VoxaAegis
VoxaAegis is a layered anti-bot protection system for Minecraft server networks.
It is built to reduce the impact of join floods, coordinated bot waves, repeated retry swarms, suspicious registration behavior, and abnormal post-join bot sessions through explainable server-side mitigation.
VoxaAegis does not try to be a DDoS firewall. It is a plugin-layer defense system for Minecraft traffic that helps operators detect, slow down, isolate, challenge, and block bot-like clients before they can damage the player experience.
What It Does
VoxaAegis combines multiple protection layers instead of relying on one simple rate limit.
Main features:
- Join flood and burst-rate limiting
- Coordinated username, timing, IP, and subnet wave detection
- Risk scoring for suspicious usernames, fresh addresses, retry swarms, churn, and offender memory
- Quarantine flow for suspicious joins
- Fake entry gate / screening room for players under review
- Adaptive anti-bot challenges
- HumanityGate post-join verification
- Post-join liveness checks for physics-void and look-only sessions
- Client brand, locale, ping, movement, and interaction signal checks
- Repeated
/registersecret wave detection without storing plaintext passwords - Persistent cooldown ledger for restart-safe mitigation memory
- Runtime bypass and temporary trust controls
- Operator-facing status, stats, diagnostics, event journal, and support dumps
Commands
/voxaaegis help— show command list/voxaaegis status— live protection overview/voxaaegis stats— mitigation and screening statistics/voxaaegis profile— current attack profile/voxaaegis attacklog [limit]— recent attack summaries/voxaaegis events [limit]— recent event journal/voxaaegis dump— write a support dump/voxaaegis inspect <player>— inspect a live player/voxaaegis analyze <username> [ip]— preview join scoring/voxaaegis doctor— topology and runtime checks/voxaaegis cache status— cache and housekeeping state/voxaaegis cache purge— force cleanup/voxaaegis release <player>— release a quarantined player/voxaaegis bypass add <username>— add a runtime username bypass/voxaaegis bypass add-ip <ip>— add a runtime IP bypass/voxaaegis bypass remove <username>— remove a runtime username bypass/voxaaegis bypass remove-ip <ip>— remove a runtime IP bypass/voxaaegis bypass list— list runtime username bypasses/voxaaegis bypass list-ip— list runtime IP bypasses/voxaaegis trust add <player|ip>— temporarily trust an address/voxaaegis trust remove <ip>— remove temporary trust/voxaaegis trust list— list trusted addresses/voxaaegis reload— soft reload/voxaaegis hard-reload— full runtime rebuild reload
Why Use It
VoxaAegis is designed for server owners who want practical anti-bot protection without losing visibility.
The plugin focuses on:
- layered mitigation instead of one brittle hard block
- readable operator diagnostics
- clear attack summaries
- configurable quarantine and challenge behavior
- safer handling of suspicious players before they reach the real server
- compatibility with authentication plugins through allowed auth commands
- actionable status output for tuning during attacks
Supported Platforms
Primary backend line:
- Paper
- Purpur
- Pufferfish
- Spigot best-effort
Proxy / network line:
- Velocity
- BungeeCord / Waterfall
Secondary / experimental lines:
- Folia
- Sponge
- Legacy Spigot / Paper 1.16.5 - 1.19.4 through the separate legacy jar
Version Support
Modern backend and proxy line:
- Minecraft
1.20 - 1.21.11
Legacy backend line:
- Minecraft
1.16.5 - 1.19.4 - Requires Java 17
- Uses the separate
voxa-aegis-legacy-0.3.jar
Important Notes
- Current release line: 0.3
- Main recommended runtime: Paper / Purpur / Pufferfish
- Sponge is a narrow experimental line and should not be treated as equal to the Paper-family runtime.
- BungeeCord / Waterfall support exists, but Velocity is the preferred proxy platform.
- VoxaAegis is not a replacement for real network-layer DDoS protection.
- For very large attacks, use proper hosting protection and a proxy-first architecture.
