ExploitShield -----
Stop piston dupes, hopper dupes, pearl glitches, and more—all automatically.ExploitShield Anti-Grief & Exploit/Crash Protection!
ExploitShield [FREE] – Advanced Exploit & Crash Protection
Protect your Minecraft server from duplication glitches, crash exploits, and malicious packets — fully automatic.
Need ProtocolLib Version 5.4.0. (PacketEvents 2.12.2)
ExploitShield is a high-performance anti-exploit plugin designed to stop common and advanced exploits.
This plugin is built as a high-end anti-duplication engine, not a basic fix.
ExploitShield is designed to mitigate a wide range of known duplication exploits through behavioral analysis, packet validation, rate limiting, and server-side consistency checks.
While no anti-exploit solution can guarantee complete protection against every emerging exploit, ExploitShield focuses on reducing exploitability while maintaining gameplay stability and low false positives.
Key Features
✅ Duplication Protection
✅ Behavioral & Packet Analysis (Hamster Engine)
✅ TabComplete Protection
Our goal is to block exploits and suspicious packets in order to prevent server crashes and malicious abuse.
Because of this, in some cases legitimate players may experience minor inconvenience due to the strict protection system.
Critical packets are now inspected before Bukkit-level processing, preventing malformed or malicious data from reaching internal server handlers.
In the latest version, ExploitShield introduces enhanced protection mechanisms for newly discovered exploits and duplication methods. By leveraging ProtocolLib and PacketEvents, the plugin now actively monitors and neutralizes suspicious actions at the packet level, ensuring robust defense against emerging threats without affecting normal gameplay.
Previously, certain NBT payloads were processed internally by the server before plugins could intercept them, making some crashes and exploits unavoidable. In this update, ExploitShield can intercept and analyze NBT data at the source, before it is processed by the server, thanks to ProtocolLib and PacketEvents integration. This ensures maximum protection against malicious items, payloads, and NBT-based crashes.
Tested under real-world multiplayer environments with packet-heavy activity, automation systems, and exploit simulation scenarios.
Why ExploitShield?
✔ Free
✔ Research-driven protection architecture
✔ Packet-level exploit mitigation
✔ Stability-focused design philosophy
✔ Continuous security improvements
✔ Real exploit research
✔ Actively maintained
✔ Designed with professional anti-cheat architecture principles
✔ Concurrent use of ProtocolLib and PacketEvents
✔ This plugin is built as a high-end anti-duplication engine, not a basic fix.
✔ ExploitShield is designed to mitigate a wide range of known duplication exploits using behavioral analysis, packet validation, rate limiting, and server-side consistency checks.
✔ Designed for survival redstone-heavy servers
✔ No interference with legitimate farms
✔ Tested with 30+ redstone machines
Extensive Testing & Stability
ExploitShield has been extensively tested across Minecraft versions 1.17 through 1.21, including real-world scenarios involving malicious clients, exploit tools, and attack simulations.
All tests were conducted in Strict mode using ProtocolLib and PacketEvents API, ensuring that the plugin handles packet-level exploits and advanced abuse cases reliably.
During these tests, the plugin demonstrated high detection accuracy and stability, successfully blocking abusive behavior without causing false positives for legitimate players.
All protections are designed with strict validation, rate-based analysis, and safe thresholds, ensuring strong security while preserving normal gameplay.
Tested Against Modern Cheat Clients
ExploitShield has been stress-tested in real-world multiplayer environments against some of the most widely used modified Minecraft clients.
During controlled testing scenarios, the plugin successfully prevented crash attempts, exploit packets, and malicious payload behaviors without server instability or critical false positives.
✔ Meteor Client
✔ Xynis Client
✔ FDP Client
✔ BetterCraft
✔ SmogProf Client
No successful crash, packet-based exploit, or instability was observed under Strict Mode configurations.
⚠ Note: Results may vary depending on server configuration, enabled modules, and strictness settings.
Works on Folia, Spigot, and Paper servers. ✅
![[IMG]](//proxy.spigotmc.org/be2cdfe3d3edbdf4107d1b53260620766fc2e5c3/68747470733a2f2f692e706f7374696d672e63632f4770526d53566d4e2f53637265656e73686f742d323032362d30362d30332d3137353331312e706e67)
![[IMG]](//proxy.spigotmc.org/53f99cc156cb0c7b5b46fc1081040756aae8b400/68747470733a2f2f692e706f7374696d672e63632f73663579624b624b2f53637265656e73686f742d323032362d30362d30332d3137343832332e706e67)
![[IMG]](//proxy.spigotmc.org/92668098d7527e94cace64fb80bcf2576422254a/68747470733a2f2f692e706f7374696d672e63632f72466447383043682f53637265656e73686f742d323032362d30362d30332d3137343835362e706e67)
INSTALLATION
1. Download and install ProtocolLib
2. Download and install PacketEvents
3. Place ExploitShield.jar into your plugins folder
4. Restart your server
5. Your server is now protected and ready to go.
bStats
https://bstats.org/plugin/bukkit/EZExploitFixer/28681
PREMISSIONS/COMMANDS
/exploitshield (Display Command List)
/exploitshield reload (Reload Config)
/exploitshield status (Display Plugin Status)
/exploitshield fixlist (Show Fix List)
/exploitshield debug (Debug)
/exploitshield gui (Display GUI)
/exploitshield profile <Player Name> (Display exploit profile)
exploitshield.use
exploitshield.reload
exploitshield.read.alert
exploitshield.alert.*
exploitshield.joininfo
DISCORD SUPPORT
https://discord.gg/xhV6FPfe92
WE NEED YOU
We need your support to be able to provide bigger updates and grow with your support, so please leave a comment if you see a bug or like the plugin
Why Didn’t We Use HamsterAPI?
We chose not to use HamsterAPI because it is primarily designed for detecting player movement and behavior patterns, not for deep packet-level protection or crash/exploit prevention. While HamsterAPI is useful for motion monitoring, relying solely on it wouldn’t provide the comprehensive server protection we wanted.
Instead, we implemented ProtocolLib + PacketEvents, which allows deep, low-level monitoring and control of network packets. With these tools, ExploitShield can:
How does it work against packets?
![[IMG]](//proxy.spigotmc.org/0563f4dcd7dd04be5436d68abb8635943ea68bcf/68747470733a2f2f73382e7575706c6f61642e69722f66696c65732f636861746770745f696d6167655f6665625f32362c5f323032362c5f30365f33385f35335f706d5f633936652e706e67)
Download Now To Protect Your Server !
