Guardian Documentation
Complete guide to using the Guardian Alt Account Detection Panel. Learn about all features, search methods, and tools available.
Authentication
Session keys and login system
Search
Find alt accounts quickly
Analytics
Statistics and patterns
Tools
IP Hasher and utilities
Overview
Guardian is a powerful alt account detection system for Minecraft servers. It tracks player connections using IP hash matching to identify accounts that share the same IP address.
Key Features
- IP Hash Matching — Securely links accounts using SHA-256 hashed IP addresses
- Name History Tracking — Tracks all username changes for each player
- Real-time Search — Instant autocomplete suggestions while typing
- Graph Visualization — Visual network of connected accounts
- Analytics Dashboard — Registration patterns and statistics
- Live Online Tracking — Real-time display of online players via Redis
Authentication
Access to the Guardian Panel requires a valid session key generated in-game by a player with appropriate permissions.
Generating a Session Key
Run the following command in-game:
/guardian session
This generates a unique 16-character session key in the format XXXX-XXXX-XXXX-XXXX. Click on the key in chat to copy it.
Session Properties
| Property | Description |
|---|---|
| Duration | Sessions expire after 24 hours |
| IP Binding | Sessions are bound to the first IP that uses them |
| Rate Limiting | 5 login attempts per minute, 60-second cooldown after limit |
| Persistence | Session is saved in browser localStorage for auto-login |
Security Note
Once a session is bound to an IP address, it cannot be used from any other IP. Generate a new session if your IP changes.
Dashboard
The main dashboard displays real-time statistics about the Guardian database.
Statistics Cards
Accounts
Total number of tracked player accounts
Unique IPs
Number of distinct IP hashes in the database
Linked Groups
Number of IP hashes with multiple accounts
Today
Accounts registered in the last 24 hours
Session Bar
After logging in, a session bar appears below the header showing:
- • Avatar — Your Minecraft player head
- • Username — The player who created the session
- • Expiry Timer — Countdown until session expires
- • Active Badge — Indicates the session is valid
Logout
Click the "Logout" button in the header to end your session. This invalidates the session key on the server and clears it from your browser. You'll need to generate a new session key in-game to log back in.
Connection Status
The header displays the current connection status to the Guardian API:
- Online — Connected to API successfully
- Offline — Unable to reach the API
Rate Limiting
Guardian implements rate limiting to prevent abuse. When you exceed the limit:
- • A full-screen overlay appears with a countdown timer
- • You must wait until the timer reaches zero before continuing
- • The countdown persists even if you refresh the page
Date Format
All dates in Guardian are displayed in US English format: MM/DD/YYYY HH:MM (24-hour time). For example: 01/15/2025 14:30.
Online Status
Guardian provides real-time online player tracking through Redis. The Minecraft server plugin periodically sends the list of online players to the backend, which is then displayed in the web interface.
Online Player Count
The dashboard header displays a live count of currently online players with a players icon. This count updates automatically every 15 seconds along with other dashboard statistics.
Online Players List
Below the statistics cards, a dedicated section shows all currently online players. The list includes:
- Player Avatar — 3D head rendering from Crafatar
- Username — Current player name
- Online Badge — Green indicator showing live status
- Search Button — Click to search for the player's alt accounts
Search & Filter
Use the search box to filter online players by username. The search is case-insensitive and matches partial names. Press Enter or wait 300ms after typing to apply the filter.
Pagination
When many players are online, the list is paginated with 20 players per page. Use the Previous/Next buttons to navigate between pages. The current page position is displayed between the buttons.
Auto-Refresh
The online players list automatically refreshes every 10 seconds. A countdown timer shows the time until the next refresh. This ensures you always see the most current player status.
Note: Online status tracking requires Redis to be running and configured. If Redis is unavailable, the online count will show 0 and the players list will be empty.
