NullCordX | High performance proxy v3.8.7

Performant proxy with exploit filtering on mind | Anti-ddos | (bungeecord+spigot protection)
  • Logo__Desc2.png

NullCordX
NullCordX is the most advanced proxy in every way, be it performance or features, there is no other like it and at such a low price!
From intelligent filters like Cloudflare's to being able to run giant servers in a few instances with unique "CONDITION Anti-Bot" system that can change checks depending on the situation.
The proxy is prepared to avoid excessive use of plugins, it comes with custom MOTD, advanced forwarding, different types of captcha, a pretty anti-vpn with custom placeholders and more utilities natively built.
Antibot System
Innovative filtering system that does not depend on external systems such as firewall for its ideal operation.
This system works by conditions, i.e. if the player failed a check, you can configure what will be next ('next check', 'kick a player', 'finish a check' and 'any other "Antibot" mode'), in addition, the bans for being an unverified connection are extended in a configurable way according to the number of attempts.
It also includes the most advanced Antibot system implemented the rotating captcha with frames, the captcha as hCaptcha in minecraft.
On top of that you can customize EVERY mode parameter, making Antibot the most customizable on the MARKET.

1698794633551.png

Antibot Checks
((All the checks can be deactivated and configured))

  • Human-fake-lobby -> Advanced filter to verify any prototype of packet, the sentry of high-performant bots with several block-layers like snow, wood, barriers, oaks etc... working as Chunk-colission. Also changes dynamically from coordinates. On top of that there are several protocol verifications like Ping-pong, KeepAlive timeouts, WindowTransactions, Configuration state response for new versions and HUGE verifications on falling of 3s that makes actually fast and working verification.
  • Vanilla-Check -> Before accepting the connection as verified, packets such as client settings, Window transaction, "ping-pong", ignored ticks, timeout-packets, max-packets-per-second, packet delay, teleport-confirn, PlayerOnGroundPacket, PlayerPositionPacket, PlayerHeadRotation packet, maximum uncompressed packets that a vanilla client should practically send are expected. The only proxy that verifies so many settings to avoid bots that emulate vanilla without any human verification.
  • Packet-Filtering -> Not only are there limits before decompress, but also after decode on all backends colloquially known as "backend anticrash" preventing Netty from using heavy methods and sending very large amounts of data. This avoids using plugins on every backend, natively faster and instant mitigation.
  • Condition-check -> Depending on how a player passed a check, you can configure condition for example after "on-player-verification-sucess" do "fast-fall" and what ever you think.
  • Ping-check -> Connections won't be able to join if their ping exceeds the maximum specified, this usually works with stupid attacks. On top of that we have a native TCP-based check that will compare the latency of receiving a packet from the host with the latency of receiving a packet over the network to filter attacks quickly without requiring any player action.
  • Name-Regex -> Verifies a nickname for a forbidden sequence of characters with high performance thanks to the task is being sent to the thread pool, and then the nickname is carried out, after the verification through the callback the verification is completed.
  • Mojang requests -> NullCordX prevents plugins from saturating the mojang API to requests invalidating the server for a while thanks thanks to the system that connects in the bot filter to the player as offline UUID.
  • Traceless-logging -> NullCordX has a system created in Netty that has all exceptions already cached, and the log can be disabled in attack. This is used to call exceptions silently if they were a low-level error.
  • Direct-Connection -> If the counting detects any strange loadup on connections will avoid connections that did not ping server list before joining (Disable it if something caches before pings such as Cloudflare, TCPShield etc..)
  • Malformed-packet-check -> Most attacks are based on sending malformed packets, which causes resource-intensive exception generation, this overloads the usage and floods the console, NullCordX caches them and deny that connection.
  • Geyser-checks -> We've built-in Geyser Standalone Support, you can choose which checks do they have to pass before joining the backend server.
  • Blacklist (via ipset/netty) -> Linux tool implemented to blacklist quickly bad TCP connections to avoid attack reach maximum performance, if you don't have access NullCordX will blacklist bots with netty blacklist module.
  • Protocol-packets -> NullCordX verifies the packets sent from the connection and compares them with a vanilla client to ensure that all packets have been sent and none are missing, the packets are limited thanks to the Mojang protocol and the failed packet is cancelled, also if client does not send on time all the vanilla packets it kicks the client, on top of that waits for client settings.
  • Proxy-sync -> Some networks need split their proxy instance on more than one, NullCordX can sync the Antibot data between them to avoid waste of performance.
There are bunch more of verifications that are secondary, check configuration to enable them.
YAML:
# Configuration for antibot
antibot:
  # Does the proxy need to constantly check all the players who join the server each time?
  always-check: false

  # Does the proxy need to constantly check all players only when a bot attack is detected?
  always-check-on-attack: false

  # Should the number of current players on check be added to the online counter?
  show-online: false

  # List of ip addresses to ignore for checking
  ignored-ips:
    - "127.0.0.1/24"
    - "172.18.0.1/24"

  # How many players can be with the same IP address in the filter at the same time?
  max-same-address-limit: 1

  # After how many milliseconds to kick the client if he did not send the expected packets on time?
  packet-receive-timeout: 10000

  # How often to check each player for filter timeout in milliseconds?
  schedule-task-interval: 1000

  # Should the antibot wait for ClientSettings from the client?
  # If disabled, the proxy will start checking as soon as the player was connected to the filter.
  # Warning! Disabling this has no effect on 1.20.2+ clients, since those clients always send ClientSettings during the configuration phase.
  wait-client-settings: true

  # Whether to force to check the player if his ip address was changed even when he successfully passed the check before?
  # Turning off the option will force the proxy to check the player only 1 time (until the automatic cache purge configured in sql.yml is performed)
  # And also turning it off makes the very essence of the check insecure, since the attacker can attack nicknames that have already successfully passed the checks, thus bypassing all the checks.
  check-player-on-ip-change: true

  # How big a packet can a client send during the check?
  max-bytes: 2048

  # How many packets the player can send per second during the check?
  max-packets-per-second: 100

  # What is the maximum size of all sent packets per second during the check?
  max-packet-bytes-per-second: 8192

  # What is the maximum size in bytes of a PluginMessage expected from a client?
  max-plugin-messages-bytes: 65536

  # Configuration for connect to filter on attack
  connect-to-filter-only-on-attack:
    # Will the proxy connect players to the filter only if it detects a bot attack?
    # If enabled, any connection to the server will count the bot counter until a bot attack is detected, then if an attack is detected, players will be connected to the filter and the counter will be counted only on the filter.
    enabled: false

    # Should the proxy treat each incoming player as a player who successfully passed the verification?
    # If enabled, the player connected to the server will be immediately written to the cache.
    # If the under attack mode is enabled, such a player will not be checked for a bot because he is already cached.
    always-cache: false

  # Configuration for many checks
  many-checks:
    # After how many connection attempts to filter will a player be added to the blacklist?
    max-attempts: 3

    # Configuration for progression
    progression:
      # During which time in seconds to count the number of times the player failed the check?
      progression-max-time: 86400

      # If a player with one IP address fails all checks while never trying to connect from other nicknames, then block for this number of seconds.
      # The first value is how many bans must be in order to use the second value.
      # The second value is how many seconds the ban should be.
      # The number of bans at a time should always increase by one. Wrong: 1, 2, 5, 7. Correct: 1, 2, 3, 4, 5, 6, 7.
      # You can add as many progressive bans as you like.
      same-nickname-progression:
        1: 60
        2: 120
        3: 300
        4: 600
        5: 1200

      # If a player with the same IP address fails all checks, and each time he tries to connect from different nicknames, then block for this number of seconds.
      # The first value is how many bans must be in order to use the second value.
      # The second value is how many seconds the ban should be.
      # The number of bans at a time should always increase by one. Wrong: 1, 2, 5, 7. Correct: 1, 2, 3, 4, 5, 6, 7.
      # You can add as many progressive bans as you like.
      different-nickname-progression:
        1: 180
        2: 600
        3: 1200
        4: 3600
        5: 7200