package its.rango.exploitshield ;
import com.github.retrooper.packetevents.PacketEvents ;
import io.github.retrooper.packetevents.factory.spigot.SpigotPacketEventsBuilder ;
import its.rango.exploitshield.commands.Commands ;
import its.rango.exploitshield.commands.ESCommand ;
import its.rango.exploitshield.gui.GUIManager ;
import its.rango.exploitshield.listeners.* ;
import its.rango.exploitshield.listeners.dupes.ContainerEntityChunkDuplicationListener ;
import its.rango.exploitshield.listeners.dupes.PistonDuplicationListener ;
import its.rango.exploitshield.listeners.dupes.PlayerDuplicationListener ;
import its.rango.exploitshield.metrics.MetricsLoader ;
import its.rango.exploitshield.metrics.MetricsManager ;
import its.rango.exploitshield.netty.NettyCleanupListener ;
import its.rango.exploitshield.netty.NettyInjectListener ;
import its.rango.exploitshield.packet.* ;
import its.rango.exploitshield.packet.badpackets.* ;
import its.rango.exploitshield.packet.hamster.HamsterEngine ;
import its.rango.exploitshield.profile.PlayerProfileManager ;
import its.rango.exploitshield.profile.ProfileStorage ;
import its.rango.exploitshield.util.ConfigUtils ;
import its.rango.exploitshield.util.FileUtils ;
import its.rango.exploitshield.util.UpdateChecker ;
import its.rango.exploitshield.util.Violation ;
import org.bukkit.Bukkit ;
import org.bukkit.ChatColor ;
import org.bukkit.command.PluginCommand ;
import org.bukkit.entity.Player ;
import org.bukkit.event.HandlerList ;
import org.bukkit.plugin.java.JavaPlugin ;
import java.io.File ;
import java.io.FileWriter ;
import java.io.IOException ;
import java.util.Date ;
public class ExploitShield extends JavaPlugin {
private static ExploitShield instance ;
private UpdateChecker updateChecker ;
private BookCrashListener bookListener ;
private Violation violationManager ;
private boolean protocolLibAvailable ;
private boolean packetEventsAvailable ;
@Override
public void onLoad ( ) {
printLoadBanner ( ) ;
protocolLibAvailable =
Bukkit. getPluginManager ( ). getPlugin ( "ProtocolLib" ) != null ;
packetEventsAvailable =
Bukkit. getPluginManager ( ). getPlugin ( "packetevents" ) != null ;
getLogger ( ). info ( "ProtocolLib: " + protocolLibAvailable ) ;
getLogger ( ). info ( "PacketEvents: " + packetEventsAvailable ) ;
}
@Override
public void onEnable ( ) {
printStartupBanner ( "Starting up" ) ;
long before = System. currentTimeMillis ( ) ;
if ( !protocolLibAvailable ) {
getLogger ( ). severe ( "ProtocolLib is required but not found!" ) ;
getLogger ( ). severe ( "Disabling ExploitShield..." ) ;
getServer ( ). getPluginManager ( ). disablePlugin ( this ) ;
return ;
}
instance = this ;
initViolationManager ( ) ;
handleLanguageConfig ( ) ;
ConfigUtils. reload ( this ) ;
JoinPacketListener. load ( this ) ;
ProfileStorage. init ( ) ;
initProtocolLib ( ) ;
initPacketEvents ( ) ;
initCrashSystem ( ) ;
initCommands ( ) ;
initListeners ( ) ;
registerBadPacketListeners ( ) ;
preloadOnlineProfiles ( ) ;
initUpdateChecker ( ) ;
initMetrics ( ) ;
PlayerDuplicationListener dupeListener = new PlayerDuplicationListener ( this ) ;
getServer ( ). getPluginManager ( ). registerEvents (dupeListener, this ) ;
dupeListener. startCleanupTask ( ) ;
printEnabledBanner ( ) ;
long time = System. currentTimeMillis ( ) - before ;
logConsole ( "Plugin enabled in " + time + "ms" ) ;
}
@Override
public void onDisable ( ) {
PacketEvents. getAPI ( ). terminate ( ) ;
PlayerProfileManager. shutdown ( ) ;
HamsterEngine. clearAll ( ) ;
PlayerDuplicationListener dupeListener = new PlayerDuplicationListener ( this ) ;
if (dupeListener != null ) {
dupeListener. stopCleanupTask ( ) ;
HandlerList. unregisterAll (dupeListener ) ;
}
printShutdownBanner ( ) ;
}
private void initViolationManager ( ) {
this. violationManager = Violation. getInstance ( this ) ;
this. violationManager. loadConfig ( ) ;
}
private void initPacketEvents ( ) {
if ( !packetEventsAvailable ) {
getLogger ( ). warning ( "PacketEvents not installed - skipping packet features" ) ;
return ;
}
try {
PacketEvents. setAPI (SpigotPacketEventsBuilder. build ( this ) ) ;
PacketEvents. getAPI ( ). load ( ) ;
PacketEvents. getAPI ( ). init ( ) ;
getLogger ( ). info ( "PacketEvents enabled" ) ;
} catch ( Exception e ) {
getLogger ( ). severe ( "PacketEvents failed: " + e. getMessage ( ) ) ;
}
}
private void initCrashSystem ( ) {
if ( !packetEventsAvailable || PacketEvents. getAPI ( ) == null ) {
getLogger ( ). warning ( "Crash system disabled (PacketEvents not ready)" ) ;
return ;
}
CrashPacket. init ( ) ;
Bukkit. getPluginManager ( ). registerEvents ( new CrashPacket ( ), this ) ;
TabCompleteGuard. init ( ) ;
PacketEvents. getAPI ( ). getEventManager ( ). registerListener ( new HamsterPacketListener ( ) ) ;
PacketEvents. getAPI ( ). getEventManager ( ). registerListener ( new UltraSafePacketListener ( ) ) ;
}
private void initCommands ( ) {
PluginCommand main = getCommand ( "exploitshield" ) ;
if (main != null ) {
Commands executor = new Commands ( ) ;
main. setExecutor (executor ) ;
main. setTabCompleter (executor ) ;
}
PluginCommand es = getCommand ( "es" ) ;
if (es != null ) {
ESCommand executor = new ESCommand ( ) ;
es. setExecutor (executor ) ;
es. setTabCompleter (executor ) ;
}
}
private void initListeners ( ) {
BookCrashListener. load ( this ) ;
bookListener = new BookCrashListener ( ) ;
Bukkit. getPluginManager ( ). registerEvents (bookListener, this ) ;
registerOtherListeners ( ) ;
}
private void initProtocolLib ( ) {
if ( !protocolLibAvailable ) return ;
try {
PacketManager. init ( ) ;
StrictNBTInterceptor. init ( ) ;
getLogger ( ). info ( "ProtocolLib enabled" ) ;
logConsole ( "ProtocolLib packet protection ENABLED" ) ;
logConsole ( "ProtocolLib Protection ENABLED" ) ;
logConsole ( "Strict NBT Interceptor ENABLED" ) ;
} catch ( Exception e ) {
getLogger ( ). warning ( "ProtocolLib init failed: " + e. getMessage ( ) ) ;
}
}
private void initUpdateChecker ( ) {
updateChecker = new UpdateChecker ( this ) ;
updateChecker. check ( ) ;
Bukkit. getPluginManager ( ). registerEvents (
new UpdateJoinListener ( this, updateChecker ),
this
) ;
}
private void initMetrics ( ) {
MetricsLoader. init ( this ) ;
MetricsManager. loadFromConfig ( ) ;
}
private void preloadOnlineProfiles ( ) {
for (Player p : Bukkit. getOnlinePlayers ( ) ) {
PlayerProfileManager. getProfile (p. getUniqueId ( ) ) ;
}
}
private void registerBadPacketListeners ( ) {
var manager = PacketEvents. getAPI ( ). getEventManager ( ) ;
manager. registerListener ( new BadPacketA ( ) ) ;
manager. registerListener ( new BadPacketB ( ) ) ;
manager. registerListener ( new BadPacketC ( ) ) ;
manager. registerListener ( new BadPacketD ( ) ) ;
manager. registerListener ( new BadPacketE ( ) ) ;
manager. registerListener ( new BadPacketF ( ) ) ;
manager. registerListener ( new BadPacketG ( ) ) ;
manager. registerListener ( new BadPacketH ( ) ) ;
manager. registerListener ( new BadPacketI ( ) ) ;
manager. registerListener ( new BadPacketJ ( ) ) ;
manager. registerListener ( new BadPacketK ( ) ) ;
manager. registerListener ( new BadPacketL ( ) ) ;
manager. registerListener ( new BadPacketM ( ) ) ;
manager. registerListener ( new BadPacketN ( ) ) ;
manager. registerListener ( new BadPacketO ( ) ) ;
manager. registerListener ( new BadPacketP ( ) ) ;
