Before you immediately slam the object button, I just want to explain how The System™ that I have in mind would work:
First, an admin would find a need for enabling the proxy checker, either due to an individual repeatedly joining on alternate accounts and proxies to disrupt the server or another user using a bot program to spam the freedom-01 server.
Once a use case is found, the admin would run a command along the lines of /pc enable, which will enable The System™ for a configurable amount of time. After the time elapses, or the server restarts, The System™ is automatically disabled.
The System™ | how does it work?
The System™ would hook into Bukkit's PlayerLoginEvent. When a player attempts to log into freedom-01 while The System™ is enabled, it'll query the English Wikipedia's API for any active blocks on the IP Address. (you can see an example of the API response here)
If the reason for the block contains {{colocationwebhost}}, {{Webhostblock}}, {{blocked proxy}}, or {{zombie proxy}}, then the player will be kicked and the IP address would be added to an in-memory cache to prevent repeated requests to the endpoint.
If the IP is blocked but not for being an open proxy, or is simply not blocked at all, then the connection is allowed, with the IP address also being added to an in-memory cache to prevent unnecessary requests.
In the event that the API endpoint either times out, doesn't respond, or responds with an error object, the connection will be allowed but won't be added to the cache. It'll also log an error to console.
The System™ | caveats?
Yes, actually. Due to the way Bukkit's PlayerLoginEvent works, a connection attempt will hang until the allow() method is called, which would normally be when the API responds. Luckily, under normal conditions, the response time is less than 500ms from my measurements. The in-memory cache that I mentiond earlier would also prevent a player who has already connected to the server once from having to experience this delay again.
There is also the fact that there are OPs who play on freedom-01 who have a legitimate use for using a VPN or proxy, and that The System™ would prevent them from playing if it was enabled, which is why I also suggest that NetworkManager or LuckPerms is used to create a permission node for The System™ which would skip all checks for that player.
Luckily MediaWiki is pretty lax with their API etiquette, especially for read-only requests like the one that The System™ uses. They only ask that you set a User-Agent header so that they can identify and contact you if needed.
The System™ | do we even fucking need it?
Need is a pretty strong word.
It would certainly be a better solution than just preventing all logins to the freedom-01 server in the event of a bot attack, or having the admin team play a game of Whack-A-Mole with server crashers.
I also understand that the development team for TotalFreedom is pretty light at the moment, which is why I'm not asking the dev team to drop everything they're doing and slam this shit into TFM. I'm just proposing a potential solution.
The System™ | TL;DR
Fine.
The System™ is a temporary proxy checker that attempts to stop bad faith users and bots that use proxy or VPN connections while also minimising the effect on legitimate players.
If you have any questions, I'll be here for the next hour or two. Thank you for taking the time to read this.