Resource icon
Compatible operating systems
- Windows
- MacOS
- Linux
- Java
https://github.com/SpigotMC/BungeeCord
https://github.com/PaperMC/Travertine/
https://github.com/PaperMC/Waterfall
https://github.com/ebiggers/libdeflate
https://github.com/ARMmbed/mbedtls
TagsTagsanti-bot antibot antiexploit bot bungeecord exploit travertine
Note: XCord requires a license to run properly. You can obtain a license from joining the official XCord channel and verifying your ownership (Insure non-friend DM's are enabled). Verification is automated, and quick!
Description
XCord is an advanced Bungeecord fork designed for high performance, low CPU usage, and packed with a powerful anti-exploit/anti-bot (Possibly the best on the market). Contains a large collection of advanced anti-bot checks, powerful kernel level anti--Redacted-, layer 7 anti--Redacted-, and various checks to stop Bungee and Spigot exploits with ease. No longer will you have to rely on cheap hacky protection to stop attacks...
Features
- Various optimizations, highly optimized native packet compression, reduced CPU load, native encryption. Guaranteed to decrease CPU usage. Highest performance gains on mc-market, along with lowest latency possible
- Built in ping-spam protection
- Built in powerful anti-bot designed to withstand large attacks, while keeping the Bungeecord at a low CPU level
- Configurable compression strength
- 1.7+ protocol support
- Anti-bungee/TCP exploit system: Blocks many exploits that aren't even publicly known. (No known bypasses)
- Anti-spigot/mc-server exploit system: This bungeecord comes with an optional module that blocks Jessica/Payload/Spigot-Cracker/NBT-bomb/spam exploits. There's no known bypass, and it's extremely lightweight.
- High performance blacklist system (With optional IPSet support)
- Non-interfering, no captchas. All checks complete in a matter of SECONDS
- Designed with performance, and false positives being the main objective.
- Option to filter logs ONLY during bot attacks
- /xcordreload command for reloading the config without having to reboot the entire network
- Option to use a high performance Anti-VPN system with multiple different API's to chose from (Paid or free)
- COMPLETELY CONFIGURABLE (Around ~200+ configuration lines (xcord.yml))
- Packet batching system to increase network stability, and decrease native load
- Optimized network thread handling/creation
- Option to only pass connections deemed as legitimate through plugins (Like JPremium, SkinRestorer, etc) using the passthrough option. Will also only pass non-bot users through Mojang's API, preventing your server from being ratelimited!
- Powerful kernel level country blocker option. VERY useful against large -Redacted- DoS attacks
- Optimized DNS resolving capability (+NIO) to insure high performance multi-thread performance, and prevent pointless DNS querying. Also has TCP failover support
- Supports dynamic IP resolution for downstream servers (Often called DynDNS)
- Many unique techniques never used before in anti-bot software leading to impressive CPS handling with ease
- Ability to handle well over 100k+ connections per second (Tested on an OVH dedicated server, unable to crash or lag at any CPS rate we tried)
- Smart Geyser Support, standalone or plugin
- Log4J expression filtering
- Pterodactyl/Docter support, with IPSet/IPtables integration
- Comes with XProtect security suite to protect your server from DoS attacks, or bruteforce attempts
- Super simple API (Further explained in the discord)
- Optional passive/inline memory leak detection system capable of detecting a large range of memory leaks caused by plugins
Modern minecraft server's are plagued by increasingly more and more powerful botting programs designed to down the server in seconds. XCord however provides a powerful anti-bot solution programmed directly into the roots of Bungeecord with the ability to migrate these attacks without hindering the performance of your server.
Currently, it consists of multiple fixes and checks all of which can be configured, and disabled if you choose to
Checks
- Connection speed: Prevents bots from pinging, or connecting too rapidly
- Login speed: Prevents bots from logging in rapidly from multiple accounts
- Slow-Bot: Checks whether a connection is acting like a bot. Designed to catch slow bots, and Non-Minecraft clients.
- Chat-Check: Checks for /register or /login bots
- DNS-Check: Checks whether a player directly connected to your IP, or connected through your domain
- Linux-Check: Checks whether a connection potentially came from a Linux computer
- Random/Pattern names: Detects randomized names, patterns in names, and so on. Not a list of pre-defined names like most anti-bots use
- Anti-VPN check: Checks whether a connection is a proxy and or VPN using web-databases
- Verification check: Verifies whether the connection is coming from an actual minecraft client without needing to use a fake lobby. Optional alternative to the fake lobby check, but still very powerful
- Advanced Fake Lobby Check: Tests whether the client responds to collision, protocol checks, gravity, etc, in a virtual lobby before allowing them into the lobby server. Only takes around ~3 seconds to complete!