manager. registerListener ( new BadPacketQ ( ) ) ;
}
private void registerOtherListeners ( ) {
Bukkit. getPluginManager ( ). registerEvents ( new PistonDuplicationListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new InventoryMoveListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new ExplosionListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new EnderPearlListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new ItemSalvageListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new CrashProtectionListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new SignCrashListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new PacketRateLimiter ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new GriefLavaListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new PlayerPaceListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new EntitySpamListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new GUIManager ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new ClientIntegrity ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new CommandCrashListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new NettyInjectListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new NettyCleanupListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new ContainerEntityChunkDuplicationListener ( this ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new PlayerJoinProfileListener ( ), this ) ;
getServer ( ). getPluginManager ( ). registerEvents ( new ItemNBTListener ( ), this ) ;
}
private void handleLanguageConfig ( ) {
getDataFolder ( ). mkdirs ( ) ;
File configFile = new File (getDataFolder ( ), "config.yml" ) ;
if ( !configFile. exists ( ) ) {
String lang = getConfig ( ). getString ( "language", "en" ). toLowerCase ( ) ;
String resource = lang. equals ( "fa" )
? "config_fa.yml"
: "config_en.yml" ;
FileUtils. copyResourceToDataFolder ( this, resource, "config.yml" ) ;
}
reloadConfig ( ) ;
ConfigUtils. reload ( this ) ;
}
private void printLoadBanner ( ) {
logBanner ( "Loading...", ChatColor. DARK_GREEN ) ;
}
private void printStartupBanner ( String state ) {
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. GOLD + "[ExploitShield] " + ChatColor. DARK_GREEN + state ) ;
}
private void printEnabledBanner ( ) {
logBanner ( "Enabled! ", ChatColor. GREEN ) ;
}
private void printShutdownBanner ( ) {
logBanner ( "Disabled! ", ChatColor. DARK_RED ) ;
}
private void logBanner ( String status, ChatColor statusColor ) {
getServer ( ). getConsoleSender ( ). sendMessage ( "" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=====================================" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " ExploitShield " + statusColor + " " + status + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " Version: " + ChatColor. RED + getDescription ( ). getVersion ( ) + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " Depend: " + ChatColor. RED + getDescription ( ). getDepend ( ) + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " SoftDepend: " + ChatColor. RED + getDescription ( ). getSoftDepend ( ) + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " Lead Dev: " + ChatColor. RED + "Its_Rango " + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " Co Devs: " + ChatColor. RED + "S_S_God, Smilelectern_YT" + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=====================================" ) ;
getServer ( ). getConsoleSender ( ). sendMessage ( "" ) ;
}
private void logConsole ( String msg ) {
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. GOLD + "[ExploitShield] " + ChatColor. GREEN + msg ) ;
}
private void logConsole ( String msg, ChatColor color ) {
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. GOLD + "[ExploitShield] " + color + msg ) ;
}
public static ExploitShield getInstance ( ) {
return instance ;
}
public Violation getViolationManager ( ) {
return violationManager ;
}
public String color ( String str ) {
return ChatColor. translateAlternateColorCodes ( '&', str ) ;
}
private void logError ( String title, Throwable t ) {
File logDir = new File (getDataFolder ( ), "logs" ) ;
if ( !logDir. exists ( ) ) logDir. mkdirs ( ) ;
File logFile = new File (logDir, "error.log" ) ;
try ( FileWriter writer = new FileWriter (logFile, true ) ) {
writer. write ( "[" + new Date ( ) + "] " + title + "\n" ) ;
writer. write (t. toString ( ) + "\n" ) ;
for (StackTraceElement element : t. getStackTrace ( ) ) {
writer. write ( " at " + element + "\n" ) ;
}
writer. write ( "\n" ) ;
} catch ( IOException e ) {
getLogger ( ). severe ( "Error writing to error log: " + e. getMessage ( ) ) ;
}
}
}
# ==================================================
# ExploitShield
# Advanced Anti-Exploit
# Lead Dev: Its_Rango
# Co Devs: S_S_God, Smilelectern_YT
# ==================================================
language : en #en/fa
enabled : true
# --------------------------------------------------
# GLOBAL MODE
# strict_mode:
# true = Block & cancel suspicious actions
# false = Adjust, log, and allow safe behavior
# --------------------------------------------------
strict_mode : true
# --------------------------------------------------
# JOIN INFO
# --------------------------------------------------
join-info:
message : "&6ExploitShield &7» &a{player} &fjoined whit using &a{brand} &fand version &a{version}"
# --------------------------------------------------
# EXPLOIT FIXES
# --------------------------------------------------
fixes:
offline_quit_dupe : true
dupe_chain : true
item_signature : true
creative_inventory_dupe : true
minecart_duplication : true
chunk_teleport_dupe : true
container_furnace_dupe : true
sticky_tnt_dupe : true
hopper_dupe : true
slimeblock_dupe : true
boat_armorstand_dupe : true
piston_dupe : true
bed_explosion_dupe : true
ender_pearl_glitch : true
nether_roof_glide : true
item_salvage_exploit : true
item_nbt_limit : true
anti_phase : true
client_integrity : true
vehicle : true
inventory_abuse_detection : true
inventory:
max_clicks : 55
window_ms : 1500
block_update_dupe:
enabled : true
limit : 30
window : 2000 # ms
dupe:
offline:
enabled : true
# Time window to check for recent quit (milliseconds)
window_ms : 1500
chain:
enabled : true
# Time window for tracking dupe actions (milliseconds)
window_ms : 3000
# Number of actions within window to trigger alert
limit : 5
chunk :
# Time window for chunk activity (milliseconds)
window_ms : 3000
# Maximum activity rate within window
rate : 10
item :
# Number of identical items to trigger detection
repeat : 5
inventory :
# General inventory exploits
general : true
# Creative mode inventory exploit
creative : true
# Chunk boundary abuse detection
# WARNING: May false positive when players legitimately move items
# Recommended: false for production servers
boundary:
check : true
# Reincarnation detection (entity death respawn with same items)
# WARNING: May false positive on normal gameplay
# Recommended: false for production servers
reincarnation:
check : false
equip:
rate_limit_ms : 150
# Kick player on dupe detection
kick : false
client_integrity:
ghost_item : true
no_swing_attack : false # Set this to false if your server is PvP-focused.
multi_hit : false # Set this to false if your server is PvP-focused.
