configuration can cause mass disconnections or block legitimate player logins.

Part 1 — GameServer Configuration

Step 1: Enable Packet Filters in GameServer.exe.cfg

Locate the main GameServer configuration file:

C:\MuServer\GameServer\GameServer.exe.cfg

Add or edit the following parameters under the [AntiBot] section (if the section does not exist, create it at the end of the file):

[AntiBot]
AntiBotEnable        = 1
AntiBotCheckTime     = 60        ; Check interval in seconds
AntiBotMaxRepeat     = 3         ; Maximum identical consecutive actions
AntiBotKickEnable    = 1         ; Kick on bot behavior detection
AntiBotBanEnable     = 0         ; Automatic ban (enable with caution)
AntiBotLogEnable     = 1         ; Log suspects to file
AntiBotLogPath       = Logs\AntiBot\
Atenção: Keep AntiBotBanEnable = 0 for the first 48 hours. Run the system in log-only mode to calibrate thresholds before enabling automatic bans. Premature activation can ban legitimate players and generate player complaints.

Step 2: Configure AntiBot.ini (Season 6+)

On Season 6 Episode 1 and later servers, a dedicated anti-bot configuration file exists:

C:\MuServer\GameServer\Data\AntiBot.ini

Recommended configuration for Season 6:

[Config]
Enable              = 1
QuestionEnable      = 1           ; Enable CAPTCHA questions in game chat
QuestionInterval    = 1800        ; Ask every 30 minutes (in seconds)
QuestionTimeout     = 120         ; Time to answer before kick (seconds)
QuestionPunishment  = 1           ; 0=Kick, 1=Temp ban, 2=Permanent ban
WrongAnswerLimit    = 3           ; Wrong attempts before punishment
MoveDetect          = 1           ; Detect movement in repeated route patterns
MoveDetectRange     = 5           ; Minimum expected position variation (cells)
MoveDetectTime      = 300         ; Time window for movement analysis (seconds)
KillSpeedMax        = 800         ; Kills per hour before triggering an alert

Step 3: Define CAPTCHA Questions

The questions file is located at:

C:\MuServer\GameServer\Data\AntiBotQuestion.txt

Format for each line: Question,Correct_Answer

What color is the sky during the day?,blue
How many legs does a dog have?,4
What month comes after March?,April
How much is 7 plus 8?,15
What is the capital of France?,Paris
How many days are in a week?,7
What is the largest ocean?,Pacific
Dica: Use simple, straightforward questions adapted to your player community. Configure the server to process answers as case-insensitive to avoid failures from capitalization differences. Avoid special characters in expected answers.

Part 2 — SQL Server Detection

Step 4: Create the Suspect Log Table

Execute the following in SSMS connected to the MuOnline database:

USE MuOnline;
GO

CREATE TABLE dbo.AntiBot_SuspectLog (
    LogID            INT IDENTITY(1,1) PRIMARY KEY,
    AccountID        VARCHAR(10)    NOT NULL,
    CharacterName    VARCHAR(10)    NOT NULL,
    SuspectReason    VARCHAR(200)   NOT NULL,
    KillsPerHour     INT            NULL,
    OnlineHours      DECIMAL(5,2)   NULL,
    PositionVariance INT            NULL,
    DetectedAt       DATETIME       DEFAULT GETDATE(),
    ReviewStatus     TINYINT        DEFAULT 0
    -- 0 = Pending, 1 = Confirmed Bot, 2 = False Positive
);
GO

Step 5: Create the Detection Stored Procedure

USE MuOnline;
GO

CREATE PROCEDURE dbo.SP_AntiBot_DetectSuspects
AS
BEGIN
    SET NOCOUNT ON;