- Latency check: Block connections exceeding a configured limit. Very useful for blocking slower proxies, or exhaustion attacks
- Timeout check: Blacklists connections who are abusing the minecraft protocol by spamming handshakes without ever completing them. This is already fixed by XCord, but having this additional check allows some extra protection against certain bots.
- Passthrough: (Disabled by default) When a new player joins, passes them through ALL of XCord's many anti-bot checks. If they make it through without detection, they're disconnected, and can re-join normally. This prevents bots from overloading encryption/mojang-requests, plugins like JPremium, Skin Restorer, etc. EXTREMELY useful for all types of servers, including premium to prevent Mojang ratelimits.
- Network exhaustion prevention: Will prevent bots from slowly sending data/packets in order to exhaust your server
- Ping/MOTD spam prevention: Caches MOTD generation and other ping related functionality to prevent ping spams from using tons of resources. Plugins generating MOTD packets usually take up to an insane 1ms, which can significantly impact performance during attacks.
- Global blacklist: Contains thousands upon thousands of pre-blacklisted IPs from public proxies and popular botting programs. Also contains thousands of premium proxies from various sources.
- Low Level Connection Verifier: Uses low level native code to verify whether a connection is coming from a potentially harmful host. Highly configurable, but only works on Linux servers.
- Native network proxy detection: Uses native code to validate whether a connection came through a proxy. Atm, there's no known bypasses to this system although it requires Linux due to API requirements (Otherwise the check will disable it's self). Zero databases used.
- Native network VPN detection: Once more, uses native code to verify whether a connection came from a VPN, or proxy. This system detects popular VPN protocols very easily.
- Statistics website + Webhook support: No time to check your logs? Just click the link the webhook issues to view an attack's statistics, example: https://stats.xcord.world/?service=1&id=6lgd5g.json
- MOTD minifier: XCord will dynamically reduce your MOTD (ping) length through advanced PNG compression algorithms to reduce the bandwidth used by these packets during attacks by up to 200%* in some cases. Your users will most likely not even be able to notice a difference, and you don't need to sacrifice anything in return!
Never done before in ANY public anti-bot, XCord includes several checks that monitor the native TCP connection to check for abnormalities generally seen with proxies and most forwarded connections. Highly configurable, and incredibly powerful. Although due to this being native, it's only avaiable for users hosting their servers on Linux (Which should be nearly all of you I hope!).
Spigot Anti-Exploit
More and more exploits are coming out and server owners are being forced to use heavy anti-exploit plugins on all their spigot instances. XCord luckily has it's own built in anti-exploit module designed for performance, and efficient exploit blocking! Currently, no known (to me) clients have the ability to bypass XCord's powerful anti-crash exploit blocker. Easily adjustable to prevent falses.
XCord also filters Log4J expressions from reaching your Spigot server. Although it's still highly recommended that you patch it manually on the Spigot server due to plugins maybe having a Log4J vulnerability.
Bungeecord Anti-Exploit
With the recent discovery of various vulnerabilities on Bungeecord, it's no longer optional to run a network without some level of exploit protection. XCord fixes all known Bungeecord/Netty/Buffer vulnerabilities, and appends all offending addresses to a blacklist in order to rapidly migrate any attack.
Anti-VPN System
XCord comes with a built in anti-vpn/proxy solution to help cut down on hackers and or bots. Unlike most other anti-vpn solutions, this system will not bog down networking threads, and will not allow it's self to become saturated by instantly executing HTTP queries to several API's. On top of that, it also contains a cache system to prevent using up all your API calls.