item:
max_total_nbt_size : 8000
# --------------------------------------------------
# PACKETS
# --------------------------------------------------
packet :
# ================================================
# BOOK LIMITS
# ================================================
max_book_pages : 80
max_book_page_size : 1536
max_total_book_size : 24576
# ================================================
# CHAT & TEXT LIMITS
# ================================================
max_chat_length : 384
# ================================================
# ITEM & NBT LIMITS
# ================================================
max_item_nbt_size : 6144
max_item_amount : 127
max_pdc_keys : 24
# ================================================
# TAB-COMPLETER
# ================================================
MAX_TAB_LENGTH_WARN : 250
MAX_TAB_LENGTH_CRITICAL : 500
BASE_COOLDOWN_TICKS : 0
DEBUG_MODE : false
# --------------------------------------------------
# ITEM NBT
# --------------------------------------------------
item_nbt :
# =========================
# CHECK COOLDOWN
# =========================
cooldown_ms : 200
# =========================
# GLOBAL NBT LIMIT
# =========================
max_nbt_size : 8192
# =========================
# DISPLAY NAME
# =========================
max_name_length : 96
# =========================
# LORE
# =========================
max_lore_lines : 20
max_lore_length : 256
# =========================
# BOOKS
# =========================
max_pages : 100
max_page_length : 2500
max_unicode_chars : 60
# =========================
# ENCHANTS
# =========================
max_enchants : 24
max_enchant_level : 15
# =========================
# ATTRIBUTES
# =========================
max_attributes : 24
# =========================
# FLAGS
# =========================
max_item_flags : 16
# =========================
# PDC
# =========================
max_pdc_keys : 48
# =========================
# STACK SIZE
# =========================
max_stack_size : 127
# --------------------------------------------------
# LIMITS
# --------------------------------------------------
nether:
limit_y : 128.0
ender_pearl:
limit_y : 256.0
# --------------------------------------------------
# LOGGING
# --------------------------------------------------
logging:
suspicious_actions : true
# --------------------------------------------------
# ALERTS
# --------------------------------------------------
alerts:
enabled : true
on : "&7[&6&lExploitShield&7] &7» &aAlerts enabled."
off : "&7[&6&lExploitShield&7] &7» &cAlerts disabled."
discord:
enabled : true
webhook : "PUT_YOUR_WEBHOOK_URL_HERE"
# --------------------------------------------------
# CRASH PROTECTION
# --------------------------------------------------
crash_protection:
sign : true
packet_nbt : true
netty:
enabled : true
max_packet_bytes : 5000000
close_on_violation : true
command : true
max_length : 256
max_args : 40
block_control_chars : true
alert_player : true
position : true
max_delta : 150.0
max_coord : 1_000_000
grace_ms : 5000
freeze_duration_ms : 1500
book:
enabled : true
MAX_PAGE : 80
MAX_CHARS_PER_PAGE : 1048
MAX_TOTAL_CHARS : 24000
MAX_COLOR_CODES_PER_PAGE : 20
MAX_JSON_DEPTH : 4
MAX_ARRAY_DEPTH : 4
MAX_EXTRA_COUNT : 80
spam-crasher:
enabled : true
message-cooldown : 0.09
command-cooldown : 0.09
message-spam-message : "&cYou are sending messages too fast!"
command-spam-message : "&cYou are sending commands too fast!"
# --------------------------------------------------
# PACKET FILTER
# --------------------------------------------------
packet_filter:
enabled : true
action : KICK # KICK/CANCEL/ALERT
# --------------------------------------------------
# DEBUG
# --------------------------------------------------
debug:
level : 0
# 0 = off
# 1 = important
# 2 = verbose
# --------------------------------------------------
# PISTON DUPE
# --------------------------------------------------
piston_dupe:
window_ms : 2500
rate_limit : 12
chain_limit : 7
tnt_radius : 2
player_radius : 144
log_to_file : true
kick : true
# --------------------------------------------------
# BYPASS WORLD
# --------------------------------------------------
bypass_worlds:
world : false
world_nether : false
world_the_end : false
# --------------------------------------------------
# PLAYER PACE (ANTI-GRIEF)
# --------------------------------------------------
grief:
pace:
enabled : true
max_blocks_per_second : -1 # What is your server need ?
message : "You are placing blocks too fast!"
message_cooldown : 5000 # Anti Spam For Messages Sending
lava:
enabled : true
max_sources_per_chunk : -1 # What is your server need ?
allow_flow : true
message : "Only -1 lava sources are allowed per chunk!"
message_cooldown : 5000 # Anti Spam For Messages Sending
# --------------------------------------------------
# PUNISHMENT SYSTEM
# --------------------------------------------------
punishments:
piston_dupe:
warn:
threshold : 3
action : WARN
message : "&e⚠ Stop abusing piston mechanics!"
kick:
threshold : 5
action : KICK
message : "&e⚠ You were kicked for piston exploit."
ban:
threshold : 8
action : COMMAND
command : "ban %player% Piston exploit abuse"
entity_spam:
warn:
threshold : 6
action : WARN
message : "&e⚠ Stop spawning entities!"
cooldown : 5000
repeatable : true
kick:
threshold : 10
action : KICK
message : "&e⚠ You were kicked for entity spam."
cooldown : 60000
repeatable : false
# --------------------------------------------------
# ENTITY SPAM / LAG GRIEF PROTECTION
# --------------------------------------------------
entity_spam:
enabled : true
limits:
per_chunk : 100
per_player_per_second : 160
entities:
dropped_item : true
experience_orb : true
armor_stand : false
minecart : false
boat : false
all_non_player : false
auto_clear:
enabled : true
max_entities_to_keep : 30
action:
first : ALERT
repeated : CANCEL
strict : KICK
vl:
max : 30
decay_seconds : 1
# --------------------------------------------------
# GLOBAL MESSAGES
# --------------------------------------------------
messages :
# You cannot change messages prefix!
no_permission : "&6&lExploitShield &7» &cYou do not have permission to do this."
reloading : "&a&lConfiguration reloading..."
reload : "&a&lConfiguration reloaded &2&lsuccessfully."
ExploitShield [FREE] – Advanced Exploit & Crash Protection
Protect your Minecraft server from duplication glitches, crash exploits, and malicious packets — fully automatic.
Need ProtocolLib Version 5.4.0. (PacketEvents 2.12.2)
ExploitShield is a high-performance anti-exploit plugin designed to stop common and advanced exploits.
This plugin is built as a high-end anti-duplication engine, not a basic fix.
ExploitShield is designed to mitigate a wide range of known duplication exploits through behavioral analysis, packet validation, rate limiting, and server-side consistency checks.
While no anti-exploit solution can guarantee complete protection against every emerging exploit, ExploitShield focuses on reducing exploitability while maintaining gameplay stability and low false positives.