    # Should the proxy block the ip address of a player who failed multiple bot checks?
    blacklist-address: false

  # Configuration for protection modes.
  #
  # What type of mode template should the proxy server use?
  # See modes-templates to see or customize the current mode templates.
  #
  # You can add as many templates as you want in a row.
  modes:
    # Configuration for java players modes.
    java:
      # Should the proxy use these checks?
      # If disabled, the proxy will never connect the player to the filter and will never be able to determine if the server is under bot attack.
      enabled: true

      # How much time the player will be in-check 1000ms = 1s (Less = better)
      time-out: 30000

      # Normal mode configuration.
      # If the attack was not detected, then the proxy uses this mode.
      normal:
        - "nickname"
        - "fast-empty"
        - "fast-fall-and-proxy"

      # On attack mode configuration.
      # If the proxy has detected an attack, then it uses this mode.
      on-attack:
        - "nickname"
        - "empty"
        - "fall"
        - "proxy"
        - "country"

      # Configuration for custom modes.
      # These modes are only used when the custom mode is enabled with the /antibot toggle custom command.
      # With the /antibot check custom command, you can specify one of these modes so that it will be used later when the custom mode is switched.
      custom:
        example:
          - "fast-fall"

    # Configuration for bedrock players modes.
    bedrock:
      # Should the proxy use these checks?
      # If disabled, the proxy will never connect the player to the filter and will never be able to determine if the server is under bot attack.
      enabled: true

      # How much time the player will be in-check 1000ms = 1s (Less = better)
      time-out: 30000

      # Normal mode configuration.
      # If the attack was not detected, then the proxy uses this mode.
      normal:
        - "nickname"
        - "fast-empty"

      # On attack mode configuration.
      # If the proxy has detected an attack, then it uses this mode.
      on-attack:
        - "nickname"
        - "fast-empty"

      # Configuration for custom modes.
      # These modes are only used when the custom mode is enabled with the /antibot toggle custom command.
      # With the /antibot check custom command, you can specify one of these modes so that it will be used later when the custom mode is switched.
      custom:
        example:
          - "fast-empty"

  # When to ask players to rejoin after a successful check?
  # -1 - Disabled
  # 0 - Just in a bot attack (Warning! Some plugins, such as FastLogin, listen to the PreLoginEvent,
  # because of this, they themselves can detect a bot attack before NullCordX and prevent it,
  # which is why NullCord may not detect it in time.)
  # 1 - Always
  #
  # Using this function, you can potentially increase performance, since when connecting to a filter,
  # the proxy will not fire such events as LoginEvent and PreLoginEvent, because the player will still
  # be kicked at the end of the check and there is no point in continuing the login process.
  # Also, if online-mode is enabled in the bungee settings, the proxy will not authorize premium players from mojang servers,
  # since the player connects as a non-premium player, which means during bot attacks, you will not receive a ratelimit from mojang servers.
  rejoin-after-check: 1

  # Configuration for bot attack detection
  bot-attack-detection:
    # This function turns on the under attack mode if more players than this value have connected to the filter for a certain amount of time.
    # This depends on your server, more traffic = more threshold limit.
    bot-threshold: 30

    # How long should it take before checking if the server is under attack in order to reset the bot counter or continue to consider the server under attack. In milliseconds 1 sec = 1000
    bot-threshold-time: 60000

    # How long is the protection active? In milliseconds 1 sec = 1000
    bot-protection-time: 120000

  # Configuration for modes templates
  #
  # Mode templates provide a convenient way to create different templates with different settings.
  # Each template has its own type. For now, here is the list of templates:
  #
  # empty - There will be no checks, the player will be on the filter for some time.
  #
  # fall - Checking the player for the correct (vanilla) handling of falling from a height.
  # Useful because the attacker needs to handle a fall from a height correctly in order to pass the check.
  #
  # hand-captcha - Shows the player a captcha to be solved. Helps a lot from any bots, since the attacker needs more computing power to solve it very quickly.
  #
  # animated-hand-captcha - Exactly the same captcha, except for the animated background. Not recommended for
  # use in 'on-attack' mode, as it can consume a lot of traffic during an attack.
  # Warning! This captcha can use a lot of RAM, it directly depends on the number of frames in the gif file.
  #
  # framed-captcha - Captcha based on the frames in which the maps are placed and represent the whole image.
  # The player can rotate it. It is much more difficult for an attacker to solve it, especially if some parts of the image were initially rotated in a different direction from the generator.
  # Warning! This captcha can use a lot of RAM, it directly depends on the number of frames configured in captcha.yml.
  #
  # animated-framed-captcha - Exactly the same framed captcha, except for the animated background.
  # Warning! Do not use a huge number of animation frames and a high refresh rate, otherwise it will greatly affect the server traffic!
  #
  # framed-puzzle - It is a set of images rotated in different directions. The player needs to rotate them to the correct position to get the whole image.
  # Warning! This captcha can use a lot of RAM, it directly depends on the number of frames configured in captcha.yml.
  #
  # animated-framed-puzzle - Exactly the same framed puzzle, except for the animated background.
  # Warning! Do not use a huge number of animation frames and a high refresh rate, otherwise it will greatly affect the server traffic!
  #
  # pick-captcha - Captcha where you need to click on the images where the specified abstract object is shown and if they are no longer there, then enter any text in the chat.
  # It is very similar to reСaptcha or hCaptcha where you have to click on traffic lights.
  # Warning! This captcha can use a lot of RAM, it directly depends on the number of frames configured in captcha.yml.
  #
  # fall-and-hand-captcha - A mix of fall and hand-captcha check. Both checks are performed at the same time.
  #
  # fall-and-animated-hand-captcha - A mix of fall and animated-hand-captcha check. Both checks are performed at the same time.
  #
  # fall-and-proxy - A mix of fall and proxy check. Both checks are performed at the same time.
  #
  # country - Checking the IP address to see if it belongs to the country.
  #
  # asn - Checking the IP address to see if it belongs to the ASN.
  #
  # proxy - Checking the ip address for belonging to a proxy or vpn.
  #
  # nickname - Checking a nickname for a forbidden sequence of characters.
  #
  # Each mode has its own custom name, you can add and name as many modes as you like.
  # By default, the name of a configurable modes is equal to its type, however, you can change this to your liking.
  #
  # If you have any questions about how it works feel free to ask on Discord.
  modes-template:
    # Configuration for empty check mode templates
    #
    # max-check-time - How many milliseconds the player must be in the check before the check ends automatically
    empty-check-templates:
      empty:
        max-check-time: 5000
      fast-empty:
        max-check-time: 1000

    # Configuration for fall check mode templates
    #
    # max-check-time - How long should the check last before it ends in ticks (1 tick == 50 ms)
    # spawn-height - At what height to spawn the player
    # min-height-reset - From what height to automatically teleport the player back
    # hit-platform-enabled - Whether to use an advanced fall validation platform
    # hit-platform-min-height - What is the minimum platform height?
    # hit-platform-max-height - What is the maximum platform height?
    fall-check-templates:
      fall:
        max-check-time: 300
        spawn-height: 200
        min-height-reset: 40
        hit-platform-enabled: true
        hit-platform-min-height: 60
        hit-platform-max-height: 190
      fast-fall:
        max-check-time: 100
        spawn-height: 200
        min-height-reset: 140
        hit-platform-enabled: true
        hit-platform-min-height: 170
        hit-platform-max-height: 190
      on-successful-fast-fall:
        max-check-time: 100
        spawn-height: 200
        min-height-reset: 140
        hit-platform-enabled: true
        hit-platform-min-height: 170
        hit-platform-max-height: 190
      fast-fall-no-hit:
        max-check-time: 100
        spawn-height: 200
        min-height-reset: 40
        hit-platform-enabled: false
        hit-platform-min-height: 0
        hit-platform-max-height: 0

    # Configuration for hand-captcha check mode templates
    #
    # max-attempts - How many attempts will a player have to enter a captcha before they get kicked?
    # max-solves - At least how many times must a player enter the captcha correctly to complete the check?
    hand-captcha-check-templates:
      hand-captcha:
        max-attempts: 3
        max-solves: 1

