Security Checks Overview

GAPE includes 10 comprehensive security checks that protect against packet-based exploits, crashes, and malicious behavior. Each check operates at the packet level using the PacketEvents API.

All Security Checks

01

Rate Limit

Per-type packet rate limiting with configurable thresholds
02

Tab Complete Crash

Blocks malicious tab-completion packets
03

Sign Exploit

NBT validation for sign packets
04

Book Exploit

Written book protection and validation
05

Oversized Packet

Size limit enforcement for all packets
06

Custom Payload

Plugin message validation and flood protection
07

Packet Flood

General flood protection across all packet types
08

Command Spam

Command rate limiting and spam detection
09

NoCom Exploit

Position validation and coordinate checking
10

Crasher Detection

Multi-vector crash prevention system

How Checks Work

When a packet is received, GAPE processes it through the following pipeline:

  1. Interception: Packet intercepted before reaching server
  2. Validation: Check validates against known exploit patterns
  3. Decision: Packet allowed, cancelled, or player flagged
  4. Action: Alert staff, cancel packet, or kick player based on violation level

Performance Impact

All checks are highly optimized for minimal performance impact:

  • Per-packet overhead: 300-500 nanoseconds
  • Memory usage: ~560 bytes per tracked player
  • Async processing: Violations handled off main thread
  • Smart caching: Reduces redundant validation