Key Features
✅ Duplication Protection
- Offline Dupe
- Dupe Chain Tracking
- Item Signature Tracking
- Creative Inventory Dupe
- General Inventory Dupe
- Minecart Dupe
- Chunk Burst Detection
- Piston Extend / Retract
- Piston Rate Limiting
- Piston Chain Abuse Detection
- Sticky Piston + TNT Dupe
- Slime Block Dupe
- Hopper + Container Dupe
- Automatic Exploit Neutralization (Eviscerate)
- Async Logging + Cleanup
- Item salvage exploits
- Chunk Teleport Duplication
- Boat & ArmorStand Duplication
- Block Update Duplication
- Container / Furnace / Brewing Stand Duplication
- Vehicle Duplication (Boat / Minecart)
- Llama Duplication
- Donkey Duplication
- Horse Duplication
- Mule Duplication
- Multi-Player Simultaneous Duplication Detection
- Malformed packet filtering
- Sign & book crash prevention
- Oversized / invalid item & NBT data protection
- Creative inventory abuse detection
- Advanced Chat, Rename & Payload Validation
- Tab Exception
- Ender Pearl glitch prevention
- Nether roof & glide exploit fixes
- Suspicious movement tracking (configurable)
- Block Placement Pace limiter
- Lava placement per chunk limiter
- Entity Spam limits (per chunk & per player/sec)
- Ghost item detection
- No-swing attack prevention
- Multi-hit attack prevention
- Real-time exploit notifications
- Color-coded severity levels
- Fully configurable events
- Monitor your server even while offline
- Lightweight listeners
- Packet-level fail-safes
- Minimal impact on TPS
- Ban IP / Ban
- Kick
- Cancel
- Configurable thresholds & VL system
- /exploitshield → Show command list
- /exploitshield reload → Reload configuration
- /exploitshield status → Display plugin status
- /exploitshield fixlist → Show detected exploit fixes
- /exploitshield debug → Debug mode
- /exploitshield gui → Open GUI panel
- /exploitshield profile <player> → View player exploit profile
- Player Join Info → Sends player name, client brand & version to exploitshield.joininfo holders
- Granular enable/disable options
- Strict Mode for maximum protection
- Clean and readable config.yml
- ConfigurableSafe defaults (plug & play)
✅ Behavioral & Packet Analysis (Hamster Engine)
- Real-time behavioral monitoring for suspicious player actions
- Detects bot-like consistency & unnatural action frequency
- Tracks Violation Levels (VL) with automatic decay for normal behavior
- Alerts server staff on threshold violations (configurable)
- Custom Netty handler injected per player to prevent packet flooding
- Detects and blocks burst packets & abnormal rates
- Automatic connection closure on extreme violations
- Safe cleanup on player quit to prevent memory leaks
- Monitors critical client packets: USE_ENTITY, CLICK_WINDOW, FLYING
- Behavioral analysis without directly cancelling packets
- Cancels packets only when critical thresholds are exceeded
- Retrieves player channels reliably across server versions
- Pipeline manipulation without crashes or version conflicts
- Advanced packet validation system
- Chat message overflow protection
- Illegal character detection
- Book exploit prevention (page count, page size, total size)
- Creative inventory exploit checks
- ClickWindow carried-item validation
- Display-name & lore overflow protection
- PersistentDataContainer abuse detection
- Invalid item amount detection
- Malformed packet handling & automatic cancellation
- Violation tracking & adaptive punishment system
- PacketRateLimiter upgraded with SmartCounter for dynamic limits
- Limits now scale based on player ping to reduce false positives
- New packet types monitored: FLYING, LOOK, BLOCK_PLACE, BLOCK_DIG
- Burst detection added for short spikes
- Automatic cleanup for stale counters to prevent memory leaks
- UTF-8 overflow detection
- PDC abuse detection
- enchants / attributes / flags protection
- lore / name / book validation
- serialized metadata analysis
✅ TabComplete Protection
- Tab spam cooldown system
- TabComplete crash protection (oversized packets)
- Control character filtering
- Unicode spam detection
- Malformed TabComplete structure validation
- Packet-level TabComplete inspection via PacketEvents
- BadPackets A -> Q
- A: Invalid Sprint Action
- B: Invalid Held Item Change
- C: Invalid Bed Action
- D: Invalid Pitch
- E: Flying Packet Spam
- F: Hidden Module (not disclosed)
- G: Sneak State Desync
- H: Use Item Packet Desync
- I: Flight Ability Desync
- J: Use Item Rotation Desync
- K: Spectate Mode Desync
- L: Invalid Digging Packet State
- M: Respawn State Desync
- N: Desynced KeepAlive Sequence
- O: Invalid Entity / Imposibble Boost / Invalid Combo
- P: Invalid Slot
- Q: Window Confirmation Invalid
Our goal is to block exploits and suspicious packets in order to prevent server crashes and malicious abuse.
Because of this, in some cases legitimate players may experience minor inconvenience due to the strict protection system.
Critical packets are now inspected before Bukkit-level processing, preventing malformed or malicious data from reaching internal server handlers.
In the latest version, ExploitShield introduces enhanced protection mechanisms for newly discovered exploits and duplication methods. By leveraging ProtocolLib and PacketEvents, the plugin now actively monitors and neutralizes suspicious actions at the packet level, ensuring robust defense against emerging threats without affecting normal gameplay.
Previously, certain NBT payloads were processed internally by the server before plugins could intercept them, making some crashes and exploits unavoidable. In this update, ExploitShield can intercept and analyze NBT data at the source, before it is processed by the server, thanks to ProtocolLib and PacketEvents integration. This ensures maximum protection against malicious items, payloads, and NBT-based crashes.
Tested under real-world multiplayer environments with packet-heavy activity, automation systems, and exploit simulation scenarios.
Why ExploitShield?
✔ Free
✔ Research-driven protection architecture
✔ Packet-level exploit mitigation
✔ Stability-focused design philosophy
✔ Continuous security improvements
✔ Real exploit research
✔ Actively maintained
✔ Designed with professional anti-cheat architecture principles
✔ Concurrent use of ProtocolLib and PacketEvents
✔ This plugin is built as a high-end anti-duplication engine, not a basic fix.
✔ ExploitShield is designed to mitigate a wide range of known duplication exploits using behavioral analysis, packet validation, rate limiting, and server-side consistency checks.
✔ Designed for survival redstone-heavy servers
✔ No interference with legitimate farms
✔ Tested with 30+ redstone machines
Extensive Testing & Stability
ExploitShield has been extensively tested across Minecraft versions 1.17 through 1.21, including real-world scenarios involving malicious clients, exploit tools, and attack simulations.
All tests were conducted in Strict mode using ProtocolLib and PacketEvents API, ensuring that the plugin handles packet-level exploits and advanced abuse cases reliably.
During these tests, the plugin demonstrated high detection accuracy and stability, successfully blocking abusive behavior without causing false positives for legitimate players.
All protections are designed with strict validation, rate-based analysis, and safe thresholds, ensuring strong security while preserving normal gameplay.
Tested Against Modern Cheat Clients
ExploitShield has been stress-tested in real-world multiplayer environments against some of the most widely used modified Minecraft clients.
During controlled testing scenarios, the plugin successfully prevented crash attempts, exploit packets, and malicious payload behaviors without server instability or critical false positives.
✔ Meteor Client
✔ Xynis Client
✔ FDP Client
✔ BetterCraft
✔ SmogProf Client
No successful crash, packet-based exploit, or instability was observed under Strict Mode configurations.
⚠ Note: Results may vary depending on server configuration, enabled modules, and strictness settings.
Works on Folia, Spigot, and Paper servers. ✅
INSTALLATION
1. Download and install ProtocolLib
2. Download and install PacketEvents
3. Place ExploitShield.jar into your plugins folder
4. Restart your server
5. Your server is now protected and ready to go.
bStats
https://bstats.org/plugin/bukkit/EZExploitFixer/28681
PREMISSIONS/COMMANDS
/exploitshield (Display Command List)
/exploitshield reload (Reload Config)
/exploitshield status (Display Plugin Status)
/exploitshield fixlist (Show Fix List)
/exploitshield debug (Debug)
/exploitshield gui (Display GUI)
/exploitshield profile <Player Name> (Display exploit profile)
exploitshield.use
exploitshield.reload
exploitshield.read.alert
exploitshield.alert.*
exploitshield.joininfo
DISCORD SUPPORT
https://discord.gg/xhV6FPfe92
WE NEED YOU
We need your support to be able to provide bigger updates and grow with your support, so please leave a comment if you see a bug or like the plugin
Why Didn’t We Use HamsterAPI?
We chose not to use HamsterAPI because it is primarily designed for detecting player movement and behavior patterns, not for deep packet-level protection or crash/exploit prevention. While HamsterAPI is useful for motion monitoring, relying solely on it wouldn’t provide the comprehensive server protection we wanted.