    # Configuration for animated-hand-captcha check mode templates
    #
    # max-attempts - How many attempts will a player have to enter a captcha before they get kicked?
    # max-solves - At least how many times must a player enter the captcha correctly to complete the check?
    animated-hand-captcha-check-templates:
      animated-hand-captcha:
        max-attempts: 3
        max-solves: 1

    # Configuration for framed-captcha check mode templates
    #
    # max-attempts - How many attempts will a player have to enter a captcha before they get kicked?
    # max-solves - At least how many times must a player enter the captcha correctly to complete the check?
    framed-captcha-check-templates:
      framed-captcha:
        max-attempts: 3
        max-solves: 1

    # Configuration for animated-framed-captcha check mode templates
    #
    # max-attempts - How many attempts will a player have to enter a captcha before they get kicked?
    # max-solves - At least how many times must a player enter the captcha correctly to complete the check?
    animated-framed-captcha-check-templates:
      animated-framed-captcha:
        max-attempts: 3
        max-solves: 1

    # Configuration for framed-puzzle check mode templates
    #
    # max-attempts - How many attempts will a player have to enter a captcha before they get kicked?
    # max-solves - At least how many times must a player enter the captcha correctly to complete the check?
    # complete-on-chat - Should the check only end when the player enters any text into the chat?
    framed-puzzle-check-templates:
      framed-puzzle:
        max-attempts: 1
        max-solves: 1
        complete-on-chat: true

    # Configuration for animated-framed-puzzle check mode templates
    #
    # max-attempts - How many attempts will a player have to enter a captcha before they get kicked?
    # max-solves - At least how many times must a player enter the captcha correctly to complete the check?
    # complete-on-chat - Should the check only end when the player enters any text into the chat?
    animated-framed-puzzle-check-templates:
      animated-framed-puzzle:
        max-attempts: 1
        max-solves: 1
        complete-on-chat: true

    # Configuration for pick-captcha check mode templates
    #
    # max-attempts - How many attempts will a player have to enter a captcha before they get kicked?
    # max-solves - At least how many times must a player enter the captcha correctly to complete the check?
    pick-captcha-check-templates:
      pick-captcha:
        max-attempts: 3
        max-solves: 1

    # Configuration for fall-and-hand-captcha check mode templates
    #
    # max-check-time - How long should the check last before it ends in ticks (1 tick == 50 ms)
    # spawn-height - At what height to spawn the player
    # min-height-reset - From what height to automatically teleport the player back
    # hit-platform-enabled - Whether to use an advanced fall validation platform
    # hit-platform-min-height - What is the minimum platform height?
    # hit-platform-max-height - What is the maximum platform height?
    #
    # max-attempts - How many attempts will a player have to enter a captcha before they get kicked?
    # max-solves - At least how many times must a player enter the captcha correctly to complete the check?
    fall-and-hand-captcha-check-templates:
      fall-and-hand-captcha:
        max-check-time: 300
        spawn-height: 200
        min-height-reset: 40
        hit-platform-enabled: true
        hit-platform-min-height: 60
        hit-platform-max-height: 190
        max-attempts: 3
        max-solves: 1

    # Configuration for fall-and-animated-hand-captcha check mode templates
    #
    # max-check-time - How long should the check last before it ends in ticks (1 tick == 50 ms)
    # spawn-height - At what height to spawn the player
    # min-height-reset - From what height to automatically teleport the player back
    # hit-platform-enabled - Whether to use an advanced fall validation platform
    # hit-platform-min-height - What is the minimum platform height?
    # hit-platform-max-height - What is the maximum platform height?
    #
    # max-attempts - How many attempts will a player have to enter a captcha before they get kicked?
    # max-solves - At least how many times must a player enter the captcha correctly to complete the check?
    fall-and-animated-hand-captcha-check-templates:
      fall-and-animated-hand-captcha:
        max-check-time: 300
        spawn-height: 200
        min-height-reset: 40
        hit-platform-enabled: true
        hit-platform-min-height: 60
        hit-platform-max-height: 190
        max-attempts: 3
        max-solves: 1

    # Configuration for fall-and-proxy check mode templates
    #
    # max-check-time - How long should the check last before it ends in ticks (1 tick == 50 ms)
    # spawn-height - At what height to spawn the player
    # min-height-reset - From what height to automatically teleport the player back
    # hit-platform-enabled - Whether to use an advanced fall validation platform
    # hit-platform-min-height - What is the minimum platform height?
    # hit-platform-max-height - What is the maximum platform height?
    fall-and-proxy-check-templates:
      fall-and-proxy:
        max-check-time: 300
        spawn-height: 200
        min-height-reset: 40
        hit-platform-enabled: true
        hit-platform-min-height: 60
        hit-platform-max-height: 190
      fast-fall-and-proxy:
        max-check-time: 100
        spawn-height: 200
        min-height-reset: 140
        hit-platform-enabled: true
        hit-platform-min-height: 170
        hit-platform-max-height: 190
    country-check-templates:
      - "country"
      - "country-with-condition"
    asn-check-templates:
      - "asn"
    proxy-check-template:
      - "proxy"
    nickname-check-template:
      - "nickname"

  # Configuration for condition check override.
  #
  # The name of the check must be the name of the template.
  # By default, all templates have the following conditions:
  # if-success: next
  # if-failed: kick
  # But you can override the behavior for each template.
  #
  # Available conditions:
  # next - The next check will be done. If there is no next check, the player will successfully check for a bot.
  # finish - Instantly complete the check for the bot.
  # kick - Instantly kick a player. The kick message will be unknown if the player was kicked while successfully passing one of the checks.
  # Any other name - The name of the check template. The new specified check will start. This will allow the check to be performed in any order other than next.
  condition-checks-override:
    country-with-condition:
      if-success: "on-successful-fast-fall"
      if-failed: "framed-captcha"
    on-successful-fast-fall:
      if-success: "finish"
      if-failed: "framed-captcha"

  # Configuration for country limiter.
  #
  # For this function to work you need to add 'country' template name to modes.
  # For example add 'country' to 'on-attack' mode to the very end so to make this check work after the others.
  country-limiter-check:
    # Whether to use a fast cache check at the moment when the player is just connecting to the server?
    # Allows you to block the address before the player connects to the filter.
    use-fast-cache-check: false

    # How long will the result of the check be cached in milliseconds?
    max-cache-time: 86400000

    # After how many days to download a new database?
    max-database-time: 3

    # How often to check the database is up to date in minutes?
    # Use -1 to disable check.
    database-check-time: 60

    # How long to wait for a database download in milliseconds?
    download-connection-timeout: 15000

    # Key for downloading the MaxMind database.
    # By default, our private key is used, but if for some reason it does not work, you need to register your own key for use. We recommend doing this.
    license-key: "fS6zuYt01W4L4QuD"

    # Where should the proxy download the country database from?
    # By default, the database is downloaded from the official MaxMind server
    database-download-url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=%license_key%&suffix=tar.gz"

    # What type of whitelist to use?
    # true - All countries that are not listed are blocked
    # false - All countries that are listed are blocked
    whitelist: true

    # Which countries should be used for verification?
    # The name of the indicated countries must be according to the international standard.
    # More on wikipedia https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes
    countries:
      - "ES"
      - "EN"
      - "US"

    # What IP addresses should be ignored?
    ignored-ips:
      - "127.0.0.1/24"
      - "172.18.0.1/24"

    # Should the proxy blacklist the IP address if the country was blacklisted?
    blacklist-address-if-detected: false

    # How many threads to use for concurrent database access?
    # Use -1 to use as many threads as the number of cores on the processor.
    thread-pool-size: -1

  # Configuration for asn limiter.
  #
  # For this function to work you need to add 'asn' template name to modes.
  # For example add 'asn' to 'on-attack' mode to the very end so to make this check work after the others.
  asn-limiter-check:
    # Whether to use a fast cache check at the moment when the player is just connecting to the server?
    # Allows you to block the address before the player connects to the filter.
    use-fast-cache-check: false

    # How long will the result of the check be cached in milliseconds?
    max-cache-time: 86400000

    # After how many days to download a new database?
    max-database-time: 3

    # How often to check the database is up to date in minutes?
    # Use -1 to disable check.
    database-check-time: 60

    # How long to wait for a database download in milliseconds?
    download-connection-timeout: 15000

    # Key for downloading the MaxMind database.
    # By default, our private key is used, but if for some reason it does not work, you need to register your own key for use. We recommend doing this.
    license-key: "fS6zuYt01W4L4QuD"