Configuration example
Code:
anti-vpn:
enabled: true
blocked-asn:
- 20001
blocked-country:
- CHN
save-interval: 3600
purge-interval: 86400
purge-age: 2592000
blacklist-on-detection: false
only-blacklist-on-detection-during-attack: true
initial-connection-checkenabled: true
initial-connection-checkonly-during-bot-attack: true
initial-connection-checkcache-only: true
proxycheckerio-api:
enabled: true
arguments: '&risk=1&vpn=1&asn=1&tag={name}'
key: '34534627234534'
iphub-api:
enabled: true
key: '3463453453463453'
blackbox:
enabled: true
Anti-VPN Commands
- /xvpn (Base command) [xcord.command.vpn]
- /xvpn whitelist (Whitelist IP/name from check) [xcord.command.whitelistproxy]
- /xvpn listwhitelisted (List whitelisted entries) [xcord.command.whitelistproxy]
- /xvpn unwhitelist (Unwhitelist IP/name) [xcord.command.whitelistproxy]
The most efficient way to block malicious TCP connections is with the IPTable. XCord will utilize a program called IPSet to blacklist connections if your server is running on ROOT (Or my XProtect software), and you've enabled it in the config "ipset-blacklisting: true". XCord also uses a unique blacklisting system that no other anti-bot uses to lower kernel CPU time.
XCord will otherwise use a low level (Low level in terms of netty) blacklisting system to quickly terminate malicious connections. Although when dealing with massive -Redacted- attacks, it's highly recommended to enable ipset blacklisting.
XCord also provides a bridge software if you do not want to run on ROOT, or are using Docker/Pterodactyl that allows you to still use ALL of XCord's functionality that requires privledged access
Packet Batching
XCord will attempt to use controlled flushing to send packets in batches instead of instantly flushing them. Most modern Spigot forks such as PaperSpigot, Tuinity, NachoSpigot, etc, will THRIVE with this enhancement. Unlike other proposed/applied implementations, this system is extremely fast, with no overhead, no added latency, or compatibility issues.
Largely increases network stability, and reduces CPU/memory usage. SIGNIFICANTLY thrives in high population areas with a lot of entities moving about.
Global Blacklist
XCord utilizes over 50 scraper bots to constantly find new malicious proxies and add them to a global blacklist. XCord will download the blacklist from XCord's HTTP server, and deny all the addresses listed in the blacklist using IPSet + IPTables (Or just layer 7 if you don't have IPTables) on a configurable interval. Currently consists of over ~200k+ active proxies, with more being constantly added every hour
For those who have already bought XCord, this option comes HIGHLY recommended as some bots exceed 120k connections in under just a couple of seconds.
Optimization
XCord is the most optimized bungee fork on mc-market. It makes several optimizations to Bungeecord, ranging from compression, threading, DNS resolution, packet processing system, to the internals of Bungeecord. Squeezing every bit of performance out of every functionality of Bungeecord to allow users to host thousands of concurrent players on a single machine without sacrificing anything. While virtually all works who make such large optimizations sacrafice plugin compatibility, XCord is designed in such a way to avoid issues with plugins like ViaVersion, protocolize, and so on. XCord also ships with an advanced DNS resolver to prevent resolution failure, or instability during DoS attacks.
XCord comes with more optional performance boosts in the config if your plugins are compatible (No ViaVersion on Bungeecord for instance). With everything enabled, XCord may reach, or even exceed Velocity's performance
Kernel Level Country Blocking
A common issue with hosting a server is having to deal with MASSIVE DoS attacks from thousands of different IP's. Generally from compromised servers/computers, or proxies. These attacks are swift to deliver any heavy payload to your server, quickly saturating your server's network. While the global-blacklist option is suitable for blocking a large percentage of these DoS attacks, XCord also comes with a country blocker which will DROP the connection before it's able to establish and deliver a payload! This is critical for stopping a large percent of DoS attacks that bypass OVH's migration.
This feature DOES require IPTables and ROOT (Or my XProtect software)! Without these, XCord will be stuck on layer 7!
Anti-DoS Filter
Similar to how Hetzer's anti--Redacted- works, XCord will quickly activate a DoS filter during attacks against your Minecraft port. When the attack ends, this module will unload it's self. Very useful for powerful -Redacted- attacks, especially the few that have been going around lately that use hundreds of different Oracle servers.
Configuration
XCord's default config consists of over 200+ lines (Not counting comments)! Virtually every functionality of XCord can be customized, or disabled. A detailed description of each configurable option is downloadable in the official XCord Discord channel (Must verify to see)
Compatibility
I strive to make XCord as compatible as possible with other plugins. XCord is/should-be compatible with every plugin, including Geyser, ViaVersion, protocolize, and various other heavy plugins. XCord does this using modular systems that can easily be modified or disabled if need be, and nearly all performance optimizations that aren't configurable are coded in such a way to support any plugin. If approched with a compatibility issue, I will try to quickly fix said issue.