Instead, we implemented ProtocolLib + PacketEvents, which allows deep, low-level monitoring and control of network packets. With these tools, ExploitShield can:
- Detect and neutralize advanced duplication exploits
- Prevent crash attempts and malicious packet attacks
- Analyze NBT and payloads before they reach the server
- Offer robust behavioral and packet-level monitoring while preserving performance
How does it work against packets?
Download Now To Protect Your Server !
Code (Java):
package its.rango.exploitshield ;
import com.github.retrooper.packetevents.PacketEvents ;
import io.github.retrooper.packetevents.factory.spigot.SpigotPacketEventsBuilder ;
import its.rango.exploitshield.commands.Commands ;
import its.rango.exploitshield.commands.ESCommand ;
import its.rango.exploitshield.gui.GUIManager ;
import its.rango.exploitshield.listeners.* ;
import its.rango.exploitshield.listeners.dupes.ContainerEntityChunkDuplicationListener ;
import its.rango.exploitshield.listeners.dupes.PistonDuplicationListener ;
import its.rango.exploitshield.listeners.dupes.PlayerDuplicationListener ;
import its.rango.exploitshield.metrics.MetricsLoader ;
import its.rango.exploitshield.metrics.MetricsManager ;
import its.rango.exploitshield.netty.NettyCleanupListener ;
import its.rango.exploitshield.netty.NettyInjectListener ;
import its.rango.exploitshield.packet.* ;
import its.rango.exploitshield.packet.badpackets.* ;
import its.rango.exploitshield.packet.hamster.HamsterEngine ;
import its.rango.exploitshield.profile.PlayerProfileManager ;
import its.rango.exploitshield.profile.ProfileStorage ;
import its.rango.exploitshield.util.ConfigUtils ;
import its.rango.exploitshield.util.FileUtils ;
import its.rango.exploitshield.util.UpdateChecker ;
import its.rango.exploitshield.util.Violation ;
import org.bukkit.Bukkit ;
import org.bukkit.ChatColor ;
import org.bukkit.command.PluginCommand ;
import org.bukkit.entity.Player ;
import org.bukkit.event.HandlerList ;
import org.bukkit.plugin.java.JavaPlugin ;
import java.io.File ;
import java.io.FileWriter ;
import java.io.IOException ;
import java.util.Date ;
public class ExploitShield extends JavaPlugin {
private static ExploitShield instance ;
private UpdateChecker updateChecker ;
private BookCrashListener bookListener ;
private Violation violationManager ;
private boolean protocolLibAvailable ;
private boolean packetEventsAvailable ;
@Override
public void onLoad ( ) {
printLoadBanner ( ) ;
protocolLibAvailable =
Bukkit. getPluginManager ( ). getPlugin ( "ProtocolLib" ) != null ;
packetEventsAvailable =
Bukkit. getPluginManager ( ). getPlugin ( "packetevents" ) != null ;
getLogger ( ). info ( "ProtocolLib: " + protocolLibAvailable ) ;
getLogger ( ). info ( "PacketEvents: " + packetEventsAvailable ) ;
}
@Override
public void onEnable ( ) {
printStartupBanner ( "Starting up" ) ;
long before = System. currentTimeMillis ( ) ;
if ( !protocolLibAvailable ) {
getLogger ( ). severe ( "ProtocolLib is required but not found!" ) ;
getLogger ( ). severe ( "Disabling ExploitShield..." ) ;
getServer ( ). getPluginManager ( ). disablePlugin ( this ) ;
return ;
}
instance = this ;
initViolationManager ( ) ;
handleLanguageConfig ( ) ;
ConfigUtils. reload ( this ) ;
JoinPacketListener. load ( this ) ;
ProfileStorage. init ( ) ;
initProtocolLib ( ) ;
initPacketEvents ( ) ;
initCrashSystem ( ) ;
initCommands ( ) ;
initListeners ( ) ;
registerBadPacketListeners ( ) ;
preloadOnlineProfiles ( ) ;
initUpdateChecker ( ) ;
initMetrics ( ) ;
PlayerDuplicationListener dupeListener = new PlayerDuplicationListener ( this ) ;
getServer ( ). getPluginManager ( ). registerEvents (dupeListener, this ) ;
dupeListener. startCleanupTask ( ) ;
printEnabledBanner ( ) ;
long time = System. currentTimeMillis ( ) - before ;
logConsole ( "Plugin enabled in " + time + "ms" ) ;
}
@Override
public void onDisable ( ) {
PacketEvents. getAPI ( ). terminate ( ) ;
PlayerProfileManager. shutdown ( ) ;
HamsterEngine. clearAll ( ) ;
PlayerDuplicationListener dupeListener = new PlayerDuplicationListener ( this ) ;
if (dupeListener != null ) {
dupeListener. stopCleanupTask ( ) ;
HandlerList. unregisterAll (dupeListener ) ;
}
printShutdownBanner ( ) ;
}
private void initViolationManager ( ) {
this. violationManager = Violation. getInstance ( this ) ;
this. violationManager. loadConfig ( ) ;
}
private void initPacketEvents ( ) {
if ( !packetEventsAvailable ) {
getLogger ( ). warning ( "PacketEvents not installed - skipping packet features" ) ;
return ;
}
try {
PacketEvents. setAPI (SpigotPacketEventsBuilder. build ( this ) ) ;
PacketEvents. getAPI ( ). load ( ) ;
PacketEvents. getAPI ( ). init ( ) ;
getLogger ( ). info ( "PacketEvents enabled" ) ;
} catch ( Exception e ) {
getLogger ( ). severe ( "PacketEvents failed: " + e. getMessage ( ) ) ;
}
}
private void initCrashSystem ( ) {
if ( !packetEventsAvailable || PacketEvents. getAPI ( ) == null ) {
getLogger ( ). warning ( "Crash system disabled (PacketEvents not ready)" ) ;
return ;
}
CrashPacket. init ( ) ;
Bukkit. getPluginManager ( ). registerEvents ( new CrashPacket ( ), this ) ;
TabCompleteGuard. init ( ) ;
PacketEvents. getAPI ( ). getEventManager ( ). registerListener ( new HamsterPacketListener ( ) ) ;
PacketEvents. getAPI ( ). getEventManager ( ). registerListener ( new UltraSafePacketListener ( ) ) ;
}
private void initCommands ( ) {
PluginCommand main = getCommand ( "exploitshield" ) ;
if (main != null ) {
Commands executor = new Commands ( ) ;
main. setExecutor (executor ) ;
main. setTabCompleter (executor ) ;
}
PluginCommand es = getCommand ( "es" ) ;
if (es != null ) {
ESCommand executor = new ESCommand ( ) ;
es. setExecutor (executor ) ;
es. setTabCompleter (executor ) ;
}
}
private void initListeners ( ) {
BookCrashListener. load ( this ) ;
bookListener = new BookCrashListener ( ) ;
Bukkit. getPluginManager ( ). registerEvents (bookListener, this ) ;
registerOtherListeners ( ) ;
}
private void initProtocolLib ( ) {
if ( !protocolLibAvailable ) return ;
try {
PacketManager. init ( ) ;
StrictNBTInterceptor. init ( ) ;
getLogger ( ). info ( "ProtocolLib enabled" ) ;
logConsole ( "ProtocolLib packet protection ENABLED" ) ;
logConsole ( "ProtocolLib Protection ENABLED" ) ;
logConsole ( "Strict NBT Interceptor ENABLED" ) ;
} catch ( Exception e ) {
getLogger ( ). warning ( "ProtocolLib init failed: " + e. getMessage ( ) ) ;
}
}
private void initUpdateChecker ( ) {
updateChecker = new UpdateChecker ( this ) ;
updateChecker. check ( ) ;
Bukkit. getPluginManager ( ). registerEvents (
new UpdateJoinListener ( this, updateChecker ),
this
) ;
}
private void initMetrics ( ) {
MetricsLoader. init ( this ) ;
MetricsManager. loadFromConfig ( ) ;
}
private void preloadOnlineProfiles ( ) {
for (Player p : Bukkit. getOnlinePlayers ( ) ) {
PlayerProfileManager. getProfile (p. getUniqueId ( ) ) ;
}
}
private void registerBadPacketListeners ( ) {
var manager = PacketEvents. getAPI ( ). getEventManager ( ) ;
manager. registerListener ( new BadPacketA ( ) ) ;
manager. registerListener ( new BadPacketB ( ) ) ;
manager. registerListener ( new BadPacketC ( ) ) ;
manager. registerListener ( new BadPacketD ( ) ) ;
manager. registerListener ( new BadPacketE ( ) ) ;
manager. registerListener ( new BadPacketF ( ) ) ;
manager. registerListener ( new BadPacketG ( ) ) ;
manager. registerListener ( new BadPacketH ( ) ) ;
manager. registerListener ( new BadPacketI ( ) ) ;
manager. registerListener ( new BadPacketJ ( ) ) ;
manager. registerListener ( new BadPacketK ( ) ) ;
