Tuinity 1.15

Waterfall (Bungee) with FW properly configured.

Various plugins, but I can list them.

The other day a player had a chest 1/2 full of player heads in a double chest - Legit obtained. Various amounts of each, not 1/2 x 64 heads. They broke the chest, the heads popped on the ground and kicked the players.

They didn't mean too, apologised and I said don't worry about it...It wasn't malicious, but it was concerning it'd be abused (and here we are today).

Yesterday/in the early hours - An admin from another server came on and said

"We've been raided; they said your IP <example.com> is next" - We thanked that server admin, and prepared for the storm.

The storm arrived a short while after - One player with a hacked client, and 20 alts duping and dropping entities [namely filling a book with large text] and kicking players.

I am sure I had the book-chunk exploit fixed in the config, unless this is a new one.

I've tried googling, and I'm clearly not using the right terms. Is there any way to prevent these attacks?

I know hacked clients cannot be detected - It is what it is, but at least how to prevent some/all of the methods used.