You probably heard of the Log4j vulnerability by now, and you probably know that (the original) Minecraft is written in Java, and so is the server, and it uses Log4j. So, Minecraft servers are affected by this.

I do run a small Minecraft server network (https://www.bitloco.org) but I haven’t had many players lately, it’s been kind of silent.

So, I was happy to see a new player log in (I developed a bridge to a chat service, so I know), but as soon as they joined, I saw the infamous ldap:// URL in chat…

I had patched the servers on the day the fix was released. The attempt happened right on the day after I patched the servers. To be clear, my servers are not popular, they’re not listed on any lists, there’s not much going on (but you are welcome to join).

The point being, this tells me there are actually bots crawling for Minecraft servers, trying to take them over, even completely obscure ones.

If you run a Minecraft server, and you haven’t patched it yet, do so right now. Mojang/Microsoft’s vanilla server was patched with 1.18.1, and the third-party SpigotMC has been so wonderful to backport the fix to all old/unsupported Minecraft versions down to 1.8.8, too (that’s right, 8 – 18 are all fixed if you update).

If such a crawler hits your server and it’s not patched, it WILL be taken over.

That’s all there is to it.

-Sindastra

PS I run this blog in my free time, if you like what you read, consider helping by linking to it or buying me a coffee. (: