LogisticsPipe 0.9.4.5.5 (which fix the false positive malware alarm) caused some microsoft accounts cannot login.

[Gateswong]

Your GTNH Discord Username

Gates_ice#4537

Your Pack Version

2.1.2.3qf (w/ LogisticsPipe 0.9.4.5.5)

Your Server

Private Server

Type of Server

No response

Your Expectation

/

The Reality

One account get kicked immediately after logging in, while another account is good to go.

Here are the logs on both client and server side: https://gist.github.com/Gateswong/8919e76a3461d57a9319ceaae016fd4b

Your Proposal

/

Final Checklist

• [X] I have searched this issue tracker and there is nothing similar already. Posting on a closed issue saying the bug still exists will prompt us to investigate and reopen it once we confirm your report.
• [X] I can reproduce this problem consistently by follow the exact steps I described above, or this does not need reproducing, e.g. recipe loophole.
• [X] I have asked other people and they confirm they also have this problem by follow the exact steps I described above, or this does not need reproducing, e.g. recipe loophole.

[Glease]

Seems unrelated to trojan something, though I cannot personally replicate this.

[mitchej123]

The server log looks like someone with too much NBT... are they carrying a compressed chest of ae2 drives?

The client side logicistic pipe errors from crafttweaker... looks almost like someone grabbed a -dev.jar or an old .zs... although I usually see it crash in other weird ways with missing classes...

[Gateswong]

The server log looks like someone with too much NBT... are they carrying a compressed chest of ae2 drives?

The client side logicistic pipe errors from crafttweaker... looks almost like someone grabbed a -dev.jar or an old .zs... although I usually see it crash in other weird ways with missing classes...

The account is a creative player that we used to diagnose problems with handy. I deleted the problematic player's data under server's World/playerdata/.dat as well as two .thaum/bauble files. The problem still happens.

Client and server seeing same log entries as above. I can identify that the player now spawn near x=0, z=0 instead of x=-264.03, y=85.50, z=184.11 yesterday. Also within the short period of time before it disconnect (~ 0.1s) I can see there is only a quest book on hotbar.

The other account I own is good. I tried both accounts on the same GTNH instance, using the in game reauth to switch accounts.

[boubou19]

are they at the same place in the world?

[Gateswong]

I rolled back the logisticspipes mod on both server and client to version 0.9.4.5.4 with(after) malware fix, but the error still exists. (This jar file is provided in GTNH discord's announcement channel)

Then I rolled back the mod to 0.9.4.5.4 BEFORE malware fix, I am able to log in now.

[Gateswong]

The server log looks like someone with too much NBT... are they carrying a compressed chest of ae2 drives? The client side logicistic pipe errors from crafttweaker... looks almost like someone grabbed a -dev.jar or an old .zs... although I usually see it crash in other weird ways with missing classes...

The account is a creative player that we used to diagnose problems with handy. I deleted the problematic player's data under server's World/playerdata/.dat as well as two .thaum/bauble files. The problem still happens.

Client and server seeing same log entries as above. I can identify that the player now spawn near x=0, z=0 instead of x=-264.03, y=85.50, z=184.11 yesterday. Also within the short period of time before it disconnect (~ 0.1s) I can see there is only a quest book on hotbar.

The other account I own is good. I tried both accounts on the same GTNH instance, using the in game reauth to switch accounts.

The mod comes from GTNH discord announcement. I do see the following log on server side:

[09:34:44] [Server thread/DEBUG] [LogisticsPipes/LogisticsPipes]: You are using a dev version.
[09:34:44] [Server thread/DEBUG] [LogisticsPipes/LogisticsPipes]: While the dev versions contain cutting edge features, they may also contain more bugs.
[09:34:44] [Server thread/DEBUG] [LogisticsPipes/LogisticsPipes]: Please report any you find to https://github.com/RS485/LogisticsPipes/issues
[09:34:45] [Server thread/TRACE] [LogisticsPipes/LogisticsPipes]: Sent event FMLPreInitializationEvent to mod LogisticsPipes

[boubou19]

we really need to kill this version check

[Gateswong]

Also FYI, the fix version is not compatible with original version. You need to swap on both client and server side.

[boubou19]

well that is expected. Altho given the fact it doesn't reject the mod version, that's one of the rare case where a version update is mandatory.

[Glease]

Does your creative account happen to have admin rights? I suspect some mod is trying to send a very large chat message, e.g. a huge update log, to admins on login.

[TenchiRyokoMuyo]

Thanks Glease - I am operator on that server. I am deopping myself, and will attempt to log back in.

[TenchiRyokoMuyo]

I have de-opped myself, but I am still getting the same error.

04.05 21:58:10 [Server] INFO io.netty.handler.codec.EncoderException: java.io.IOException: String too big (was 155516 bytes encoded, max 32767)

Still that 155516 byte measurement.

[TenchiRyokoMuyo]

As a test, my roommate allowed me to utilize his minecraft credentials, as we wanted to test if it was administrative issues or not. Turns out, it has nothing to do with the server or account - I had the same issue when trying to log in under his account. It must be something to do with the install, but fresh installs aren't working.

[Glease]

Try replace the hodgepodge on server side with http://jenkins.usrv.eu:8080/job/Hodgepodge/122/artifact/build/libs/hodgepodge-1.7.10-1.7.2-5-g995b961.jar It should allow you to login and will print the offending message in server log. Hopefully this would be enough to know who is the one sending 155kb of chat to client...

[TenchiRyokoMuyo]

I've installed this mod on client and server, neither can load now with this version. They crash before loading completely.

Client : https://pastebin.com/8jQ2hcs1

Server : https://pastebin.com/JmVgYvAg

[mitchej123]

Disable the BOP options in the config, or grab the BOP off of curse

[TenchiRyokoMuyo]

@mitchej123 As in swap out the config files from the 2.1.2.3 GTNH BOP configs from curseforge install?

[mitchej123]

look at the hodgepodge config file and disable any of the BOP options

[mitchej123]

(or swap out the entire BOP JAR off of curse)

[TenchiRyokoMuyo]

I did not get to try this - I managed to get MultiMC working through odd means, and was able to sign in using the MultiMC launcher. They're literally the exact same files, so I don't know why this worked this way, but I seem to be able to use MultiMC now for logging in. It appears the MultiMC issue I was having may have been resolution based.

[TenchiRyokoMuyo]

So! I managed to get in using MultiMC.

This message displays. It's definitely LogisticPipes...For the record, Windows Defender is also telling me this is a trojan, as OP had posted.

Edit : Roommate gets same message, just never noticed it because we don't use in-game chat much. So it sends it to all players, but MultiMC seems to allow it to work.

[Glease]

Do you see that Incident ID? Search for this in your server log and see what it is exactly.

[TenchiRyokoMuyo]

https://pastebin.com/ChbRQHfC

Found it! Took me a while. Hope ya'll can make sense of it...doesn't make much sense to me haha.

[Gateswong]

Does your creative account happen to have admin rights? I suspect some mod is trying to send a very large chat message, e.g. a huge update log, to admins on login.

In my case, yes.