    # Where should the proxy download the asn database from?
    # By default, the database is downloaded from the official MaxMind server
    database-download-url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=%license_key%&suffix=tar.gz"

    # What type of whitelist to use?
    # true - All asns that are not listed are blocked
    # false - All asns that are listed are blocked
    whitelist: false

    # Which asns should be used for verification?
    asns:
      - 16276
      - 24940
      - 15169
      - 32934

    # What IP addresses should be ignored?
    ignored-ips:
      - "127.0.0.1/24"
      - "172.18.0.1/24"

    # Should the proxy blacklist the IP address if the asn was blacklisted?
    blacklist-address-if-detected: false

    # How many threads to use for concurrent database access?
    # Use -1 to use as many threads as the number of cores on the processor.
    thread-pool-size: -1

  # Configuration for anti proxy check.
  #
  # For this function to work you need to add 'proxy' template name to modes.
  # For example add 'proxy' to 'on-attack' mode to the very end so to make this check work after the others.
  anti-proxy-check:
    # Whether to use a fast cache check at the moment when the player is just connecting to the server?
    # Allows you to block the address before the player connects to the filter.
    use-fast-cache-check: true

    # How long will the result of the check be cached in milliseconds?
    max-cache-time: 86400000

    # What IP addresses should be ignored?
    ignored-ips:
      - "127.0.0.1/24"
      - "172.18.0.1/24"

    # Should the proxy blacklist the IP address if the service detects it as a proxy?
    blacklist-address-if-detected: false

    # If enabled and if an error occurs during validation, the player will not be kicked and their ip address will be considered trusted.
    # Can be useful if you have a rate-limit but want players to be able to connect to the server anyway.
    do-not-kick-if-error: false

    # How many concurrently open connections should be used to access services?
    # The more threads, the faster, in theory, the proxy will be able to check the players, but on the other hand, due to the large number of requests, services can restrict access (rate-limit) to you.
    # Use -1 to use as many threads as the number of cores on the processor.
    thread-pool-size: 1

    # Configuration for services
    #
    # Here you can configure which services the proxy should connect to in order to check the IP address for a VPN or proxy.
    # If more than one type of service is enabled, the proxy will try to connect to services according to the order below, and if any service detects the VPN or Proxy, the player will be immediately kicked.
    services:
      # Configuration for ProxyCheck.io service
      proxy-check-io:
        # Should the proxy use this service?
        enabled: true

        # Your license key to access the api.
        # Please note that this service allows you to access the api even if the key is not correct or is specified as 'YOUR_LICENSE_KEY'.
        # However, in this case, the number of requests is limited.
        license-key: "YOUR_LICENSE_KEY"

        # When the vpn flag is set to 0 no VPN check will be performed, only a proxy check.
        # When the vpn flag is set to 1 we will perform a VPN check on the IP address in addition to a proxy check, any proxy determinations will be shown even if the address is also a VPN due to proxies being considered higher risk.
        # When the vpn flag is set to 2 we will only perform a VPN check, no proxy check will be performed.
        # When the vpn flag is set to 3 we will perform both a proxy and VPN check and both answers will be present in the result returned to you, this differs from &vpn=1 where a proxy result overwrites the VPN result.
        vpn-mode: 1

        # What risk in percent should an IP address have in order to consider this address dangerous?
        risk: 66

        # What is the maximum time the proxy can spend on one request to the service in milliseconds?
        connection-timeout: 1000

      # Configuration for IpHub.info service
      ip-hub-info:
        # Should the proxy use this service?
        enabled: false

        # Your license key to access the api.
        license-key: "YOUR_LICENSE_KEY"

        # What type of blocking to use?
        # -1 - Block non-residential IP (hosting provider, proxy, etc.) or non-residential & residential IP
        # 1 - Block only non-residential IP
        # 2 - Block only non-residential & residential IP
        block-type: -1

        # What is the maximum time the proxy can spend on one request to the service in milliseconds?
        connection-timeout: 1000

      # Configuration for VpnApi.io service
      vpn-api-info:
        # Should the proxy use this service?
        enabled: false

        # Your license key to access the api.
        license-key: "YOUR_LICENSE_KEY"

        # What type of blocking to use?
        # 1 - Block vpn, proxy, tor and relay
        # 2 - Block only vpn
        # 3 - Block only proxy
        # 4 - Block only vpn and proxy
        block-type: 1

        # What is the maximum time the proxy can spend on one request to the service in milliseconds?
        connection-timeout: 1000

      # Configuration for custom service
      custom:
        # Should the proxy use this service?
        enabled: false

        # API url for the service.
        # Available placeholders:
        # %ip% - ip address to check
        api-url: "https://your-custom-api/ip/%ip%"

        # What http properties should be sent?
        # Available placeholders:
        # %ip% - ip address to check
        request-properties:
          - "Accept-Encoding=UTF-8"

        # What character sequence should be in the response to the request so that the proxy considers the IP address to belong to vpn?
        # You can use regular expressions here.
        detect-regex-pattern: "VPN"

        # What is the maximum time the proxy can spend on one request to the service in milliseconds?
        connection-timeout: 1000

  # Configuration for nickname limiter check
  #
  # For this function to work you need to add 'nickname' template name to modes.
  # For example add 'nickname' to 'on-attack' mode to the very end so to make this check work after the others.
  nickname-limiter-check:
    # How many threads should be used to calculate the blacklisted nickname at the same time?
    # Use -1 to use as many threads as the number of cores on the processor.
    thread-pool-size: 1

    # List of blacklisted nicknames in the regex.
    patterns:
      - "mcstorm|mcdown|mcbot|theresa_bot|dropbot|bebra_bot|mcspam|kingbot"

  # Configuration for unstable ping check.
  #
  # Checks the player's ping during the check, if it is not stable then kicks the player.
  unstable-ping-check:
    # When will the check work?
    # -1 - Never
    # 0 - Just in a bot attack
    # 1 - Always
    mode: 0

    # What type of ping check should the proxy use?
    # 1 - Kick a player if his average ping is greater than the maximum at the time he passed any check.
    # 2 - Kick a player if his average ping is greater than the maximum at the time he passed last check.
    # 3 - Kick a player if at some point his ping becomes greater than the maximum. (without checking average ping)
    type: 1

    # What is the maximum allowed ping in milliseconds?
    max-ping: 350

    # Configuration for advanced ping check
    advanced:
      # Whether to use advanced ping check?
      # The proxy will compare the latency of receiving a packet from the host to the latency of receiving a packet over the network.
      # This may help against common proxy servers, however this check may falsely trigger on players using mobile internet or poor quality internet.
      # Warning! This check only works on Linux systems!
      enabled: false

      # What is the maximum ping difference in milliseconds after which we consider this connection as a proxy?
      # The lower the value, the stricter the check, but if most players experience connection problems, we recommend increasing the value or turning off this type of check.
      max-difference: 30

  # Configuration for direct connection.
  #
  # Will only allow a player to connect if they have pinged the server. Useful if the attacker is attacking with bots that never ping the server in the beginning.
  # If you are using a reverse proxy, remember to disable this option either will constantly ask for reconnect
  direct-connection-check:
    # When will the check work?
    # -1 - Never
    # 0 - Just in a bot attack
    # 1 - Always
    mode: 0

    # How long does it take to clear the player's cache before they have to ping the server again? In seconds.
    cache-time: 12

    # Should the proxy blacklist the IP address if the player didn't ping the server?
    blacklist-address-if-detected: false

  # Configuration for dimension of checking server
  dimension:
    # What type of world dimension use?
    # 0 - OVERWORLD
    # 1 - THE_NETHER
    # 2 - THE_END
    type: 0

    # What time to use? In ticks. (20 tick = 1 second)
    # 0 is sunrise, 6000 is noon, 12000 is sunset, and 18000 is midnight
    time: 0

    # In what position in the inventory should the captcha map be.
    # Slot positions https://wiki.vg/File:Inventory-slots.png
    # Warning! In version 1.8 there is no left hand (45 slot)
    captcha-slot: 36

