️ Anti-Bot System Update: Faster & Lighter


We have completely optimized the Anti-Bot protection to make it faster and more reliable. Here is what changed:

• Massive Performance Boost We rewrote the core code to be much lighter. The system now uses less CPU, which means the server won't lag even if many bots try to join at once.
  
  
• Reduced Memory Usage The plugin now "cleans up" after itself much better. It uses less RAM and doesn't create unnecessary data that slows down the server over time.
  
  
• Instant Checks We improved how the system checks for bad usernames and IPs. It is now instant and doesn't slow down the login process for real players.
  
  
• Smoother Shutdowns Fixed a bug where the anti-bot system could cause the server to "hang" or freeze when you tried to restart or stop the server.
  
  
• Bug Fixes Fixed internal errors (including the "Fingerprint" error) that could clutter your console log.
  

Patch Notes v2.1.6 - Maximum Bot Protection Update

️ Major Features
Multi-Tier Ban System

• NEW: Temporary ban system (10 minutes) for excessive failed attempts
• NEW: Permanent ban system for highly suspicious IPs (score ≥300)
• NEW: Automatic temporary ban removal after expiration
• IMPROVED: Ban tracking with concurrent data structures

Advanced Behavioral Analysis

• NEW: Pattern detection for bot-like uniform timing
• NEW: Action sequence tracking (last 50 actions)
• NEW: Repetitive behavior detection (80% threshold)
• NEW: Behavior diversity scoring system
• NEW: Automated analysis every 30 seconds

Enhanced DDoS Protection

• NEW: Three-tier rate limiting: per-second, per-minute, per-hour
• NEW: Hourly connection limit (300 connections/hour)
• NEW: Connection history tracking (last 100 connections)
• NEW: Suspicious connection pattern detection
• IMPROVED: Minimum connection interval enforcement (100ms)

Device Fingerprinting System

• NEW: SHA-256 based device fingerprinting
• NEW: Multi-account detection (max 3 accounts per device)
• NEW: IP association tracking per fingerprint
• NEW: Fingerprint abuse detection and penalties
• NEW: First-seen and last-seen timestamp tracking

Username Validation

• NEW: Bot pattern detection in usernames
• NEW: Suspicious keyword filtering (bot, test, hack, spam, flood)
• NEW: Numeric pattern analysis (4+ consecutive digits)
• NEW: Vowel ratio analysis (detects random character strings)
• NEW: Length validation (3-16 characters)

Token Bucket Rate Limiter

• NEW: Per-IP rate limiting with token bucket algorithm
• NEW: 10 tokens per IP with automatic refill every minute
• NEW: Prevents request flooding and spam attacks

Enhanced Scoring System
Penalty Values (Updated)

• INCREASED: Rapid login penalty: 40 → 50 points
• INCREASED: Limit exceeded penalty: 60 → 80 points
• NEW: Suspicious username penalty: 40 points
• NEW: Identical behavior penalty: 70 points
• NEW: Fingerprint abuse penalty: 60 points
• NEW: Pattern detection penalty: 70 points

Score Benefits

• NEW: Successful login reduces score by 10 points
• IMPROVED: Time decay bonus: 30 → 20 points (more gradual)
• NEW: Automatic score reset after reset interval

Technical Improvements
Thread Safety

• IMPROVED: All counters use atomic operations (AtomicInteger, AtomicLong)
• IMPROVED: ConcurrentHashMap for all data structures
• IMPROVED: Thread-safe cleanup operations
• NEW: Separate executor service for behavior analysis

Performance Optimizations

• NEW: Efficient pattern analysis using standard deviation
• NEW: Limited queue sizes to prevent memory issues
• NEW: Automatic cleanup of expired entries every 5 minutes
• IMPROVED: Reduced memory footprint with bounded collections

Monitoring & Statistics

• NEW: getProtectionStats(ip) - Detailed per-IP statistics
• NEW: getTopSuspiciousIPs(limit) - Find most dangerous IPs
• NEW: getGlobalStats() - Server-wide protection statistics
• NEW: Penalty reason tracking for debugging
• NEW: Bot flagging system with persistent markers

Statistics Tracked
Per-IP Statistics

• Total login attempts
• Failed login attempts
• Current suspicion score
• Bot flag status
• Active connections
• Ban status (temporary/permanent)
• Penalty reasons breakdown

Global Statistics

• Total tracked IPs
• Active temporary bans
• Active permanent bans
• Tracked device fingerprints
• Active behavior profiles
• IPs flagged as bots
• High-risk IPs (score ≥100)

Configuration Changes
New Configuration Options
yaml
enable-advanced-protection: true # Master switch for advanced features
enable-behavior-analysis: true # Real-time behavior pattern detection
enable-fingerprint-tracking: true # Device fingerprinting system
Updated Default Values

• max-attempts-per-ip: 5 → 3 (stricter)
• max-connections-per-second: 10 → 5 (stricter)
• max-connections-per-minute: 100 → 50 (stricter)
• min-connection-interval-ms: 50 → 100 (stricter)

Bug Fixes

• FIXED: Race conditions in attempt counting
• FIXED: Memory leaks in long-running servers
• FIXED: Improper cleanup of expired entries
• FIXED: Thread safety issues in score calculation
• FIXED: Window reset timing in connection tracking

⚠️ Breaking Changes
None. This update is fully backward compatible with existing configurations.