    -- Detect characters with kills per hour above the human threshold
    INSERT INTO dbo.AntiBot_SuspectLog
        (AccountID, CharacterName, SuspectReason, KillsPerHour, OnlineHours)
    SELECT
        a.memb___id,
        c.Name,
        'KillsPerHour above 1000 - possible grinding bot',
        c.PkCount,
        DATEDIFF(MINUTE, s.ConnectTM, GETDATE()) / 60.0
    FROM
        Character c
        INNER JOIN MEMB_STAT s ON c.AccountID = s.memb___id
        INNER JOIN MEMB_INFO a ON c.AccountID = a.memb___id
    WHERE
        -- Kills per hour calculated from session start
        (c.PkCount / NULLIF(DATEDIFF(HOUR, s.ConnectTM, GETDATE()), 0)) > 1000
        AND DATEDIFF(HOUR, s.ConnectTM, GETDATE()) >= 2
        AND c.AccountID NOT IN (
            SELECT AccountID FROM AntiBot_SuspectLog
            WHERE CAST(DetectedAt AS DATE) = CAST(GETDATE() AS DATE)
              AND ReviewStatus = 2  -- Do not re-insert confirmed false positives
        );

    -- Detect accounts online for more than 22 consecutive hours
    INSERT INTO dbo.AntiBot_SuspectLog
        (AccountID, CharacterName, SuspectReason, OnlineHours)
    SELECT
        s.memb___id,
        c.Name,
        'Continuous session above 22 hours - possible 24/7 bot',
        DATEDIFF(MINUTE, s.ConnectTM, GETDATE()) / 60.0
    FROM
        MEMB_STAT s
        INNER JOIN Character c ON s.memb___id = c.AccountID
    WHERE
        s.ConnStatus = 1
        AND DATEDIFF(HOUR, s.ConnectTM, GETDATE()) > 22
        AND s.memb___id NOT IN (
            SELECT AccountID FROM AntiBot_SuspectLog
            WHERE SuspectReason LIKE '%22 hours%'
              AND CAST(DetectedAt AS DATE) = CAST(GETDATE() AS DATE)
        );

    PRINT 'AntiBot scan completed: ' + CAST(GETDATE() AS VARCHAR);
END;
GO

Step 6: Schedule the Procedure in SQL Server Agent

  1. Open SSMS → expand SQL Server Agent → right-click JobsNew Job
  2. Name: AntiBot_Scan_Automatic
  3. On the Steps tab → New Step:
  • Step name: Run Detection
  • Type: Transact-SQL script (T-SQL)
  • Database: MuOnline
  • Command: EXEC dbo.SP_AntiBot_DetectSuspects;
  1. On the Schedules tab → New Schedule:
  • Name: Every_30_minutes
  • Frequency: Daily
  • Sub-frequency: Every 30 minutes
  • Start time: 00:00:00, End time: 23:59:59
Nota: SQL Server Agent must be running as a Windows service. Verify in Windows Services (services.msc) that SQL Server Agent (MSSQLSERVER) has status Running before testing the job.

Part 3 — ConnectServer Configuration

Step 7: Limit Connections per IP in ConnectServer

Edit the file C:\MuServer\ConnectServer\ConnectServer.ini:

[ServerInfo]
MaxConnectionPerIP      = 3      ; Maximum simultaneous accounts per IP
ConnectionFloodLimit    = 10     ; Connection attempts per second before blocking
ConnectionFloodBanTime  = 300    ; Block duration in seconds (5 minutes)
PacketFloodProtection   = 1      ; Enable packet flood protection
MaxPacketsPerSecond     = 50     ; Maximum packets per second per connection
Dica: The value MaxConnectionPerIP=3 allows players on shared NAT (family, LAN cafe) to still access the server. Reduce to 2 only if heavy abuse is detected — lower values increase legitimate player complaints from shared connections.

Step 8: Block Known Datacenter IPs (Bot Farms)

Create or edit C:\MuServer\ConnectServer\IPBanList.txt. Add IP ranges from VPS/datacenter providers frequently used by bot farms:

# Format: IP_START IP_END
# Examples of common datacenter ranges
185.220.0.0 185.220.255.255
198.96.0.0  198.96.255.255
Dica: Look up ASNs associated with hosting datacenters on ipinfo.io and abuseipdb.com. Focus on blocking IP ranges from regions where your player base is not located.