    # How many empty chunks to send to the client?
    # 0 - 1 chunk, 1 - 9 chunks, 2 - 16 chunks, 3 = 26 chunks and so on.
    # Note that a client with the sodium mod will not be able to join if only 1 chunk has been sent.
    chunk-edge-size: 1

    # Should the proxy send the player a levitation effect that will prevent the player from moving up and down?
    levitate-effect: true

    # Which game mode to use?
    #
    # Available game modes:
    # 0 - Survival
    # 1 - Creative
    # 2 - Adventure
    # 3 - Spectator
    game-mode: 2

    # Should the client assume that he has connected to a server where hardcore mode is enabled?
    hardcore-mode: true

    # Configuration for player list
    player-list:
      # What nickname to use in the tablist?
      name: "NullCordX"

      # What ping should this player have?
      # A value of -1 will display a missing connection icon.
      latency: -1

    # Configuration for spawn location
    location:
      x: 7.5
      y: 200.0
      z: 7.5

    # Configuration for item frame interaction
    item-frame:
      # What should be the delay between frame rotations? In milliseconds.
      max-rotation-cooldown: 150

      # After how many quick attempts to rotate the frame to consider the player a bot?
      max-rotation-violations: 5

      # WARNING! EXPERIMENTAL!
      # What is the threshold for checking the direction of view when interacting with the frame in percent?
      # The higher the percentage, the stricter the checking of the player's view direction.
      # Only allowed values between 0.0 and 1.0.
      # Recommended value is '0.45'
      # Use -1 to disable the check.
      player-direction-threshold: -1.0

    # Configuration for allowed region
    allowed-region:
      # Whether to enable allowed region?
      # Players who leave this area will be teleported back to spawn.
      # It can be useful if for some reason players leave the spawn location where the framed captcha can be located.
      enabled: true

      # What is the maximum teleportation possible before a player gets kicked?
      # Useful as attackers can try to abuse it.
      max-teleports: 3

      # How big will the cuboid be on the x side?
      x-size: 5

      # How big will the cuboid be on the y side?
      y-size: 5

      # How big will the cuboid be on the z side?
      z-size: 5

    # Configuration for messages
    messages:
      # What message type to use?
      # 0 - Chat
      # 1 - System
      # 2 - ActionBar
      message-type: 1

      # How often to send checking messages in milliseconds?
      checking-messages-delay: 2000
config-version: 1

Captcha
The proxy comes with unique captcha types that are great against complex neural networks.
A brief description of each captcha:
'hand-captcha' -> Classic captcha. The player is given an item with a map on which the captcha is drawn.
'framed-captcha' -> Improved version of hand-captcha. The image consists of fragments and is formed on frames that appear in front of the player, creating a large captcha image.
'framed-puzzle' -> Essentially the same as framed-captcha, but the player needs to rotate the fragments into the correct position, as they are all rotated randomly.
'pick-captcha' -> An improved version of framed-captcha. The player needs to click on the required abstract items.









Each type of captcha can be separately customized, including but not limited to customizing the background, gif animation, custom fonts, various image distortions, as well as the ability to specify the order and rendering properties of each element on the captcha.
You can literally make up your own unique captcha and customize it in a similar way as in Photoshop.

In addition, NullCordX has an optimized captcha generator capable of generating hundreds of captcha per second, as well as a smart captcha cache that writes the captcha to disk for fast loading when the proxy is reloaded.

Native Motd System
NullCordX by default comes with a MOTD that replaces the BungeeCord encoder and creates its own packet which supports MiniMessage encoding and brings more functions.
Thanks to the native MOTD outgoing responses are cached to prevent this type of attack.
In addition, you can hide the favicon to prevent sending a large StatusRequest packet, since this packet is not compressed by the game protocol. This greatly improves traffic consumption during a massive attack or large traffic.
YAML:
# Motd cache configuration
motd:
  # What type of cache use?
  # -1 - None
  # 0 - Cache motd returned by plugins or BungeeCord (Recommended if you have a custom motd plugin)
  # 1 - Use full caching configured in 'custom' section (It also ignores ping_passthrough)
  # 2 - Use full caching by plugins (Combines mode 1 and 0. The proxy will call ProxyPingEvent itself and store the result globally for some time.
  # The source motd is always taken from the first listener in the BungeeCord configuration, not from 'custom' section)
  mode: 1

  # How long to cache motd or update online counter in milliseconds?
  max-cache-time: 5000

  # Should favicon be hidden when a ping attack is detected?
  # Helps to save traffic, because the StatusRequest packet is never compressed, which means it can weigh at least 8 kilobytes.
  hide-favicon-on-attack: true

  # Close the connection if the client tries to calculate a ping to the server after successfully sending motd during the attack.
  close-if-try-calculate-ping-on-attack: true

  # Configuration for ping attack detection
  ping-attack-detection:
    # This function turns on the attack mode if more than this value is pinged in a certain time.
    # This depends on your server, more traffic = more threshold limit.
    ping-threshold: 500

    # How long should it take before checking if the server is under attack in order to reset the ping counter or continue to consider the server under attack. In milliseconds 1 sec = 1000
    ping-threshold-time: 60000

    # How long is the protection active? In milliseconds 1 sec = 1000
    ping-protection-time: 300000

  # Configuration for custom motd.
  # The default format is MiniMessages, which allows RGB colors and gradients.
  # For more information: https://docs.advntr.dev/minimessage/index.html
  # To create a new line use the placeholder {NL}
  custom:
    # Standard motd message.
    #
    # Available placeholders:
    # {PLAYER_ONLINE} - Current online players.
    # {PLAYER_ONLINE_MAX} - Max online players. Can be variable if dynamic-max-player-count is enabled
    motd: "<blue><bold>Null<aqua><bold>Cord<white><bold>X<reset>{NL}<aqua>YourNetwork motd."

    # What game protocol should be in motd?
    # -1 - the game protocol of all available versions of the game is used.
    protocol-version: -1

    # Maximum number of players
    max-players: 20

    # Should the maximum number of players be equal to the current online?
    # A number greater than zero will be added to the counter, making it look like the player has the last chance to connect to the server. -1 - to disable.
    dynamic-max-players-count: -1

    # The path to the favicon. Disabled if empty.
    favicon-path: "server-icon.png"

    # How hard to compress the favicon? The closer the value is to zero, the stronger the compression.
    # Fractional values from 0.0 to 1.0 are allowed. -1 - to disable.
    favicon-compression-level: 0.0

    # The name of the server that is displayed if the player tries to ping a server with an old or too new version of the game.
    #
    # Available placeholders:
    # {PLAYER_ONLINE} - Current online players.
    # {PLAYER_ONLINE_MAX} - Max online players. Can be variable if dynamic-max-player-count is enabled
    name: "<blue><bold>Null<aqua><bold>Cord<white><bold>X<reset>"

    # What to display when hovering over online numbers? Disabled if empty.
    #
    # Available placeholders:
    # {PLAYER_ONLINE} - Current online players.
    # {PLAYER_ONLINE_MAX} - Max online players. Can be variable if dynamic-max-player-count is enabled
    player-info:
      - "<blue><bold>Null<aqua><bold>Cord<white><bold>X<reset>"
      - "<aqua>YourNetwork player info"
      - "<white>Online: <dark_aqua>{PLAYER_ONLINE}<dark_gray>/<aqua>{PLAYER_ONLINE_MAX}"
config-version: 1

Advanced Anti-Country & Anti-ASN & Anti-Proxy system
Advanced Anti-Country & Anti-ASN system based on known pages with virtually unlimited requests that allow you to block specific countries and avoid ASNs.
In addition, you can use one of the available services to check if the IP address belongs to a proxy, such as proxycheck.io. In addition you can specify a risk threshold for more fine-tuning to prevent false positives.
You can also add your custom Anti-VPN with custom URL and custom expected response.
You can configure it to only use the options on certain occasions such as when an attack is detected, always, or disable it completely.
On top of that you can download new databases in configurable time, cache time and even limit the use of threads of your processor.
Moreover, thanks to our Cache system powered by Caffeine, rate-limits are very complicated with free plans. In very few situations this will ever happen.
YAML:
  # Configuration for country limiter.
  #
  # For this function to work you need to add 'country' template name to modes.
  # For example add 'country' to 'on-attack' mode to the very end so to make this check work after the others.
  country-limiter-check:
    # Whether to use a fast cache check at the moment when the player is just connecting to the server?
    # Allows you to block the address before the player connects to the filter.
    use-fast-cache-check: false

