NullCordX is a fork of the well-known Waterfall to server teleportation suite built into fully protection & performance-boost even adding modern forge and bedrock standalone support (Probably most advanced on sale)

How the anti-bot works:

Not like other anti-bot systems we are non-Linux only based, if you are using an Shared host or Windows we have another module of blacklisted cached with netty. However, if you run the proxy as root, you'll get extra features like easy-and-fast mitigation of attacks via deniying connections using IPSet/IPTables.

  • Human fake-lobby-> Advanced filter to verify any type of sent packet, pattern of high-performant bots.
  • Latency check -> System to add an limit of ping and kick it if is bigger. (Configurable limit)
  • Join check-> If the player have never joined before and the server is under attack, will ask for re-join
  • Nickname check -> Option to verify player names, such as repetitive, blacklisted and strange names.
  • Proxy check -> NullCordX verifies the request to the server, and if is detected as proxy will be blacklisted.
  • Direct-Connection-> If the software detects any strange loadup on connections will avoid connections that did not ping server list before joining.
  • Advanced bot manager-> Checks if the entity its acting as a bot via repetitive tasks, movements and packets.
  • Exception check -> Most of attacks are based on exceptions, this overloads the usage and floods the console, NullCordX caches them and deny that connection (you can limit e-connections and add/remove other packets)
  • Internal checks -> Internal netty & anti-exploit checks with the purpose of not bothering the player.
  • Multiple exception -> Most of "smashers" are based on spamming legit BungeeCord packets to the instance, you can limit and avoid them.
  • Favicon check -> Option to check any attempt of an invalid ping will blacklist the connection.
  • Geyser checks -> If its enabled, some bedrock checks that are specifically for bedrock players will start working.
  • Blacklist (via iptables/netty) -> Linux tool implemented to blacklist quickly bad TCP connections to avoid attack reach maximun performance, if you don't have access NullCordX will blacklist bots with netty cached-blacklist module.
  • Uncompressed Login packets -> By limit on uncompressed packets before player logins and if and if it is exceeded, it will be thrown out.
  • Invalid packet checking -> NullCordX verifies Minecraft protocol packets without trowing any exception and kicking instantly if is not recognised.
  • Cloud system -> Through several time, NullCordX verifies if the connection is already blacklisted on the system.
  • Proxy-sync -> Some networks need split proxy instance on more than one, NullCordX can sync the anti-bot data between them to avoid waste of performance.
  • Packet-cache -> Waterfall has too many exceptions, but NullCordX has a system that caches most exceptions and packets, making the impact minimal.

Spigot Anti-Crash

Version 1.8 is quite old, and tends to have many problems with packet and netty security, causing crashes/lags with clients, people to fix it are using plugins that only are giving issues with other plugins, fake-detections and lag.

If your fork supports it like (Spigot/Paper/SuperPaper), the proxy will try to manage all packets.

On top of that is working in all versions to avoiding things like (GasClient, ToxicClient, PacketCrashers, Heaven) and all related clients.

The server admin can cancell the packet, or just kick it with netty > By default is working with netty to faster mitigation!

Bungeecord Secure Level

Waterfall opens up endless possibilities to new exploits that can consume all your resources and even throw the instance.

NullCordX is more than secure against this kind of attacks, and mitigates it instantly for as long as you configure it, you can be secure with exploits.


It is legitimately impossible to have a large server with Waterfall, as its consumption is very extreme with a large number of players in a single instance, this proxy is the most-advanced in performance boost.

NullCordX natively changes the Waterfall compression system to something more stable and performant, this is really util for large networks.

Boosted native-encryption usage with replacements

Not like other anti-exploit systems, we run all our anti-bot multithreaded, to load the balance into multiple tasks.

NullCordX avoid heavy copy of buf on Waterfall, this is not maintainable for the proxy.

On top of that, we added Tcp Fast Open (System to handle connections faster) between server and client. Which makes a proxy more effective.

Best frame-decoder for the proxy, improving the packet handle and security

If your spigot fork supports it, all the flushed packets would be handled by the proxy improving the performance scability.

Best compatibility & The most advanced fork

NullCordX is the most advanced fork in market with external compatibility, adding a lot of features that are not in market.

Our community likes to have modern things like the competition, that's why we have added multiple improvements respecting everyone.