manager. registerListener ( new BadPacketL ( ) ) ;
manager. registerListener ( new BadPacketM ( ) ) ;
manager. registerListener ( new BadPacketN ( ) ) ;
manager. registerListener ( new BadPacketO ( ) ) ;
manager. registerListener ( new BadPacketP ( ) ) ;
manager. registerListener ( new BadPacketQ ( ) ) ;
}
private void registerOtherListeners ( ) {
Bukkit. getPluginManager ( ). registerEvents ( new PistonDuplicationListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new InventoryMoveListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new ExplosionListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new EnderPearlListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new ItemSalvageListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new CrashProtectionListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new SignCrashListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new PacketRateLimiter ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new GriefLavaListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new PlayerPaceListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new EntitySpamListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new GUIManager ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new ClientIntegrity ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new CommandCrashListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new NettyInjectListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new NettyCleanupListener ( ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new ContainerEntityChunkDuplicationListener ( this ), this ) ;
Bukkit. getPluginManager ( ). registerEvents ( new PlayerJoinProfileListener ( ), this ) ;
getServer ( ). getPluginManager ( ). registerEvents ( new ItemNBTListener ( ), this ) ;
}
private void handleLanguageConfig ( ) {
getDataFolder ( ). mkdirs ( ) ;
File configFile = new File (getDataFolder ( ), "config.yml" ) ;
if ( !configFile. exists ( ) ) {
String lang = getConfig ( ). getString ( "language", "en" ). toLowerCase ( ) ;
String resource = lang. equals ( "fa" )
? "config_fa.yml"
: "config_en.yml" ;
FileUtils. copyResourceToDataFolder ( this, resource, "config.yml" ) ;
}
reloadConfig ( ) ;
ConfigUtils. reload ( this ) ;
}
private void printLoadBanner ( ) {
logBanner ( "Loading...", ChatColor. DARK_GREEN ) ;
}
private void printStartupBanner ( String state ) {
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. GOLD + "[ExploitShield] " + ChatColor. DARK_GREEN + state ) ;
}
private void printEnabledBanner ( ) {
logBanner ( "Enabled! ", ChatColor. GREEN ) ;
}
private void printShutdownBanner ( ) {
logBanner ( "Disabled! ", ChatColor. DARK_RED ) ;
}
private void logBanner ( String status, ChatColor statusColor ) {
getServer ( ). getConsoleSender ( ). sendMessage ( "" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=====================================" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " ExploitShield " + statusColor + " " + status + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " Version: " + ChatColor. RED + getDescription ( ). getVersion ( ) + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " Depend: " + ChatColor. RED + getDescription ( ). getDepend ( ) + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " SoftDepend: " + ChatColor. RED + getDescription ( ). getSoftDepend ( ) + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " Lead Dev: " + ChatColor. RED + "Its_Rango " + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=" + ChatColor. GOLD + " Co Devs: " + ChatColor. RED + "S_S_God, Smilelectern_YT" + ChatColor. DARK_GRAY + " =" ) ;
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. DARK_GRAY + "=====================================" ) ;
getServer ( ). getConsoleSender ( ). sendMessage ( "" ) ;
}
private void logConsole ( String msg ) {
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. GOLD + "[ExploitShield] " + ChatColor. GREEN + msg ) ;
}
private void logConsole ( String msg, ChatColor color ) {
getServer ( ). getConsoleSender ( ). sendMessage (ChatColor. GOLD + "[ExploitShield] " + color + msg ) ;
}
public static ExploitShield getInstance ( ) {
return instance ;
}
public Violation getViolationManager ( ) {
return violationManager ;
}
public String color ( String str ) {
return ChatColor. translateAlternateColorCodes ( '&', str ) ;
}
private void logError ( String title, Throwable t ) {
File logDir = new File (getDataFolder ( ), "logs" ) ;
if ( !logDir. exists ( ) ) logDir. mkdirs ( ) ;
File logFile = new File (logDir, "error.log" ) ;
try ( FileWriter writer = new FileWriter (logFile, true ) ) {
writer. write ( "[" + new Date ( ) + "] " + title + "\n" ) ;
writer. write (t. toString ( ) + "\n" ) ;
for (StackTraceElement element : t. getStackTrace ( ) ) {
writer. write ( " at " + element + "\n" ) ;
}
writer. write ( "\n" ) ;
} catch ( IOException e ) {
getLogger ( ). severe ( "Error writing to error log: " + e. getMessage ( ) ) ;
}
}
}
Code (YAML):
# ==================================================
# ExploitShield
# Advanced Anti-Exploit
# Lead Dev: Its_Rango
# Co Devs: S_S_God, Smilelectern_YT
# ==================================================
language : en #en/fa
enabled : true
# --------------------------------------------------
# GLOBAL MODE
# strict_mode:
# true = Block & cancel suspicious actions
# false = Adjust, log, and allow safe behavior
# --------------------------------------------------
strict_mode : true
# --------------------------------------------------
# JOIN INFO
# --------------------------------------------------
join-info:
message : "&6ExploitShield &7» &a{player} &fjoined whit using &a{brand} &fand version &a{version}"
# --------------------------------------------------
# EXPLOIT FIXES
# --------------------------------------------------
fixes:
offline_quit_dupe : true
dupe_chain : true
item_signature : true
creative_inventory_dupe : true
minecart_duplication : true
chunk_teleport_dupe : true
container_furnace_dupe : true
sticky_tnt_dupe : true
hopper_dupe : true
slimeblock_dupe : true
boat_armorstand_dupe : true
piston_dupe : true
bed_explosion_dupe : true
ender_pearl_glitch : true
nether_roof_glide : true
item_salvage_exploit : true
item_nbt_limit : true
anti_phase : true
client_integrity : true
vehicle : true
inventory_abuse_detection : true
inventory:
max_clicks : 55
window_ms : 1500
block_update_dupe:
enabled : true
limit : 30
window : 2000 # ms
dupe:
offline:
enabled : true
# Time window to check for recent quit (milliseconds)
window_ms : 1500
chain:
enabled : true
# Time window for tracking dupe actions (milliseconds)
window_ms : 3000
# Number of actions within window to trigger alert
limit : 5
chunk :
# Time window for chunk activity (milliseconds)
window_ms : 3000
# Maximum activity rate within window
rate : 10
item :
# Number of identical items to trigger detection
repeat : 5
inventory :
# General inventory exploits
general : true
# Creative mode inventory exploit
creative : true
# Chunk boundary abuse detection
# WARNING: May false positive when players legitimately move items
# Recommended: false for production servers
boundary:
check : true
# Reincarnation detection (entity death respawn with same items)
# WARNING: May false positive on normal gameplay
# Recommended: false for production servers
reincarnation:
check : false
equip:
rate_limit_ms : 150
# Kick player on dupe detection
kick : false
client_integrity:
ghost_item : true
no_swing_attack : false # Set this to false if your server is PvP-focused.
