Question Beta 1.7.3 server connect to authentication servers?

Hey, sorry but this title gives no justice to the pure detail of my situation right now so please read everything before replying.

So first off I own a server that is beta 1.7.3, yes you read that correctly. it is BETA. Now beta no longer works with Mojang login servers, so I've had to set my server to offline mode. However, all my players have legitimate minecraft accounts and the fact that it's offline-mode is a major pain because rule-breakers can simply ban evade with proxies, and players are able to register many accounts.

Here is what I am wondering. Is there a plugin out there that can make it so only legitimate accounts can login to my server, and where you have to be the owner of said account? Everyone on the server is using the minecraft official launcher so they are technically logged in to their account, but the server doesn't check that. I'm honestly not even sure if this is possible, so if not then is there a way to get the offline-mode server as secure as possible? Right now I use AuthMe for normal registering, and my staff's and donators' accounts are IP-secured. Is there anything else I can do to make the server as safe as it can be?

Oh and here is the kicker:

Like I said my server is beta 1.7.3 but the actual spigot is modern 1.7.2. I custom coded it to basically replace all the new events from plugins, so for example if a player tries to do /i enderpearl 16 the server says no you don't and gives the player 16 dirt instead of throwing tons of errors.

So if you recommend plugins, don't worry about them working for my server because they will as long as they don't use UUID's.

Any ideas?

 

You could have/make a 1.8.7 password register server - so the password for the real server is set there (with authentication) and the uuid and password and whatever is necessary is entered into a database, which your 1.7.3 beta server will also have access to. You could also use it for locking the password for the current IP, though my initial idea would be to register once there, so the password is associated with a UUID for a legitimate player. I don't know if that has been done already, i kind of doubt it. [I didn't mean to encourage entering plain text passwords into a database - of course security-wise it should do a proper salt+hash thing, possibly encrypt, and the plugin should not allow anything special, not even for OPS in case the latest mc version has another nasty exploit once more.]

Another thing would be to either patch the server (!) or add a plugin containing the necessary code to do the authentication yourself on your beta server, however the AsynchronousPreLogin event missing could really hurt there.

I don't know if any BungeeCord thing has been existing back then, because those used to do the authentication with the servers being in offline mode.