    # How long will the result of the check be cached in milliseconds?
    max-cache-time: 86400000

    # After how many days to download a new database?
    max-database-time: 3

    # How often to check the database is up to date in minutes?
    # Use -1 to disable check.
    database-check-time: 60

    # How long to wait for a database download in milliseconds?
    download-connection-timeout: 15000

    # Key for downloading the MaxMind database.
    # By default, our private key is used, but if for some reason it does not work, you need to register your own key for use. We recommend doing this.
    license-key: "fS6zuYt01W4L4QuD"

    # Where should the proxy download the country database from?
    # By default, the database is downloaded from the official MaxMind server
    database-download-url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=%license_key%&suffix=tar.gz"

    # What type of whitelist to use?
    # true - All countries that are not listed are blocked
    # false - All countries that are listed are blocked
    whitelist: true

    # Which countries should be used for verification?
    # The name of the indicated countries must be according to the international standard.
    # More on wikipedia https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes
    countries:
      - "ES"
      - "EN"
      - "US"

    # What IP addresses should be ignored?
    ignored-ips:
      - "127.0.0.1/24"
      - "172.18.0.1/24"

    # Should the proxy blacklist the IP address if the country was blacklisted?
    blacklist-address-if-detected: false

    # How many threads to use for concurrent database access?
    # Use -1 to use as many threads as the number of cores on the processor.
    thread-pool-size: -1

  # Configuration for asn limiter.
  #
  # For this function to work you need to add 'asn' template name to modes.
  # For example add 'asn' to 'on-attack' mode to the very end so to make this check work after the others.
  asn-limiter-check:
    # Whether to use a fast cache check at the moment when the player is just connecting to the server?
    # Allows you to block the address before the player connects to the filter.
    use-fast-cache-check: false

    # How long will the result of the check be cached in milliseconds?
    max-cache-time: 86400000

    # After how many days to download a new database?
    max-database-time: 3

    # How often to check the database is up to date in minutes?
    # Use -1 to disable check.
    database-check-time: 60

    # How long to wait for a database download in milliseconds?
    download-connection-timeout: 15000

    # Key for downloading the MaxMind database.
    # By default, our private key is used, but if for some reason it does not work, you need to register your own key for use. We recommend doing this.
    license-key: "fS6zuYt01W4L4QuD"

    # Where should the proxy download the asn database from?
    # By default, the database is downloaded from the official MaxMind server
    database-download-url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=%license_key%&suffix=tar.gz"

    # What type of whitelist to use?
    # true - All asns that are not listed are blocked
    # false - All asns that are listed are blocked
    whitelist: false

    # Which asns should be used for verification?
    asns:
      - 16276
      - 24940
      - 15169
      - 32934

    # What IP addresses should be ignored?
    ignored-ips:
      - "127.0.0.1/24"
      - "172.18.0.1/24"

    # Should the proxy blacklist the IP address if the asn was blacklisted?
    blacklist-address-if-detected: false

    # How many threads to use for concurrent database access?
    # Use -1 to use as many threads as the number of cores on the processor.
    thread-pool-size: -1

  # Configuration for anti proxy check.
  #
  # For this function to work you need to add 'proxy' template name to modes.
  # For example add 'proxy' to 'on-attack' mode to the very end so to make this check work after the others.
  anti-proxy-check:
    # Whether to use a fast cache check at the moment when the player is just connecting to the server?
    # Allows you to block the address before the player connects to the filter.
    use-fast-cache-check: true

    # How long will the result of the check be cached in milliseconds?
    max-cache-time: 86400000

    # What IP addresses should be ignored?
    ignored-ips:
      - "127.0.0.1/24"
      - "172.18.0.1/24"

    # Should the proxy blacklist the IP address if the service detects it as a proxy?
    blacklist-address-if-detected: false

    # If enabled and if an error occurs during validation, the player will not be kicked and their ip address will be considered trusted.
    # Can be useful if you have a rate-limit but want players to be able to connect to the server anyway.
    do-not-kick-if-error: false

    # How many concurrently open connections should be used to access services?
    # The more threads, the faster, in theory, the proxy will be able to check the players, but on the other hand, due to the large number of requests, services can restrict access (rate-limit) to you.
    # Use -1 to use as many threads as the number of cores on the processor.
    thread-pool-size: 1

    # Configuration for services
    #
    # Here you can configure which services the proxy should connect to in order to check the IP address for a VPN or proxy.
    # If more than one type of service is enabled, the proxy will try to connect to services according to the order below, and if any service detects the VPN or Proxy, the player will be immediately kicked.
    services:
      # Configuration for ProxyCheck.io service
      proxy-check-io:
        # Should the proxy use this service?
        enabled: true

        # Your license key to access the api.
        # Please note that this service allows you to access the api even if the key is not correct or is specified as 'YOUR_LICENSE_KEY'.
        # However, in this case, the number of requests is limited.
        license-key: "YOUR_LICENSE_KEY"

        # When the vpn flag is set to 0 no VPN check will be performed, only a proxy check.
        # When the vpn flag is set to 1 we will perform a VPN check on the IP address in addition to a proxy check, any proxy determinations will be shown even if the address is also a VPN due to proxies being considered higher risk.
        # When the vpn flag is set to 2 we will only perform a VPN check, no proxy check will be performed.
        # When the vpn flag is set to 3 we will perform both a proxy and VPN check and both answers will be present in the result returned to you, this differs from &vpn=1 where a proxy result overwrites the VPN result.
        vpn-mode: 1

        # What risk in percent should an IP address have in order to consider this address dangerous?
        risk: 66

        # What is the maximum time the proxy can spend on one request to the service in milliseconds?
        connection-timeout: 1000

      # Configuration for IpHub.info service
      ip-hub-info:
        # Should the proxy use this service?
        enabled: false

        # Your license key to access the api.
        license-key: "YOUR_LICENSE_KEY"

        # What type of blocking to use?
        # -1 - Block non-residential IP (hosting provider, proxy, etc.) or non-residential & residential IP
        # 1 - Block only non-residential IP
        # 2 - Block only non-residential & residential IP
        block-type: -1

        # What is the maximum time the proxy can spend on one request to the service in milliseconds?
        connection-timeout: 1000

      # Configuration for VpnApi.io service
      vpn-api-info:
        # Should the proxy use this service?
        enabled: false

        # Your license key to access the api.
        license-key: "YOUR_LICENSE_KEY"

        # What type of blocking to use?
        # 1 - Block vpn, proxy, tor and relay
        # 2 - Block only vpn
        # 3 - Block only proxy
        # 4 - Block only vpn and proxy
        block-type: 1

        # What is the maximum time the proxy can spend on one request to the service in milliseconds?
        connection-timeout: 1000

      # Configuration for custom service
      custom:
        # Should the proxy use this service?
        enabled: false

        # API url for the service.
        # Available placeholders:
        # %ip% - ip address to check
        api-url: "https://your-custom-api/ip/%ip%"

        # What http properties should be sent?
        # Available placeholders:
        # %ip% - ip address to check
        request-properties:
          - "Accept-Encoding=UTF-8"

        # What character sequence should be in the response to the request so that the proxy considers the IP address to belong to vpn?
        # You can use regular expressions here.
        detect-regex-pattern: "VPN"

        # What is the maximum time the proxy can spend on one request to the service in milliseconds?
        connection-timeout: 1000

Backend Packet Filter & Anti-Crash
If you are using Spigot/Paper or any other fork of Paper, the proxy will try to manage packets sent to the servers and will blacklist and kick out any player that send more than the max-packet-per-second / max-packets-per-tick threshold.
Is working in all versions to avoiding things like (ToxicClient, PacketCrashers, Heaven) and all related clients.
The server admin can cancel the packet, or just kick it with Netty. By default is working with Netty, to make a faster mitigation!
Thanks to our fast injection to Netty, we can avoid strange clients that cause heavy Netty method calls making that well known "lag spike" come, forget about spending money on extra plugins for this!
This not only avoids security problems in your backends, but also limits the amount of packets that the client can send to the server, thus improving the server's performance in handling them
Disclaimer: Packet filter can help you to stop most of the Crash Exploit, however others may continue to have exploits to crash servers generated by buggy plugins.
Also NullCordX does not read NBT data for performance reasons, this means that it cannot verify information that a client can send to the server.

