Proxy Spoofing - What Is It? How'd It Happen To Me?
Proxy Spoofing is caused when a player, normally when using a hacked client, "tricks" the backend server into thinking that you have already authenticated against an "offline" version of the proxy the hacked client is hosting temporarily, gaining access to that server as any username.
This is when you attempt to manage your MC network using BungeeCord/Velocity or other such proxy management software and connecting your backend servers via their public IP addresses which have their port exposed to the internet.
An example of this is having an Advance system from OVH and a Pebblehost shared server. This can also happen on more than one system you have with OVH and you accidentally used a public IP and not your internal networks IP address, such as 10.10.10.3 from the 10.10.10.1 dedicated system the proxy is sitting on.
You can have your proxy, lobbies and other gamemodes on one dedicated system, but if you connect the shared server/additional systems together in the wrong configuration, your players have to jump from a secure "Proxy" with online-mode=true turned on, then to your backend server, open to the public on a port with online-mode=false, meaning it can be accessed by "tricking" the backend server.
Think about that scenario... the player can then become whoever they want to be. You are the owner, so your name is normally operator or has star permission from your permissions plugin. Put that together and what does that equal? Hacked server, lava casting, opping everyone, you name it.
Don't make this mistake and speak to us first before buying your servers from different providers as it might not be in possible in your case or cause more of a headache later down the line.