Migration Notes

1. Update your config.yml with new configuration options
2. Existing ban data will be preserved
3. New protection features activate automatically
4. Monitor logs for [AntiBotProtection] messages
5. Use /authpro stats to view protection statistics

Future Improvements

• Machine learning-based bot detection
• GeoIP-based risk assessment
• Proxy/VPN detection integration
• Captcha difficulty scaling
• Whitelist/blacklist management commands
• Real-time threat intelligence feeds

System Requirements

• Java Version: 17+
• Minecraft Server: Spigot/Paper 1.18+
• Recommended RAM: +256MB for protection system
• Recommended CPU: 2+ cores for behavior analysis

Performance Impact

• CPU Usage: +2-5% (with all features enabled)
• Memory Usage: ~50-100MB (depends on player count)
• Network Overhead: Minimal (<1%)

- Fix menu
- Fix cfg

- Fix config.yml

- Fix Bugs

InfernoAuth v2.1.2 - Patch Notes
Release Date: August 18, 2025

New Features

• Improved Task Scheduling: Added TaskQueue class to manage asynchronous tasks more reliably, ensuring robust handling of authentication-related operations.
• Graceful Shutdown Support: Implemented a shutdown method in TaskQueue to allow clean termination of the executor service with a configurable timeout (60 seconds by default).

Improvements

• KickHandler Enhancements:
  • Added input validation for null players and empty kick reasons to prevent invalid operations.
  • Extracted kick message formatting into a dedicated buildKickMessage method for better code clarity and maintainability.
  • Introduced constants for configuration paths, default kick messages, and tick conversion to improve readability and reduce hardcoding.
  • Added comprehensive Javadoc documentation for all methods to improve code maintainability.
• TaskQueue Enhancements:
  • Improved exception handling by distinguishing between RuntimeException and Throwable for more precise error logging.
  • Added null check for tasks in the submit method to prevent submission of invalid tasks.
  • Added isTerminated method to allow checking the executor’s status.
  • Restored interrupted status in shutdown method to follow Java concurrency best practices.
  • Added Javadoc documentation for all methods to enhance code clarity.
• Logging Improvements: Enhanced logging in both KickHandler and TaskQueue with more contextual information for better debugging and monitoring.

Bug Fixes

• Fixed potential issue in KickHandler where offline players could cause unnecessary log entries by adding early validation checks.
• Resolved potential resource leaks in TaskQueue by ensuring proper executor shutdown handling.

Performance

• Optimized KickHandler by reducing redundant checks and streamlining the kick message formatting process.
• Improved TaskQueue efficiency by minimizing overhead in task submission and error handling.

Compatibility

• Fully compatible with Bukkit/Spigot servers running Minecraft 1.16 and above.
• No changes to configuration file structure; existing configurations remain valid.

Anti-Bot update and bug fixes

Improved optimization

Improvements to the authorization and registration system



✨ What's new

Improved messages



Smart prompts when moving: players now receive the correct messages depending on their status:



Unregistered players will see: “You need to register!”

Registered players will see: “You need to log in!”





Less spam: messages are displayed at reasonable intervals



️ Increased reliability



⚡ Improved performance: event processing has been optimized

Security: improved protection against crashes and errors

Better logging: more detailed information for administrators



Safe teleportation



Smart spawn check: the system checks the safety of the teleportation point

Backup options: if the specified world is unavailable, the main world is used

Accurate teleportation: improved stability of movement after registration





Technical improvements

⚡ Performance



Optimized processing of player movements

Caching of frequently used data

Reduced server load



️ Stability



Improved error handling

Protection against crashes in case of configuration problems

More reliable work with the player database



Security



Enhanced protection against brute force attacks

Improved password verification

More secure session handling

small fix

What's new?



Added “prop” for new teams.

Added a new strut for the next updates.



Next update will be player cache optimization

- Fixed minor errors

Added action bar customization (Timer Auth)

Fixed Bugs

[*]Fixed compilation error with SimpleLogger by adding support for debug logging. [*]Resolved unhandled SQLException in LoginCommand by adding proper exception handling. [*]Fixed lambda expression warnings in LoginCommand by making variables effectively final. [*]Enhanced configuration handling to ensure all messages and parameters are customizable via config.yml. [*]Updated SpigotMC submission format to resolve "Please enter a valid tag line" error. [*]Removed image and link dependencies in the description for submission compliance.

Add BackUp.zip
Add BackUp.yml

Fix Bug

Fix Admin GUI

Open panel /linferno

Fixed small lines of code to improve server performance, and removed support for versions 1.17 and below

Added support for versions 1.16 and 1.17


Now the plugin can work on versions from 1.16 to 1.20.6.

Changes have also been made to the code​

Fixed login issues. Fixed that when registering the player could walk if TPS was 10.0 Fixed a bug where the player could not move after logging in if TPS was 10