How It Works
The online status system works as follows:
- The Minecraft server plugin collects all online players every 30 seconds
- Player data (UUID and username) is sent to the Guardian backend API
- The backend stores this data in Redis with a 40-second TTL (time-to-live)
- If no update is received within 40 seconds, players are automatically marked as offline
- The web interface queries the backend for online status and displays results
Remote Commands
Guardian allows administrators to execute commands on players remotely through the web panel. Commands are sent to the specific Minecraft server where the player is currently online.
Kill Command
The Kill button appears next to online players in search results. Clicking it will kill the player on their current server by setting their health to 0.
Warning
This action will immediately kill the player in-game. A confirmation dialog will appear before execution. All actions are logged in the Audit Log.
How It Works
- The Kill button is only visible for online players
- Clicking the button opens a confirmation modal with blur effect
- After confirmation, the command is sent to the Guardian backend
- The backend determines which server the player is on (via Redis)
- The command is queued for that specific server
- The Minecraft plugin polls every 5 seconds for pending commands
- The plugin executes player.setHealth(0) on the target player
Confirmation Modal
When you click the Kill button, a modal appears with:
- Warning icon indicating a dangerous action
- Target player's avatar and username
- Action badge showing KILL
- Description: "Player will be killed on their current server"
- Cancel button to abort
- Execute button to confirm
Technical Details
- Commands expire after 5 minutes if not retrieved by the plugin
- Server identification is automatic (IP + API Key hash)
- All command executions are logged with COMMAND_KILL action type
- Failed commands (player offline) are also logged for auditing
Search
Guardian provides multiple ways to search for alt accounts. The search interface includes three modes: Single, Bulk, and Graph.
Keyboard Shortcuts
| Key | Action |
|---|---|
| Enter | Submit search (in search input) |
| Enter | Generate hash (in IP Hasher) |
| Enter | Submit login (in session key input) |
Single Search
Search for a single player by username, UUID, or IP hash.
Search Types
Username
Search by current or historical username. Supports partial matching with autocomplete after 2 characters.
Example: Notch or jeb_
UUID
Search by the player's Minecraft UUID.
Example: 069a79f4-44e9-4726-a5be-fca90e38aaf5
IP Hash
Search by SHA-256 hashed IP address. Use the IP Hasher tool to convert an IP.
Example: a1b2c3d4e5f6... (64 characters)
Autocomplete
When searching by username, autocomplete suggestions appear after typing 2 or more characters. Results are split into two categories:
- Current Names — Players whose current username matches
- Previous Names — Players who previously used a matching username
Bulk Search
Search for multiple players at once by entering one username or UUID per line.
Usage
- Select the search type (Usernames or UUIDs)
- Enter each search term on a new line
- Click "Search All" to process all entries
- Results show found/not found status with alt counts
- Click any result to view full details
Result Indicators
Graph View
Visualize the network of connected accounts in an interactive graph.
Node Types
Interactions
- • Drag — Move nodes around the canvas
- • Double-click — Search for the clicked player
- • Scroll — Zoom in/out
- • Clear — Remove all nodes from the graph
Adding to Graph
After searching for a player, use the "Add to Graph" button in the Actions panel to add all linked accounts to the visualization.
Results
Search results display the primary account and all linked alt accounts.
Result Card
Each account card shows:
- • Player head (from mc-heads.net)
- • Current username
- • Account age badge
- • Alt count (for primary account)
- • Registration/link date
Context Menu
Right-click any account card to access:
- • Copy UUID — Copy the player's UUID to clipboard
- • Copy Name — Copy the username to clipboard
- • Search Alts — Search for this player's alts
- • Add to Graph — Add all linked accounts to the graph
Sorting
Sort results using the dropdown:
- Newest — Most recently registered first
- Oldest — Oldest accounts first
- A-Z — Alphabetical by username
Actions Panel
- • Add to Graph — Add all results to the graph visualization
- • Export JSON — Download results as a JSON file
- • Clear — Clear all results
Export JSON Format
The exported JSON file contains:
{
"exported": "2025-01-15T14:30:00.000Z",
"count": 3,
"results": [
{
"uuid": "069a79f4-44e9-4726-a5be-fca90e38aaf5",
"username": "Notch",
"ipHash": "a1b2c3d4...",
"registeredAt": 1705312200000
},
...