Modern FORGE (1.13+): For now, the upstream does not currently support modern forge, and there are many servers that do need it, so NullCordX has implemented it in an efficient way, no fork with all these features has it.

Bedrock support: Bedrock has a lot of problems with anti-bot checks, logging and so on, if the administrator wants he can make any check to be skipped for bedrock players, also you can set the anti-bot time different from the java time.

DynDNS support. We have implemented a much requested feature, which is not yet in this market (Dynamic Domain Name System support) for those hosts that gives compatibility to in-house hosts, by default Waterfall does not support it.

nLogin support. This plugin is very good, and that's why we have supported using their cloud system and api to avoid verifying people who already did it once, besides that you can skip verifications for bedrock.

Hex system.  As modern proxy NullCordX supports hexadecimal colours on all anti-bot checks for modern versions, default format.

Module system. It's a tiresome thing to have to download the modules in every BungeeCord update, we have them integrated as commands!

Helly customizable. Almost +240 lines configurable, 3 types of data-bases, With NullCordX you can customize even the fonts/images of the anti-bot colours, even add gradient like:


Advanced AntiProxy, AntiVPN system.

Buyers enjoy a fairly extensive api updated every day with a fairly extended limit, to avoid rate-limit crashers.

You can also use different AntiProxy pages/licenses, but we have a cloud system to save all the proxies that are blocked, so that on another server they will not be used again.

In addition, you can block specific countries that tend to frequent many attacks (you can also activate it when an attack is detected).

IPTables firewall

IPTables is a Linux-only tool that allows you to modify all kinds of internet rules, and the best way that we can use to blacklist TCP connections.

If the server has ROOT permissions tool called ipset will be used that allows us to block lists and we can use it to block by time.

This way we can mitigate attacks much more quickly and efficiently without having to have a very good system.

Otherwise the server does not have it, will use default (netty-cached) blacklist system based on pipeline check.

Proxy improvements

We care a lot about security, that's why we have a debug mode, if something goes wrong you can report it and it will be fixed in a very short time.

If the instance crashes, we can see what's going on and check the packet type and fix it in minutes!

Very intense proxy scraper (100k+) per day, and we keep adding more pages so that most attacks are instantly invalidated.

Instantaneous mitigation for related to layer7 or netty, no performance loss.

By default, you can disable all checks, but if there is an attack and it is not completely disabled, it will still ask for them.

Thanks to our upgrades and login caching we can still handle premiun connections even if the Mojang api is down for some time.

The anti-bot plugins are not comparable with the proxy, since when using events the performance drops scalably, apart from the fact that natively it can hold much more.

More features

  • All the checks can be toggled, even human verifications for geyser.
  • AntiNullPing, AntiSmasher, AntiPing, AntiBot system all aplicable on non Kernel.
  • Friendly and easy configuration to understand for new people.
  • Hook into some plugins like (jPremium, DynamicBungeeAuth and SkinsRestorer) to avoid errors.
  • Not kernel based, we allow shared hosts to use the resource.
  • Powerfull logger system to avoid unwanted, and few random logs
  • Custom verifications for bedrock-standalone and spigot.
  • Supporting modern forge connections.
  • Legacy bedrock connections support.
  • Option to blacklist and whitelist Countries.
  • Antipacket smasher for spigot, UpstreamBridge handles the packet before player hits spigot.
  • DynDNS support
  • Ablity to see your plugins of BungeeCord.
  • Forward & BungeeGuard support for Paper instances
  • You can report & find any bug launching -DnullCordX.handleExceptions flag
  • Hexadecimal support for all the proxy
  • Modules built-in, no more manual downloads!
  • Ability to customize anti-bot images, fonts, regeneration, time
  • Ability to customize what bad-packets should the proxy blacklist under attack
  • Cached netty blacklist module for non-Kernel/root based
  • UTF-8 support for messages of Waterfall (Mostly for asian servers)
  • Customizable cached-motd system, very recommended
  • Command to generate new captcha (When you want)
  • Auto-download of messages.properties, you don't need to manually create it
  • No fake triggers, the anti-bot is smart depending on the network.
  • Ability to see hardware usage, such as (CPU, ram, tasks)
  • Ability to configure how database will work, such as Sqlite, Mysql ,HikariCP for external databases and PostgreSQL

Test Server



Contact me if you need it: xIsm4#9127