Part 4 — Monitoring and Response

Step 9: Daily Review Query

Run this query each morning in SSMS to review the suspect queue:

USE MuOnline;
GO

SELECT
    LogID,
    AccountID,
    CharacterName,
    SuspectReason,
    KillsPerHour,
    OnlineHours,
    DetectedAt,
    CASE ReviewStatus
        WHEN 0 THEN 'Pending'
        WHEN 1 THEN 'Confirmed Bot'
        WHEN 2 THEN 'False Positive'
    END AS Status
FROM dbo.AntiBot_SuspectLog
WHERE ReviewStatus = 0
ORDER BY DetectedAt DESC;

Step 10: Ban a Confirmed Bot Account

After manual review and confirmation, execute:

USE MuOnline;
GO

-- Replace 'SuspectAccount' with the actual AccountID
UPDATE MEMB_INFO
SET bloc_code = 1
WHERE memb___id = 'SuspectAccount';

-- Record the ban in the audit log
UPDATE dbo.AntiBot_SuspectLog
SET ReviewStatus = 1
WHERE AccountID = 'SuspectAccount'
  AND ReviewStatus = 0;

-- Optional: disconnect immediately if still online
UPDATE MEMB_STAT
SET ConnStatus = 0
WHERE memb___id = 'SuspectAccount';
Atenção: Always save evidence before banning: capture a screenshot of the detection query results with the suspect's data. In the event of a player dispute, you will have concrete proof of automated behavior.

Troubleshooting

GameServer ignores AntiBot.ini settings Verify the file is in the correct directory (GameServer\Data\) and that AntiBotEnable = 1 exists in GameServer.exe.cfg. Some GameServer builds require a full restart rather than a configuration reload.

SP_AntiBot_DetectSuspects inserts no records Confirm that tables MEMB_STAT and Character exist in the MuOnline database and that the ConnStatus column uses value 1 for online. This may vary by server version — check with: SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'MEMB_STAT'.

Too many false positives being generated Raise the KillsPerHour threshold to 1200 or 1500 and increase the minimum online hours for long-session detection to 24 hours. Calibrate based on the actual behavior of your top players — consult the server's kill ranking as a benchmark.

SQL Server Agent does not execute the job Check the job history log (SSMS → SQL Server Agent → Jobs → right-click the job → View History). Common causes: insufficient permissions on the SQL Agent service user account, or the MuOnline database being offline at the scheduled execution time.

Blocking via bloc_code does not prevent login Verify the exact column name in your schema is bloc_code. Some builds use block_code or IsBlock. Confirm with: SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'MEMB_INFO' AND COLUMN_NAME LIKE '%block%'.

Perguntas frequentes

Is the native MuServer anti-bot enough to protect the server?

The native anti-bot provides a basic layer of protection, but it is not sufficient on its own. It is recommended to combine GameServer settings with periodic SQL checks, firewall port restrictions, and if possible a client integrity verification (checksums) for a layered, more robust defense.

How do I identify a bot character through the database?

Query the MEMB_STAT table comparing LastLoginDate and LastLogoutDate against patterns of excessive XP in fixed time windows. Also monitor the Character table checking PkCount accumulated per hour — grinding bots consistently exceed 1000 kills per hour for multiple consecutive hours, which is impossible for a human player.

What is the recommended QuestionInterval value in AntiBot.ini?

For Season 6, the recommended value is 1800 seconds (30 minutes). Intervals below 900 seconds irritate legitimate players doing normal grinding. Values above 7200 seconds (2 hours) allow bots to operate for excessively long periods between verification challenges.

What should I do when anti-bot causes disconnections for legitimate players?

Increase AntiBotCheckTime to 1000ms and review the MaxPacketsPerSec threshold — values below 150 cause kicks during skills with multiple projectiles (BK Combo, Elf multi-shot). Also verify that the client Main.exe is the correct version for your server, as outdated versions trigger false positives in the packet filter.

VI

ViciadosMU Team

Equipe editorial do ViciadosMU — portal de MU Online no ar desde 2003.

Keep reading

Related articles