]
}
Player Details
Click on any account card to view detailed information in the sidebar.
Information Displayed
| Field | Description |
|---|---|
| First Login | When the player first joined the server |
| Last Login | Most recent server join |
| Login Count | Total number of times the player has joined |
| Name Changes | Number of recorded username changes |
| Linked Accounts | Number of alt accounts found |
Activity Chart
The 24-hour activity chart shows when the player was last active. Bars indicate login times within the past 24 hours.
Name History
The Name History panel shows all recorded usernames for the player, with the current name highlighted at the top.
Linked Accounts Panel
When viewing a player with linked accounts, a separate panel appears showing all associated alts:
- • Player head and username for each alt
- • Link date showing when the account was connected
- • Account age badge for quick identification
- • Click any alt to search for its connections
- • Right-click for context menu options
Analytics
The Analytics Tab provides comprehensive insights into registration patterns, network analysis, risk assessment, and anomaly detection. All analytics data spans up to 90 days.
Data Storage
Player data (accounts, alts, username history) is stored permanently. Only audit logs are automatically deleted after 90 days. The analytics window shows data from the last 90 days.
Period Comparisons
Week-over-Week Comparison
Compares this week's registrations, alt accounts, and unique IPs against last week. Shows percentage change with trend arrows.
Month-over-Month Comparison
Compares this month (30 days) vs. last month. Helps identify longer-term trends in account creation activity.
Today vs. Yesterday
Real-time comparison of today's registrations against yesterday's count with percentage change indicator.
Time-Based Analytics
Peak Hours Heatmap
7x24 matrix showing registration density by day of week and hour. Darker colors indicate higher activity. Shows peak time in UTC.
Registration Velocity (90 Days)
Daily registration chart spanning 90 days. Shows total registrations and alt account creations per day.
Alt Creation Timing
Analyzes time gaps between alt account creations. Categories: <5 min, 5-30 min, 30-60 min, 1-6 hours, 6-24 hours, >24 hours.
Network Analytics
Network Distribution
Distribution of account chain sizes: 1 account (solo), 2-3, 4-5, 6-10, 11-20, 21+ accounts per IP. Shows isolated vs. connected accounts ratio.
IP Sharing Analysis
Statistics on IP address sharing: unique IPs, shared IPs (more than 1 account), maximum accounts per single IP.
Risk Assessment
Risk Score (0-100)
Each account receives a suspicion score based on: alt count (max 30 pts), account age (max 25 pts), name changes (max 20 pts), IP count (max 15 pts), rapid registrations (max 10 pts).
Risk Levels
LOW (0-25) — Normal account
MEDIUM (26-50) — Some risk factors
HIGH (51-75) — Multiple risk factors
CRITICAL (76-100) — Highly suspicious
Top Risky Players
List of the 10 highest-risk accounts with their risk score, risk level, and identified risk factors.
Anomaly Detection
Registration Spikes
Detects unusual registration bursts using statistical deviation from baseline (>2 standard deviations). Analyzes last 30 days.
Mass Registrations
Alerts when 5+ accounts are created from the same IP within 24 hours. CRITICAL if 10+ accounts.
Bot Patterns
Detects suspiciously regular registration intervals that may indicate automated account creation.
Sidebar Charts
Registrations by Hour
Bar chart showing account registration distribution across 24 hours. Useful for identifying peak activity times.
Account Age Distribution
Breakdown of accounts by age: <24h, 1-7 days, 7-30 days, 30-90 days, 90+ days.
Top Name Changers
Table showing players with the most username changes. Click any row to search for that player.
Data Tables
Recent Registrations
Shows the 6 most recently registered accounts. Each row displays the player name, account age badge, and registration date. Click any row to search for that player.
Top Chains
Lists the 6 accounts with the most linked alt accounts. The alt count badge shows how many accounts share the same IP hash. Click any row to view the full alt chain.
