Anti-bot
How Infinity-Filter detects and mitigates Minecraft bot attacks.
Anti-bot is part of the Mitigation tab — see Mitigation for the panel UI. This page goes deeper on what Infinity-Filter’s anti-bot does, when it kicks in, and how to tune it without locking out real players.
How Infinity-Filter detects bots
Three signals combined:
- Per-IP rate — connections per second from a single IP. Bots fan in from many IPs, but each one often opens too many connections too fast.
- Per-network CPS — total connection rate across all sources. Above the configured threshold, the anti-bot mode activates.
- Protocol fingerprinting — handshake patterns, packet ordering, version probes. Many bots are recognizable from their first packet.
These signals feed into one decision: serve the connection normally, challenge it, or drop it.
Modes
Off — connections are accepted as-is at the application layer. L3/L4 mitigation still applies upstream — so this isn’t “no protection”, just “no antibot challenge”.
Use this only if you have a strong server-side antibot plugin and don’t want Infinity-Filter adding a second layer.
Default — a basic rejoin check. The first connection from an unknown IP is challenged with a quick reconnect prompt; real clients pass instantly the second time. Most bots fail the rejoin and never reach the backend.
This is the right choice for most servers. It’s transparent to humans and stops the bulk of script-kiddie bot attacks.
Hardcore — redirects connections to a web verification challenge. The player completes a short check in their browser before being allowed in.
The strongest antibot, useful against sophisticated bots that solve the rejoin check. Requires Under Attack mode to be on — the challenge only triggers when Under Attack is enabled.
Use Hardcore during active large bot attacks. Most servers shouldn’t run it as a default.
The CPS threshold
The anti-bot only kicks in above the per-network CPS threshold. The slider in Settings → Mitigation starts at 5 CPS (the minimum and the default) — below that rate, connections flow normally.
When to raise it
- After every proxy restart you see a brief antibot kick storm: legitimate players reconnect at once, briefly exceeding 5 CPS.
- Your event launches typically generate ~10–20 CPS in the first minutes.
- You run a low-traffic server but use auto-reconnect plugins that briefly burst.
Raise the threshold to a comfortable margin above your normal peak. Don’t disable antibot entirely — the threshold only delays activation, it doesn’t weaken the check once active.
Whitelist activation timing
Under Attack mode automatically activates Whitelist mode within ~1 s of attack detection. Players on the whitelist are unaffected; everyone else is kicked with the configured Under-Attack message. The mode deactivates by itself once the attack ends.
This is the right model when you have an established player base: known regulars stay connected, attackers and unknown traffic are dropped.
Per-IP rate limits
Infinity-Filter applies a per-IP rate limit independent of the CPS threshold. It only triggers on very high pps from a single IP and never lasts more than 15 minutes. You don’t need to configure it — it runs by default.
There is no per-IP player limit — only a per-IP packet rate limit. Multiple players can share an IP (NAT, schools, ISPs) without being blocked.
Encryption and packet inspection
Infinity-Filter cannot inspect the payload of an online-mode (premium) authenticated Minecraft connection — the traffic is encrypted after the handshake. Custom malicious-packet protection beyond the handshake must come from a server-side plugin such as LPX-AntiPacketExploit.
Diagnostic recipes
Hardcore selected but no challenge fires
Under Attack mode is off. Hardcore requires Under Attack to be on — enable it in Mitigation.
”Antibot triggers on every proxy restart”
Mass-reconnect spikes from existing players. Raise the CPS threshold in Mitigation.
A specific player fails the rejoin check
Their client may not be handling the reconnect prompt cleanly — older modded clients can have this issue. Add them to the Whitelist to bypass the antibot for their IP.
What’s next
Last updated: May 28, 2026