IP Forwarding Systems
BungeeCord has a serious "glitch" if the proxy is not configured properly. By which they can access your backends with any UUID and so on, we have a solution on this.
NullCordX has an advanced Forwarding system that uses a secret (keys). This system expects a specific key from the proxy server when connecting to the backend server. The backend server must be configured for one of the secret types - Velocity modern or BungeeGuard.
You can also disable it and continue to use the old BungeeCord system.

Optimization:
Performance is our main focus, as this is the key to a project. Therefore we have an extensive list of changes and options to increase it without causing problems with plugins (Guaranteed less consumption with NullCordX)
  • Compression -> NullCordX improves the proxy system when compressing packets, this indirectly optimizes CPU consumption during packet compression and decompression. Besides that it is used to load Captchas faster (you can choose between libdeflate and lgzip)
  • Entity rewrite -> NullCordX gives the option to duplicate the buffer instead of copying the entire buffer, this only applies if Entity Rewrite is enabled. Instead of completely removing it to avoid instabilities.
  • Connection events -> Waterfall introduced two events that can cause high CPU consumption in server attacks, thanks to nullcordx you can disable them in the configuration if no plugin depends on the "connection-init-event" and "client-connection-event" events.
  • Packet frame decoding -> Faster writing and reading of var ints and data can result in faster network throughput and higher performance.
  • Multi-Threaded -> Intelligent system to have all the resources in different threads, also when loading any task all the processor cores are used. This improves response times and balances the load of the processes.
  • TCP Fast Open -> No other proxy implements TCP FAST OPEN well, as it requires also implementation in the backend, if supported NullCordX will accept a maximum of connections with this Netty feature to improve connection times between server and client.
  • Consolidation-flush -> Using the flush system call is quite expensive, so this system tries to call it much less often and when it is needed when sending packets.
  • Internal changes -> Not only are all of the above improvements being applied, but the Waterfall structure itself has also been improved without breaking anything. Thousands of changes throughout the software made it so that the consumption is much better than any fork, even bordering Velocity or surpassing it. A new modern configuration system was implemented, completely replacing the BungeeCord / Waterfall one with respective improvements and comments.
  • Java version -> The proxy is compiled in java 17, this improves performance, the option to implement things better, better footprint memory management and faster startup.
  • Ping-Handler -> Packets will not pass trough unnecessary handlers, which improves the performance and ping system of the whole proxy.
  • Antibot packet optimization -> NullCordX prepares packets at startup, so it doesn't need to compress Antibot packets for each player when connecting to the filter, so consumption will be zero during the attack (best solution for Antibot)
1722603558058.png


On top of that NullCordX replaced the bad practices of BungeeCord and moved them like the High performance compared to Waterfall thanks to improved base with new alternatives such as FastUtil and faster mathematics, such as replacement of deprecated events without compromising compatibility. This includes improvements to Windows.

The best compatibility and advanced fork
NullCordX is the most advanced fork in market with external compatibility, adding a lot of features that are not in market.
Our community likes to have modern things like the competition, that's why we have added multiple improvements respecting everyone.
Most of the Spanish community uses NullCordX since one of the main developers is Spanish; feel free to join if you are too :)
  • Modern forge -> System that fixes modern forge 1.16+ connections up to the latest version thanks to its correct implementation.
  • Smart-debug -> Need more information? You can activate debug levels for the proxy that will help you decipher problems. You can also execute /nullcordx dump and will generate a friendly link into our web.
  • Smart-detection ->Thanks to our advanced filtering and caching system we can prevent bad connections from having a real impact by separating them in a bot filter.
  • Smart-logg-in -> You don't care about advanced logs like Netty/other libraries used in the project? You can totally filter them forever, or only when an attack is detected. This relieves the console load and makes it readable in most cases.
  • Smart-API -> Extensive API for developers, being able to send checks, detect attacks and even inject into the ChannelWraper with simple methods is possible thanks to our robust feature.
  • Bedrock support -> Some forks often have problems with Bedrock. In this case a module is implemented that works together with geyser and floodgate to support the connections without failures.
  • Dynamic-DNS support -> Compatible dynamic domain name system to check the relevance of the IP address from time to time by extracting it from the DNS server. (useful if a domain is used as the IP address of the server)
  • Built-in-MiniMessage -> By default all Waterfall and NullCordX messages are in MiniMessage format, legacy support still works.
  • Per-country language/Automatic translates -> If desired, the proxy can send proxy messages in the language of the client. configured in the connection and you can edit a simple string to translate all proxy commands including those of NullCordX.
  • Module system -> It's a tiresome thing to have to download the modules in every BungeeCord update, we have them integrated as commands. (also you can enable/disable them as you want)
  • MOTD integrated -> NullCordX will activate a system in which you can limit slots, configure favicon compression, player information, RGB and legacy color support, even disable motd and let the proxy cache requests. All this to have the best performance and avoid slow-downs!
  • Heavily customizable-> Everything is configurable, even the platform on which Minecraft connections drop to be verified.

On top of that the configuration is fully documented (even BungeeCord and Waterfall's) so that the user knows how to guide himself without any wiki.

IPTables firewall
IPTables is a Linux-only tool that allows you to modify all kinds of internet rules, and the best way that we can use to blacklist TCP connections.
If the server has ROOT permissions, a tool called IPSet will be used that allows us to block IP Lists and we can use it to block by time.
This way we can mitigate attacks much more quickly and efficiently without having to have a very good system.
Otherwise, if the server doesn't have ipset feature it will use layer netty system implemented for blacklist with same features.
On top of that you can make your own firewall with Linux commands, for example using XDP-firewall!

More features
  • All the Antibot checks can be toggled, or configured to work only under attack.
  • Automatic NullCordX and Waterfall messages to client language.
  • Friendly and easy configuration to understand for new people. (all the configuration is commented)
  • Ability to parse the subnet mask for IP addresses.
  • Option to blacklist and whitelist countries.
  • Dynamic Domain Name System support. (DynDNS)
  • Huge debug system (toggleable) and configurable-debug-levels.
  • Automatic config updater. We frequently add new things, there is no need to delete them. The proxy will detect changes at startup and replace it with the new one without touching what was already there.
  • MiniMessage Hexadecimal support for all the proxy (motd, messages, actionbars..)
  • Modules built-in, no more manual downloads. (all of them are toggleable)
  • Blacklist module for not-linux operative systems.
  • Ability to detect cheat-clients due transaprent checks based on vanilla features
  • Ability to make you're own UNIQUE captcha thanks to the custom generator
  • Ability to change compression system between igzip, libdeflate, and zlib
  • Ability to translate to all WORLD languages depending on client settings.
  • Ability to see plugins used on proxy.
  • Ability to verify the player if changes the IP. (or disable)
  • Ability to progressive-ban the players.
  • Ability to reload the proxy & the Antibot system. (/nullcordx reload)
  • Ability to disable human filtration for specific plataform.. (Like Java-geyser)
  • Ability to configure fall verification such as collision time, item coordinates, drop-time.
  • Ability to configure how protocol works, such as limits, tasks etc.
  • Ability to see hardware usage, such as (CPU, ram, threads) even on actionbar.
  • Ability to change server-icon name for extra-features.
  • Ability to configure how database works, such as SQLite, MySQL and PostgreSQL.
  • Ability to configure compression level only on Linux.
  • Ability to use native motd system very configurable. (Slots, player-info, cache, compression for favicon etc.)
  • Ability to disable ConnectionInitEvent of Waterfall. (Some plugins need it)
  • Ability to hide logs and only send one warning to know when the attack stopped/started.
  • Ability to disable scoreboard teams bug. (toggle completely the packet)
  • Ability to disable/enable certain waterfall module such as reconnect/commands etc..
  • Ability to see traffic usage, such as Open connections, in-traffic/out-traffic. (KB/MB)
  • Ability to make range-servers for large networks with lot of sub-servers.
  • Ability to reload the whole proxy/Antibot without restarting the instance.
  • Ability to blacklist versions+range of versions on the NullCord'S config.
  • Ability to cache decoder and encoders of the proxy.
  • Ability to limit chat packets per second, to avoid Component exploiting.

