(33% OFF) XCord: Optimized, Anti-bot, Anti-Exploit (Spigot+Bungee[ALL]) Bungeecord fork (1.7-1.18+) 1.29-BETA

Bungeecord fork with a powerful Anti-bot, Anti-Exploit, and Anti-SpigotExploit for 1.7-1.16+
Note: XCord requires a license to run properly. You can obtain a license from joining the official XCord channel and verifying your ownership (Insure non-friend DM's are enabled)


XCord is an advanced Bungeecord fork designed for high performance, low CPU usage, and packed with a powerful anti-exploit/anti-bot (Possibly the best on the market). Contains a large collection of advanced anti-bot checks, powerful kernel level anti-ddos, layer 7 anti-ddos, and various checks to stop Bungee and Spigot exploits with ease. No longer will you have to rely on cheap hacky protection to stop attacks...


  • Various optimizations, highly optimized packet compression, reduced CPU load, native encryption. Guaranteed to decrease CPU usage
  • Built in ping-spam protection
  • Built in powerful anti-bot designed to withstand large attacks, while keeping the Bungeecord at a low CPU level
  • Configurable compression strength (Native only)
  • 1.7-1.17.1+ protocol support
  • Anti-bungee/TCP exploit system: Blocks many exploits that aren't even publicly known. Especially "BungeeSmasher"
  • Anti-spigot/mc-server exploit system: This bungeecord comes with an optional module that blocks Jessica/Payload/Spigot-Cracker/NBT-bomb/spam exploits. There's no known bypass, and it's extremely lightweight.
  • Blacklist system (With IPSet support)
  • Non-interfering (No fake lobbies, captcha's, ect. Users wont know) [Unless you choose to enable more advanced gravity/collision checks]
  • Designed with performance, and false positives being the main objective.
  • Filters login/ping/ect logs ONLY during bot attacks
  • /xcordreload command for reloading the config without having to reboot the entire network
  • Option to use a high performance Anti-VPN system (Requires API(s) IPHub.info or proxycheck.io)
  • Around ~160+ configuration lines (xcord.yml)
  • Packet batching system to increase network stability, and decrease native load
  • Optimized network thread handling/creation
  • Option to only pass connections deemed as legitimate through plugins (Like JPremium, SkinRestorer, etc) through the passthrough option


Modern minecraft server's are plagued by increasingly more and more powerful botting programs designed to down the server in seconds. XCord however provides a powerful anti-bot solution programmed directly into the roots of Bungeecord with the ability to migrate these attacks without hindering the performance of your server.

Currently, it consists of multiple fixes and checks all of which can be configured, and disabled if you choose to


  • Connection speed: Prevents bots from pinging, or connecting too rapidly
  • Login speed: Prevents bots from logging in rapidly from multiple accounts
  • Slow-Bot: Checks whether a connection is acting like a bot. Designed to catch slow bots, and Non-Minecraft clients.
  • Chat-Check: Checks for /register or /login bots
  • DNS-Check
  • Linux-Check: Checks whether a connection potentially came from a Linux computer
  • Random-name: At the moment, only detects whether they're using a certain pattern of randomized name. I plan on expanding on this module in the future
  • Proxy check: Checks whether a client potentially came from a proxy during an attack using network logic instead of a database (Therefor, super fast)
  • Verification check: Verifies whether the connection is coming from an actual minecraft client. Very powerful check with more to come in the future (If there's bypasses)
  • Advanced Fake Lobby Check: Tests whether the client responds to collision, gravity, etc, in a virtual lobby before allowing them into the lobby server
  • Latency check: Block connections exceeding a configured limit. Very useful for blocking slower proxies, or exhaustion attacks
  • Timeout check: Blacklists connections who are abusing the minecraft protocol by spamming handshakes without ever completing them. This is already fixed by XCord, but having this additional check allows some extra protection against certain bots.
  • Name Pattern: Detects names that are similar. Highly configurable
  • Passthrough: (Disabled by default) When a new player joins, passes them through ALL of XCord's many anti-bot checks. If they make it through without detection, they're kicked, and can re-join normally. This prevents bots from overloading encryption/mojang-requests, plugins like JPremium, etc.
Spigot Anti-Exploit
More and more exploits are coming out and server owners are being forced to use heavy anti-exploit plugins on all their spigot instances. XCord luckily has it's own built in anti-exploit module designed for performance, and efficient exploit blocking! Currently, no clients have the ability to bypass XCord's powerful anti-crash exploit blocker. Disclaimer: Only tested on 1.8.9, 1.17.1 and versions alike may not be fully patched

Bungeecord Anti-Exploit

With the recent discovery of various vulnerabilities on Bungeecord, it's no longer optional to run a network without some level of exploit protection. XCord fixes all known Bungeecord/Netty/Buffer vulnerabilities, and appended all offending addresses to a blacklist in order to rapidly migrate any attack.

Anti-VPN System

XCord comes with a built in anti-vpn/proxy solution to help cut down on hackers and or bots. Unlike most other anti-vpn solutions, this system will not bog down networking threads, and will not allow it's self to become saturated by instantly executing HTML queries to several API's. On top of that, it also contains a cache system to prevent using up all your API calls.

