So, Last night someone decided to 'exploit' my server by sending loads of fake login attempts to port 25565. Running spigot seemed to max out my CPU causing everyone to have 1 bar connection and not being able to login. I Switched to bungee and the problem sorta fixed itself. My question is, How do you block an attack like this? Here are my bungee logs from the attack. https://pastebin.com/raw/aLvufAP5 Spigot doesn't show any sort of connection being made to the server, Just the CPU going wild. Here's the connection graph during the 'attack' https://i.gyazo.com/9d34a77e105ff7d2b4982240401b17c6.png I've tried using multiple DDoS protection companies to filters this but obviously they don't work.