Custom Payload Flood Check

Prevents plugin message spam and netty pipeline injection.

What It Does

This check monitors custom payload packets (also called plugin messages) used for mod-server communication and plugin channels. It prevents flood attacks and detects pipeline injection attempts.

What Are Custom Payloads?

Custom payload packets allow clients and servers to exchange custom data through registered channels:

  • Plugin messages: Communication between client mods and server plugins
  • Brand packet: Identifies client type (vanilla, Forge, Fabric, etc.)
  • Resource pack status: Client responses to resource pack prompts
  • Custom channels: Mod/plugin-specific communication

Why They're Exploited

Custom payload packets are attractive exploit targets because:

  • They can contain arbitrary binary data
  • Many servers don't validate payload content
  • They can be sent without triggering normal rate limits
  • Used for netty pipeline injection attacks
  • Can bypass other anti-cheat checks

How It Works

GAPE monitors custom payload packets for abuse:

  • Rate limiting: Maximum custom payloads per second
  • Size validation: Payload data size limits
  • Channel validation: Only registered channels allowed
  • Content inspection: Detects suspicious payload patterns
  • Pipeline monitoring: Watches for injection attempts

What It Protects Against

Plugin Message Spam

Flooding the server with thousands of custom payload packets to cause lag or crash plugins.

Pipeline Injection

Attempting to inject malicious handlers into the netty pipeline through specially crafted payloads.

Channel Exploitation

Sending payloads on unregistered or fake channels to exploit plugin vulnerabilities.

Data Injection

Injecting malicious binary data through payload packets to exploit deserialization bugs.

Attack Patterns

Payload Flood Attack

Attacker sends 1000+ custom payload packets per second, each containing random data, to overwhelm the server.

Netty Pipeline Injection

Crafted payload that attempts to register a malicious packet handler in the pipeline, bypassing all security checks.

Fake Channel Spam

Sending payloads on hundreds of fake channel names to confuse plugin message routing.

Oversized Payload

Custom payload with megabytes of data to exhaust memory or exploit buffer handling.

Configuration Options

Rate Limit

Maximum custom payload packets per second:

  • 5 per second: Strict, vanilla clients rarely exceed this
  • 10 per second: Balanced (default)
  • 20 per second: Lenient, for heavily modded servers

Maximum Payload Size

  • 32KB: Default, covers most legitimate use cases
  • 64KB: For mods that send large data
  • 16KB: Strict protection

Channel Whitelist

Only allow payloads on specific channels:

  • Registered only: Only channels registered by plugins (strict)
  • Known channels: Whitelist of safe channels (recommended)
  • All allowed: Any channel accepted (lenient)

Violation Threshold

  • 5: Strict
  • 10: Balanced (default)
  • 20: Lenient

Common Legitimate Channels

These channels are used by vanilla and popular mods:

  • minecraft:brand - Client brand identification
  • minecraft:register - Channel registration
  • minecraft:unregister - Channel unregistration
  • FML|HS - Forge handshake
  • FML|MP - Forge mod packets
  • WECUI - WorldEdit client

Pipeline Injection Detection

GAPE specifically monitors for pipeline injection by:

  • Tracking pipeline structure before and after payload processing
  • Detecting unauthorized handler additions
  • Blocking payloads that attempt to access internal APIs
  • Monitoring for reflection-based pipeline manipulation

False Positives

Potential legitimate causes of violations:

  • Heavily modded clients: Mods may send many payloads during login
  • Plugin synchronization: Plugins syncing large datasets
  • Mod conflicts: Some mods spam payloads when incompatible

Solution: Increase rate limit or add mod channels to whitelist.

Performance Impact

  • Per payload: ~100ns validation time
  • Only triggered: When custom payloads are sent
  • Memory: ~100 bytes per player for tracking

Modded Server Considerations

Forge/Fabric Servers

Modded servers need higher limits due to mod communication:

  • Increase rate limit to 20-30 per second
  • Whitelist common mod channels
  • Allow larger payload sizes (64-128KB)
  • Higher violation threshold (15-20)

Vanilla Servers

Vanilla servers can use strict limits:

  • Rate limit 5-10 per second
  • Only allow minecraft:* channels
  • 32KB payload limit
  • Low violation threshold (5-10)

Best Practices

  • Use channel whitelisting on vanilla servers
  • Monitor logs to identify legitimate vs malicious channels
  • Adjust limits based on your server's mod/plugin ecosystem
  • Enable alerts for pipeline injection attempts
  • Coordinate with plugin developers about expected payload rates
  • Test thoroughly when adding new plugins that use custom channels
Warning: Pipeline injection is one of the most dangerous exploit types. Keep this check enabled and monitor for injection attempts.
  • Releases
  • Discord Support

    • Legal

    © 2025 GAPE. Built by vypnito.