"NRIS" hacker group have found a way to crash realms without joining

Realm "Malformed spawn_experience_orb"

There is a group of "hackers" called NRIS (No Realm Is Safe) they like to target realms with high player counts for i quote "fun". But recently they have found a way to crash the realm before they even join the realm. The image below was them "braging"

The image above shows them running a script to constantly close a realm.

But as you can seen its using something called "Malformed spawn_experience_orb", my developer done some research and found out that spawn_experience_orb is client sided.

This script they have created (from my point of understanding) Is shutting down the realm from the client side which i cannot stop. The image below is them "braging" about crashing my realm 80 times.

Im hoping the issue could be figured out ASAP as an owner of a realm of 7.5k members and a discord of 1.5k members i have tons of players worried and annoyed they cant play the realm.

 

they have also gave me this image

They reversed engineered a BDS server to find ___ packet which has no sort of validation, thats the best thing i have at the moment and that picture was sent by NRIS. 

 

EXTRA STUFF

Not sure if this will help to find the issue but my developer found this list of packets that get sent right before the crash:

server_to_client_handshake play_status resource_packs_info network_settings inventory_slot inventory_transaction player_list set_time start_game item_component set_spawn_position set_difficulty set_commands_enabled update_adventure_settings update_abilities game_rules_changed biome_definition_list available_entity_identifiers player_fog mob_effect update_attributes creative_content inventory_content player_hotbar crafting_data available_commands respawn network_chunk_publisher_update level_chunk add_entity add_player mob_equipment set_entity_data entity_event tick_sync move_player remove_entity level_sound_event event command_output chunk_radius_update set_health set_title animate block_event text spawn_particle_effect update_soft_enum set_last_hurt_by level_event update_block block_entity_data update_subchunk_blocks update_player_game_type level_event_generic mob_armor_equipment emote_list

and it turns out they need a minecraft account to crash the realm but they are doing if before their account joins the realm so we still cant do anything about it.