Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Log4J Attack on Docker container! How bad is the Damage ?

Featured Replies

Hey,

I have noticed that one of my Docker containers got infected through the Log4J Attack.

And now I'm not sure how to deal with it.

 

Is it possible that it escaped the docker container and the whole unraid installation is infected ?

 

Yes!  Wtf you can’t post a message like that and not at least let others know what container is vulnerable.  

are you sure it was log4j? did you test your containers with log4jscan?

  • Author

Yea sorry forgot mentioning that it's a Minecraft server (binhex-minecraftjava).

Im pretty sure it's log4j because in the game-log files I see the chat Message used by a very suspicious username "INETDataSurveyP35x".

Edited by Senu

One of the upshots of docker is that the rest of the files on your server that you have are only visible to any given app if YOU give the app permission to them.

 

@binhex, any thoughts?

17 minutes ago, Squid said:

One of the upshots of docker is that the rest of the files on your server that you have are only visible to any given app if YOU give the app permission to them.

 

@binhex, any thoughts?

as im sure anybody who runs minecraft java is aware (well reported on the internet), minecraft was highlighted as having the log4j vulnerability, this was then patched by mojang and quickly released, but obviously the patch and fix is only available for the current latest version of minecraft java, if you run earlier versions then you are still vulnerable,

 

im assuming the OP was indeed running a version prior to the fixed version (1.18.1), there are according to mojang certain mitigations you can do for earlier versions, but this would be up to the user to perform these, link to doc:- https://help.minecraft.net/hc/en-us/articles/4416199399693-Security-Vulnerability-in-Minecraft-Java-Edition

 

so as far as damage limitation goes, as long as the OP did not add any additional volume binds then it will be limited to /config only, so a quick restore from backup or at worst, copy your world somewhere, then delete everything in /config, fix up to prevent the vulnerability and restart container and copy the world back should suffice.

30 minutes ago, binhex said:

fixed version (1.18.1)

I'm assuming that the current container is this version or greater?

I'm assuming that the current container is this version or greater?
Correct, latest version is built automatically and is the default version included with the image.

Sent from my CLT-L09 using Tapatalk

I tell ya what, I will firstly put a big fat warning on my threads and secondly I will see if I can detect the version of Minecraft jar, if so I can attempt to patch for the user using the guidance in the link above.


Edit just to be clear, anything running Minecraft Java is potentially vulnerable when using earlier versions, so mineos-node and crafty images are also prone when not running Minecraft server latest versions.

Sent from my CLT-L09 using Tapatalk







  • Author

@binhex @squid ... you all went above and beyond!

 

I really appreciate the Help. I'm still quite new to the whole unraid World and this in my first question on the forum here.

Really cool to see a active and supporting community.

 

I didn't Bind any any Drives/Directories to the container so the damage is minimal.

I'm using the container with a "custom" forge.jar still running 1.7.10.

 

17 hours ago, Senu said:

@binhex @squid ... you all went above and beyond!

 

I really appreciate the Help. I'm still quite new to the whole unraid World and this in my first question on the forum here.

Really cool to see a active and supporting community.

 

I didn't Bind any any Drives/Directories to the container so the damage is minimal.

I'm using the container with a "custom" forge.jar still running 1.7.10.

 

yep running any minecraft server v1.7.1 to v1.18.0 will expose you to the vulnerability, so that def explains why it happened. 

 

So i've done what i can here, i have spammed all Minecraft Java support threads that i own with a warning and what to do to patch, i have also automated patching of binhex/minecraftserver, however its not possible for me to automatically patch mineos-node or crafty (multi minecraft server frontend), as configuration for each server is done through the server web ui and thus must be done by the user for each running minecraft instance.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.