Configuration example
    enabled: true
        - 20001
        - CHN
        - bob7l
        - 143.231.1242.12
    save-interval: 3600
    purge-interval: 86400
    purge-age: 2592000
    blacklist-on-detection: false
    only-blacklist-on-detection-during-attack: true
    initial-connection-checkenabled: true
    initial-connection-checkonly-during-bot-attack: true
    initial-connection-checkcache-only: true
      enabled: true
      arguments: '&risk=1&vpn=1&asn=1&tag={name}'
      key: '34534627234534'
      enabled: true
      key: '3463453453463453'

Anti-VPN Commands
  • /xvpn (Base command) [xcord.command.vpn]
  • /xvpn whitelist (Whitelist IP/name from check) [xcord.command.whitelistproxy]
  • /xvpn listwhitelisted (List whitelisted entries) [xcord.command.whitelistproxy]
  • /xvpn unwhitelist (Unwhitelist IP/name) [xcord.command.whitelistproxy]

IPTable Blacklisting
The most efficient way to block malicious TCP connections is with the IPTable. XCord will utilize a program called IPSet to blacklist connections if your server is running on ROOT, and you've enabled it in the config "ipset-blacklisting: true".

XCord will otherwise use a low level (Low level in terms of netty) blacklisting system to quickly terminate malicious connections. Although when dealing with massive DDoS attacks, it's highly recommended to enable ipset blacklisting.

Packet Batching

If your Spigot supports it, XCord will use controlled flushing to attempt to send packets in batches instead of instantly flushing them. Spigot forks such as Tuinity and a few other forks floating around will function with this.

Helps increase network stability, and reduce CPU/memory usage. SIGNIFICANTLY thrives in high population areas with a lot of entities moving about.

Global Blacklist

XCord utilizes multiple scraper bots to constantly find new malicious proxies and add them to a global blacklist. If you're running your server on ROOT, and have IPTables, you can enable this option in the config. XCord will download the blacklist, and deny all the addresses listed in the blacklist using IPSet + IPTables on a configurable interval. Currently consists of over 100k active proxies, with more being constantly added every hour

For those who have already bought XCord, this option comes HIGHLY recommended as some bots exceed 120k connections in under just a couple of seconds.


XCord makes several optimizations to Bungeecord, ranging from compression, threading, the packet processing system, to the internals of Bungeecord. Squeezing every bit of performance out of every functionality of Bungeecord to allow users to host thousands of concurrent players on a single machine without sacrificing anything.

XCord also comes with more optional performance boosts in the config if your plugin are compatible (No ViaVersion on Bungeecord for instance).

XCord's default config consists of over 150+ lines! Virtually every functionality of XCord can be customized, or disabled. A detailed description of each configurable option is downloadable in the official XCord Discord channel (Must verify to see)

  • /xcordreload: Reloads the configuration
  • /clearblacklist: Resets the blacklist
  • /timedelayedevents: Outprints the time plugins take to process events. Very useful for figuring out what's bogging down your initial logins and proxy
  • /testmemory: Have XCord outprint details about your memory usage. It'll also print out garbage collection events. This is useful for figuring out lag caused by memory consumption/leak issues.

Supported Protocols
1.7-1.18+ (Will be updated as Bungeecord is updated)


(All support is conducted through discord, along with early pre-releases, join!)

NOTE: XCord may require configuration (xcord.yml) in order to properly run without Anti-bot false positives on your server. It may not just be a drop in replacement for Bungeecord if you've got a strange server setup. A comprehensive configuration write up is available on XCord's discord channel

NOTE: XCord is considered to be a LINUX application. Although it will function on Windows/Mac, protection/performance will be very limited due to not having access to certain OS related features. Please consider this before buying XCord
  • xcord.png
    21.8 KB · Views: 14

Latest updates

  1. Optimizations, Upstream merge, Log4J update

    IMPORTANT: This version REQUIRES a license to run. You can get your license from the XCord...
  2. Patch 100% of Log4J expressions

    IMPORTANT: This version REQUIRES a license to run. You can get your license from the XCord...
  3. Added additional protection against the recent Log4J exploit

    IMPORTANT: This version REQUIRES a license to run. You can get your license from the XCord...

Latest reviews

This is truly the best BungeeCord fork I have ever used. It has a lot of accurate and necessary checks, which is only worth checking for Linux. I recommend everyone to buy, you will not find a better fork!
Best bungeecord fork ever! Literally saved my server.. My server was shut down daily by botnets and this is all fixed with this jar. Also reduced CPU / memory usage alot. Also the owner gives really good support and helps with issues. Best purchase ever!
Good bungee fork! <3
best bungee fork, gives the best performance and the best antibot
Nice fork and best support.
This is the best fork of BngeeCord, it really does the best at protecting against DDoS. And the author will always help you, write to him in discord.
I had a lot of problems with dudes that attacked my server with BOTS, dudes that were connected to my server using a VPN (and i couldn't ban them 'cause yea :P ip change), but after i downloaded and setup this bungee fork everything changed from good to best.
I highly recommend this bungee fork for best performances and protection on same time.
The Best fork i ever used it have some much to give to the customers , and the author is super friendly and helpful with anything i really Recommend buying this to anyone who want to start a server or already have ..
The best bungeecord fork with antiexploit, antibot, antivpn packed in one software
best fork, it has good and fast support. <33



Digital product
License duration
9.99 USD
First release
Last update
5.00 star(s) 18 ratings
You need to upgrade!
Our dark style is reserved for our Premium members. Upgrade here.