XCord also has built-in support for HAProxy software, regardless of how the network is setup. Want to use TCPShield, Cloudflare spectrum, or an alternative? No problem.
XCord will automatically adjust it's self depending on your OS, and OS related software.
XProtect
XCord also comes with a free license for XProtect. A software designed to protect your entire machine rather then just your Minecraft server. It comes with several filters, with highly customizable triggers, an encrypted secure bridge for XCord to blacklist on iptables without needing root, and even a system to automatically ban malicious SSH/SFTP login attempts on your server or bruteforces.
XProtect ALONE has successfully migrated several very powerful DoS attacks from popular booters like GameStressor, and popular methods like OVH Gaming (Requires some minor changes to OVH's firewall too to block this specific attack!)
Lastly, this software can be used to sync your bot blacklist to multiple servers. It's usually used on HAProxy setups where someone has a couple frontend servers that handle traffic and forward it to their Bungeecord.
Commands
- /xcord reload: Reloads the configuration
- /xcord clearblacklist: Manually resets the blacklist
- /xcord clearwhitelist: Manually resets the whitelist
- /xcord whitelist: Manually whitelists a specified user
- /xcord testcompression <time> [minSize]: Tests all compression levels so you can find the best performance/size ratio for your server in seconds
- /timedelayedevents: Outprints the time plugins take to process events. Very useful for figuring out what's bogging down your initial logins and proxy. Similar to /timings on Spigot, but no web-gui (Yet)
- /testmemory: Have XCord outprint details about your memory usage. It'll also print out garbage collection events. This is useful for figuring out lag caused by memory consumption/leak issues.
- /xvpn: Command tree for managing VPNs
1.7-1.20.2+ (Will be updated as Bungeecord is updated)
Why XCord Over Others
- Innovation: As a developer of over 10 years now, I strive to constantly think outside the box and add fresh new software/checks that have never been publicly done before on Minecraft.
- Updates: XCord is always receiving updates as bot software become more and more powerful
- Minecraft Protocol updates: XCord nearly always updates the SAME DAY as Mojang updates. This can't be said about most forks on mc-market. Protocol updates are always released on discord before mc-market
- Support: Our discord channel provides swift and easy to understand support for all customers. Including large write-ups for issues or configuration explanation
- Incredibly powerful: Our XCord test servers have yet to be taken offline by bots, even by the largest attacks.
- No captchas: XCord uses various native, and mc-protocol checks to validate bots requiring ZERO input from your users. Bypasses are usually fixed within a week at most. Captchas, no matter the complexity, can be easily solved using a neural network or classifier.
- Honesty: You get what you get. I don't have to lie or pretend that micro-optimizations are going to help your server to any degree. How often do you see a Spigot fork claiming "NO_TCP_DELAY SUPPORT!", when in reality Mojang added the flag in 1.8 themselves.
- Not Greedy: No network connection? XCord server down? Regardless, XCord will start unlike most (all?) licensed premium software on mc-market. You may also use a single license on multiple servers as long as you own the Minecraft server! No sponserships unless I actually believe their product is good, and no paid/fake/asked-for reviews. On top of all that, I offer refunds to dissatisfied users or those having issues with the software.
Discord
https://discord.gg/2dPr8f8GND
(All support is conducted through discord, along with early pre-releases, join!)
XCord blacklisting an entire "50k CPS" attack from one of the strongest botters on the market in seconds (Advertised as 50K CPS plan). (This is using XCord's unique kernel blacklisting method which requires root + Linux)
XCord's IPTables builder website to make securing your server effortless
NOTE: XCord may require configuration (xcord.yml) in order to properly run without minor Anti-bot false positives on your server. It may not just be a drop in replacement for Bungeecord if you've got a strange server setup. A comprehensive configuration write up is available on XCord's discord channel. There are many more performance options included with XCord that will boost performance assuming plugins are compatible with them.
NOTE: XCord is considered to be a LINUX application. Although it will function good Windows/Mac, protection/performance will be not be as powerful due to not having access to certain OS related features. This is not specific to XCord, rather applies to ALL software. Windows doesn't have epoll, ipset/iptables, and has poor thread scheduling. Please consider this before buying XCord
NOTE: XCord, Bungeecord, and Waterfall are not optimized for ARM architecture. I highly recommend you use Velocity instead if you are using ARM for some reason. Regardless, consider using x86-64 architecture due to ARM having several performance downfalls on most software atm