Both tables can be refreshed manually using the "Refresh" button.
Tools
Guardian includes several utility tools accessible from the footer.
IP Hasher
Convert an IPv4 address to its SHA-256 hash for searching in Guardian.
Usage
- Click "Hasher" in the footer
- Enter a valid IPv4 address (e.g., 192.168.1.1)
- Click "Generate Hash"
- Use "Copy Hash" to copy the 64-character SHA-256 hash
- Use "Search" to directly search for accounts with this IP hash
Technical Note
The IP Hasher uses the Web Crypto API with the same SHA-256 algorithm as the Guardian plugin, ensuring hash compatibility.
Sessions
View all active sessions for the Guardian Panel.
Session Information
- • Player Avatar — The Minecraft head of the session owner
- • Username — The player who created the session
- • Expiry Time — Remaining time until the session expires
- • Bound Status — Whether the session is bound to an IP
Status Badges
Database Stats
View detailed statistics about the Guardian database tables.
Information Displayed
- • Table Name — The database table identifier
- • Size — Storage space used by the table
- • Row Count — Number of records in the table
- • Size Bar — Visual representation of relative size
Tables Tracked
The database includes the following tables:
- • player_records — Main player records (UUID, username, IP hash, registration date)
- • players_by_iphash — IP hash to player mapping
- • players_by_username — Username lookup index
- • iphashes_by_player — Player to IP hashes mapping
- • username_history — Name change history
- • username_lookup — Current name lookup table
- • sessions — Active dashboard sessions
- • sessions_by_player — Sessions per player
- • audit_logs — Staff action logging
Audit Log
The Audit Log tracks all staff actions performed in the Guardian Panel for security and accountability.
Accessing the Audit Log
Click the "Audit Log" button in the footer to open the audit log modal.
Logged Actions
| Action | Description |
|---|---|
| Search | Single player search |
| Bulk Search | Multiple player search |
| Login | Successful login attempt |
| Failed Login | Failed login attempt (invalid key or not whitelisted) |
| Session Created | New session key generated in-game |
| Session Bound | Session bound to an IP address |
| Logout | User logged out |
| View Details | Viewed player details |
| View History | Viewed username history |
| View Sessions | Viewed active sessions list |
| View Database | Viewed database statistics |
| Kill Command | Executed kill command on a player (includes success/failure status) |
Search and Filter
- • Search — Search by username, target, or IP address
- • Action Filter — Filter by specific action type
- • Load More — Pagination for large result sets
Statistics
The audit log modal shows summary statistics at the top:
Total
All logged actions
Searches
Search queries
Logins
Successful logins
Failed
Failed login attempts
Privacy Protection
IP addresses are partially masked in the audit log display (e.g., 192.168.***.***) to protect user privacy while still allowing pattern identification.
Security
Guardian implements multiple security layers to protect sensitive player data.
Authentication Security
- Session-based Auth — Login via Minecraft plugin with unique session keys
- IP Binding — Sessions are locked to the first IP that uses them
- Rate Limiting — 5 login attempts per minute, 60-second cooldown
- Whitelist Support — Optional UUID-based access control
Data Protection
- IP Hashing — IP addresses are stored as SHA-256 hashes, not plain text
- Audit Logging — All staff actions are logged for accountability
- IP Masking — IP addresses in audit logs are partially masked
- Request Timeout — 30-second timeout prevents hanging requests
Frontend Security
- XSS Protection — All user inputs are escaped before display
- URL Validation — External URLs are validated before use
- Session Storage — Sensitive keys stored in sessionStorage (cleared on tab close)
- Memory Cleanup — Proper cleanup of graph instances and intervals
Backend Security
- Input Validation — All inputs are validated server-side
- Secure Headers — CSP, X-Frame-Options, X-Content-Type-Options
- CORS Protection — Configurable cross-origin request filtering
- API Key Protection — Plugin endpoints secured with API key
Badges Reference
Guardian uses colored badges to quickly convey account status and information.