ExploitFixer is the best anti-exploit packet security plugin for Spigot / Paper / Folia Minecraft servers. It blocks crash clients such as Jessica, Jigsaw, Ayakashi, LiquidBounce, SmogClient, YSK, Meteor, and private ones not yet publicly known. We are fully prepared for the future of exploits and crashers.
The plugin is high-performance and packed with features including protection against CustomPayload spam, oversized packet exploits, crash commands, invalid NBT, and many more crash types.
Unlike other plugins, ExploitFixer blocks everything that should not be allowed and hooks into Bukkit events for further exploit and lag protection — making it extremely sensitive and adaptable to new and future exploits.
Patches
Feature | Description |
|---|---|
Too Many Books (Chunk Crasher / Dupe) | Applies a hard limit on books per chunk with length and size checks. Uses an ultra-optimized algorithm to prevent item duplication and server crashes |
Packet Delay Exploit (Bundle Dupe) | Prevents packet spamming and concurrent actions used to duplicate items such as Bundles |
High Performance (No-Lag) | Uses its own packet listener library (HamsterAPI), achieving exceptional performance unlike ProtocolLib, while remaining compatible with other plugins |
Packet Exploit Fix (Netty Crashers) | Intelligently limits packet size and rate, protecting against both known and private crash exploits |
CustomPayload Fix | Limits the content and types of CustomPayload to effectively block this common exploitation method |
Commands Crash Fix | Configurable list of crash-prone commands — blocks their execution permanently |
Creative Items Fix (World Crasher) | Reconstructs hacked creative item data, preventing exploits via extensive customization including an item blacklist |
Signs Crasher Fix (World Crasher) | Blocks creation of invalid signs, preventing crasher clients from exploiting this vulnerability |
Lectern Crasher Fix | Blocks invalid interactions on a lectern menu to prevent server crashes |
Map Label Crasher Fix | Disables map labels to prevent permanently crashing zones caused by excessive label entities |
Invalid Inventory Slot Fix | Blocks invalid slot interactions with any inventory |
NBT Crasher Fix | Blocks items from carrying excessive NBT tags injected via crasher client packets |
Book Crasher Fix | Limits book title, total size, and page size to prevent crashes |
Cow Duplication Fix | Adds a small cooldown to cow shearing to prevent duplication exploits |
Dispenser Crasher Fix | Blocks invalid dispenser positions to prevent items being dropped to illegal locations |
Offline Packet Duplication Fix | Blocks packets from offline players to prevent duplication with auction house plugins |
Inventory Duplication Fix | Blocks breaking blocks while an inventory is open to prevent duplication exploits |
Mule Duplication Fix | Blocks opening unloaded entity inventories to fix mule duplication exploits |
Portal Break Fix | Blocks players from breaking portals using mushrooms or water buckets |
Bundle Duplication Fix (Packet Delay) | Applies cooldowns to click and drop actions, blocking Meteor client dupe methods and inventory desync dupes |
Normalize Coordinates on Quit | Fixes an exploit where players can get trapped inside blocks |
Commands
Command | Description |
|---|---|
| Displays all available commands |
| Reloads the plugin configuration |
| Toggles notifications for yourself |
| Displays plugin information and statistics |
Permissions
Node | Description |
|---|---|
| Grants access to administration commands |
| Grants permission to toggle notifications |
Installation
Install ExploitFixer on all your Spigot/Paper servers
Install HamsterAPI — required for high-performance, secure packet listening
(Optional) Install FlameCord for DDoS & anti-bot security (increases performance)
(Optional) Install RedstoneLimiter to fix lag machines (increases performance)
Note: For security and performance reasons, we do not use ProtocolLib or PacketEvents. These libraries expose your server to threats through their unprotected decoders. You may still install them if required by other plugins, but it is not recommended.
To fix BungeeCord / Waterfall exploits, mitigate bot attacks, and reduce CPU / RAM usage, use FlameCord — the best high-performance Waterfall fork with built-in anti-bot and performance features.
What's New in Version 3.8.8
Released
No changelog available for this version.
There are no reviews to display.