multi_hit : false # Set this to false if your server is PvP-focused.
item:
max_total_nbt_size : 8000
# --------------------------------------------------
# PACKETS
# --------------------------------------------------
packet :
# ================================================
# BOOK LIMITS
# ================================================
max_book_pages : 80
max_book_page_size : 1536
max_total_book_size : 24576
# ================================================
# CHAT & TEXT LIMITS
# ================================================
max_chat_length : 384
# ================================================
# ITEM & NBT LIMITS
# ================================================
max_item_nbt_size : 6144
max_item_amount : 127
max_pdc_keys : 24
# ================================================
# TAB-COMPLETER
# ================================================
MAX_TAB_LENGTH_WARN : 250
MAX_TAB_LENGTH_CRITICAL : 500
BASE_COOLDOWN_TICKS : 0
DEBUG_MODE : false
# --------------------------------------------------
# ITEM NBT
# --------------------------------------------------
item_nbt :
# =========================
# CHECK COOLDOWN
# =========================
cooldown_ms : 200
# =========================
# GLOBAL NBT LIMIT
# =========================
max_nbt_size : 8192
# =========================
# DISPLAY NAME
# =========================
max_name_length : 96
# =========================
# LORE
# =========================
max_lore_lines : 20
max_lore_length : 256
# =========================
# BOOKS
# =========================
max_pages : 100
max_page_length : 2500
max_unicode_chars : 60
# =========================
# ENCHANTS
# =========================
max_enchants : 24
max_enchant_level : 15
# =========================
# ATTRIBUTES
# =========================
max_attributes : 24
# =========================
# FLAGS
# =========================
max_item_flags : 16
# =========================
# PDC
# =========================
max_pdc_keys : 48
# =========================
# STACK SIZE
# =========================
max_stack_size : 127
# --------------------------------------------------
# LIMITS
# --------------------------------------------------
nether:
limit_y : 128.0
ender_pearl:
limit_y : 256.0
# --------------------------------------------------
# LOGGING
# --------------------------------------------------
logging:
suspicious_actions : true
# --------------------------------------------------
# ALERTS
# --------------------------------------------------
alerts:
enabled : true
on : "&7[&6&lExploitShield&7] &7» &aAlerts enabled."
off : "&7[&6&lExploitShield&7] &7» &cAlerts disabled."
discord:
enabled : true
webhook : "PUT_YOUR_WEBHOOK_URL_HERE"
# --------------------------------------------------
# CRASH PROTECTION
# --------------------------------------------------
crash_protection:
sign : true
packet_nbt : true
netty:
enabled : true
max_packet_bytes : 5000000
close_on_violation : true
command : true
max_length : 256
max_args : 40
block_control_chars : true
alert_player : true
position : true
max_delta : 150.0
max_coord : 1_000_000
grace_ms : 5000
freeze_duration_ms : 1500
book:
enabled : true
MAX_PAGE : 80
MAX_CHARS_PER_PAGE : 1048
MAX_TOTAL_CHARS : 24000
MAX_COLOR_CODES_PER_PAGE : 20
MAX_JSON_DEPTH : 4
MAX_ARRAY_DEPTH : 4
MAX_EXTRA_COUNT : 80
spam-crasher:
enabled : true
message-cooldown : 0.09
command-cooldown : 0.09
message-spam-message : "&cYou are sending messages too fast!"
command-spam-message : "&cYou are sending commands too fast!"
# --------------------------------------------------
# PACKET FILTER
# --------------------------------------------------
packet_filter:
enabled : true
action : KICK # KICK/CANCEL/ALERT
# --------------------------------------------------
# DEBUG
# --------------------------------------------------
debug:
level : 0
# 0 = off
# 1 = important
# 2 = verbose
# --------------------------------------------------
# PISTON DUPE
# --------------------------------------------------
piston_dupe:
window_ms : 2500
rate_limit : 12
chain_limit : 7
tnt_radius : 2
player_radius : 144
log_to_file : true
kick : true
# --------------------------------------------------
# BYPASS WORLD
# --------------------------------------------------
bypass_worlds:
world : false
world_nether : false
world_the_end : false
# --------------------------------------------------
# PLAYER PACE (ANTI-GRIEF)
# --------------------------------------------------
grief:
pace:
enabled : true
max_blocks_per_second : -1 # What is your server need ?
message : "You are placing blocks too fast!"
message_cooldown : 5000 # Anti Spam For Messages Sending
lava:
enabled : true
max_sources_per_chunk : -1 # What is your server need ?
allow_flow : true
message : "Only -1 lava sources are allowed per chunk!"
message_cooldown : 5000 # Anti Spam For Messages Sending
# --------------------------------------------------
# PUNISHMENT SYSTEM
# --------------------------------------------------
punishments:
piston_dupe:
warn:
threshold : 3
action : WARN
message : "&e⚠ Stop abusing piston mechanics!"
kick:
threshold : 5
action : KICK
message : "&e⚠ You were kicked for piston exploit."
ban:
threshold : 8
action : COMMAND
command : "ban %player% Piston exploit abuse"
entity_spam:
warn:
threshold : 6
action : WARN
message : "&e⚠ Stop spawning entities!"
cooldown : 5000
repeatable : true
kick:
threshold : 10
action : KICK
message : "&e⚠ You were kicked for entity spam."
cooldown : 60000
repeatable : false
# --------------------------------------------------
# ENTITY SPAM / LAG GRIEF PROTECTION
# --------------------------------------------------
entity_spam:
enabled : true
limits:
per_chunk : 100
per_player_per_second : 160
entities:
dropped_item : true
experience_orb : true
armor_stand : false
minecart : false
boat : false
all_non_player : false
auto_clear:
enabled : true
max_entities_to_keep : 30
action:
first : ALERT
repeated : CANCEL
strict : KICK
vl:
max : 30
decay_seconds : 1
# --------------------------------------------------
# GLOBAL MESSAGES
# --------------------------------------------------
messages :
# You cannot change messages prefix!
no_permission : "&6&lExploitShield &7» &cYou do not have permission to do this."
reloading : "&a&lConfiguration reloading..."
reload : "&a&lConfiguration reloaded &2&lsuccessfully."
Resource Information
Author:
----------
Total Downloads: 1,923
First Release: Nov 26, 2025
Last Update: Jun 15, 2026
Category: ---------------
All-Time Rating:
5 ratings
Version -----
Released: --------------------
Downloads: ------
Version Rating:
----------------------
-- ratings