FAQs
Is there any API?
You can detect when an attack started, what type of attack it is, when it ended, users that are not bots, detected as bots, access internal methods without reflection, detect if a connection is a geyser, and a long ETC.

Can i buy with Cryptos?
Yes, all you have to do is to enter our discord and contact us.

Why would I buy NullCordX instead others?
  • Uptime -> Stable backend and dumps ensuring 99.9% of uptime
  • Solid Antibot ->The most advanced anti-bot in any sense, you have from the most complex captcha for the bot and simple for the player to verifications towards the client directly that will not bother the player in any instance. Seeing a bypass with NullCordX is very rare due to the verification metrics used, while others who claim to have the best system are getting worse every day.
  • Updates -> Updates WITH CONTENT, this means that the software is not in maintenance mode updating versions and fixing critical vulnerabilities. Improvements are always given and suggestions from the community are implemented, no one but us can say this.
  • Transparency -> All changes are mentioned in the security is not obtained through the dark by filtering anti-bot changes.
  • No captchas -> Not interested in captchas? No problem, multiple captchas are disabled by default and the collision filter is enabled.
    Although emulating a client is much simpler than creating a bot for a single system similar to hCaptcha in minecraft.
  • Support -> We have several staff who have been buyers for some time and gained experience with bugs and proxy options, you will have your problem solved the same day.
  • Ideas ->Innovation in its purest form, unique implementations of systems used by giant attack filtering companies such as framed-captcha and puzzle captcha to new defense systems with MOTD.
TO'S - ShieldCommunity reserves the right to remove licenses if any term is violated.
  • You can use your license on the servers you want as long as they are yours.
  • We may completely block your license at our discretion without notice.
  • You are directly responsible for your license, if for any reason it is leaked you could have consequences.
  • A refund will only be given if the product does not work as stated on the product page, other situations will be rejected. Only valid for a period of 7 days.
  • Breaking any discord rules such as being racist, disrespectful, disclosing private information will be punished with a permanent ban and removal of licenses.
  • You're not allowed to decompile, reverse engine, re-sell or send the software in any of it's form

ShieldCommunity manages user data through an advanced encryption system, even for ourselves, to ensure end-to-end encryption is totally secure.

Test server


Contact me if you need it: xism4#9127

Latest reviews

good broo ^-^ Best Fork
Soporte realmente bueno y rápido, no hay que toquetear muchos apartados para que el proxy haga su trabajo correctamente, y para mí, el mejor proxy de la competencia, mucho mejor que otros 🔥🔥🔥❌❌❌
xism4
xism4
Mil gracias! Eso es como queremos que funcione. Bien sin tener que modificar cosas!
This license was given for free. What's this?
ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ
xism4
xism4
Thanks i guess haha!?
Nice. denemek için sabırsızlanıyorum. Tecrübe edindikçe bu yorumu güncelleyeceğim. :)
xism4
xism4
Thank you!
Best AntiBot I have ever seen! Much better than FlameCord!
xism4
xism4
Thank you!
Good! I will use the results
xism4
xism4
Thanks! I hope works good.
except that the message cannot be fully customized. this is definitely the best waterfall fork.
xism4
xism4
Thanks
This is by far the best anti-bot out there. It has the best captcha features and really helps keep my server away from MCStorm and other things like that. Support is also really fast and kind :)
xism4
xism4
Thanks
Excelente Proxy, el soporte es uno de los mejores que he recibido, el creador me enseñó cómo funcionaba y resolvió todas mis dudas, sin embargo es de lo mejor. Lo recomiendo a cualquiera que necesite una protección fuerte.
xism4
xism4
¡Muchas gracias por la review!
This license was given for free. What's this?
I am incredibly surprised about this proxy the truth has impressed me in all aspects has no bad side to this day no proxy compares as this the truth or XCord, Aegis is incredible this new update 3.4x made some incredible changes that also improved too much performance that if the performance consumed by NullCordX is very low and now it is lower I still have no words to express my happiness with this proxy Excellent work XIsm4 and Boom
xism4
xism4
Thanks for the large review.
Buy a license now
Name a fair price:
EULA: Standard EULA
$
Source
$500.00
Whole proxy source with updates
New conditions:
  1. Not resell
  2. Not publish
  3. Not share
  4. For networks with certain amount of players
Only one set of custom condition addons may be purchased per resource.
Network protection
$39.99
Private support from developers to protect the server with high performance tunned options.
Paper fork
$50.00
High performance of a fork of paper 1.20.4 with hook to the proxy
Secure checkout:
Share this resource
Help out the creator by referring your friends!
51,041 Views
519 Purchases
526 Downloads
Dec 22, 2021 Published
Jun 16, 2024 Updated
5.00 star(s)
Average rating (34)
53 MB File size
Fork of
  1. Waterfall
Supported versions
  1. 1.8
  2. 1.9
  3. 1.10
  4. 1.11
  5. 1.12
  6. 1.13
  7. 1.14
  8. 1.15
  9. 1.16
  10. 1.17
  11. 1.18
  12. 1.19
  13. 1.20
  14. 1.21
Crediting original
Some patches https://github.com/papermc/waterfall
Compression systems used https://github.com/Intel-HLS/GKL - https://github.com/astei/libdeflate-java
Elytrium Configuration Library - https://github.com/Elytrium/java-commons/tree/master/config/src/main/java/net/elytrium/commons/config
Creators
Owner
Collaborator
Recommended for you
#Usefull core to run on large networks, built-in all
Not yet rated
28 purchases
Advanced hub system for Paper, Spigot and forks optimized and ready with everything!
5.00 star(s) 1 ratings
17 purchases
Give a new look to your server with animated blocks from 1.8 to latest
Not yet rated
10 purchases
The Ultimate Anti-Bot, Anti-VPN and High-Performance BungeeCord Fork for Minecraft Servers
5.00 star(s) 164 ratings
2,755 purchases
Bungeecord fork: Advanced Anti-bot | Performance | Anti-Exploit | Anti-SpigotExploit (1.7-1.21)
5.00 star(s) 49 ratings
1,627 purchases
Share this resource
Help out the creator by referring your friends!
51,041 Views
519 Purchases
526 Downloads
Dec 22, 2021 Published
Jun 16, 2024 Updated
5.00 star(s)
Average rating (34)
53 MB File size
Fork of
  1. Waterfall
Supported versions
  1. 1.8
  2. 1.9
  3. 1.10
  4. 1.11
  5. 1.12
  6. 1.13
  7. 1.14
  8. 1.15
  9. 1.16
  10. 1.17
  11. 1.18
  12. 1.19
  13. 1.20
  14. 1.21
Crediting original
Some patches https://github.com/papermc/waterfall
Compression systems used https://github.com/Intel-HLS/GKL - https://github.com/astei/libdeflate-java
Elytrium Configuration Library - https://github.com/Elytrium/java-commons/tree/master/config/src/main/java/net/elytrium/commons/config
Creators
Owner
Collaborator
Recommended for you
#Usefull core to run on large networks, built-in all
Not yet rated
28 purchases
Advanced hub system for Paper, Spigot and forks optimized and ready with everything!
5.00 star(s) 1 ratings
17 purchases
Give a new look to your server with animated blocks from 1.8 to latest
Not yet rated
10 purchases
The Ultimate Anti-Bot, Anti-VPN and High-Performance BungeeCord Fork for Minecraft Servers
5.00 star(s) 164 ratings
2,755 purchases
Bungeecord fork: Advanced Anti-bot | Performance | Anti-Exploit | Anti-SpigotExploit (1.7-1.21)
5.00 star(s) 49 ratings
1,627 purchases
Top