Senu Posted January 21, 2022 Share Posted January 21, 2022 Hey, I have noticed that one of my Docker containers got infected through the Log4J Attack. And now I'm not sure how to deal with it. Is it possible that it escaped the docker container and the whole unraid installation is infected ? Quote Link to comment
Ystebad Posted January 21, 2022 Share Posted January 21, 2022 Yes! Wtf you can’t post a message like that and not at least let others know what container is vulnerable. Quote Link to comment
[email protected] Posted January 21, 2022 Share Posted January 21, 2022 are you sure it was log4j? did you test your containers with log4jscan? Quote Link to comment
Senu Posted January 22, 2022 Author Share Posted January 22, 2022 (edited) Yea sorry forgot mentioning that it's a Minecraft server (binhex-minecraftjava). Im pretty sure it's log4j because in the game-log files I see the chat Message used by a very suspicious username "INETDataSurveyP35x". Edited January 22, 2022 by Senu Quote Link to comment
Squid Posted January 22, 2022 Share Posted January 22, 2022 One of the upshots of docker is that the rest of the files on your server that you have are only visible to any given app if YOU give the app permission to them. @binhex, any thoughts? Quote Link to comment
binhex Posted January 22, 2022 Share Posted January 22, 2022 17 minutes ago, Squid said: One of the upshots of docker is that the rest of the files on your server that you have are only visible to any given app if YOU give the app permission to them. @binhex, any thoughts? as im sure anybody who runs minecraft java is aware (well reported on the internet), minecraft was highlighted as having the log4j vulnerability, this was then patched by mojang and quickly released, but obviously the patch and fix is only available for the current latest version of minecraft java, if you run earlier versions then you are still vulnerable, im assuming the OP was indeed running a version prior to the fixed version (1.18.1), there are according to mojang certain mitigations you can do for earlier versions, but this would be up to the user to perform these, link to doc:- https://help.minecraft.net/hc/en-us/articles/4416199399693-Security-Vulnerability-in-Minecraft-Java-Edition so as far as damage limitation goes, as long as the OP did not add any additional volume binds then it will be limited to /config only, so a quick restore from backup or at worst, copy your world somewhere, then delete everything in /config, fix up to prevent the vulnerability and restart container and copy the world back should suffice. 4 1 Quote Link to comment
Squid Posted January 22, 2022 Share Posted January 22, 2022 30 minutes ago, binhex said: fixed version (1.18.1) I'm assuming that the current container is this version or greater? Quote Link to comment
binhex Posted January 22, 2022 Share Posted January 22, 2022 I'm assuming that the current container is this version or greater?Correct, latest version is built automatically and is the default version included with the image.Sent from my CLT-L09 using Tapatalk Quote Link to comment
binhex Posted January 22, 2022 Share Posted January 22, 2022 I tell ya what, I will firstly put a big fat warning on my threads and secondly I will see if I can detect the version of Minecraft jar, if so I can attempt to patch for the user using the guidance in the link above.Edit just to be clear, anything running Minecraft Java is potentially vulnerable when using earlier versions, so mineos-node and crafty images are also prone when not running Minecraft server latest versions.Sent from my CLT-L09 using Tapatalk 1 1 Quote Link to comment
Squid Posted January 22, 2022 Share Posted January 22, 2022 As always @binhex you go above and beyond! 1 Quote Link to comment
Senu Posted January 23, 2022 Author Share Posted January 23, 2022 @binhex @squid ... you all went above and beyond! I really appreciate the Help. I'm still quite new to the whole unraid World and this in my first question on the forum here. Really cool to see a active and supporting community. I didn't Bind any any Drives/Directories to the container so the damage is minimal. I'm using the container with a "custom" forge.jar still running 1.7.10. Quote Link to comment
binhex Posted January 23, 2022 Share Posted January 23, 2022 17 hours ago, Senu said: @binhex @squid ... you all went above and beyond! I really appreciate the Help. I'm still quite new to the whole unraid World and this in my first question on the forum here. Really cool to see a active and supporting community. I didn't Bind any any Drives/Directories to the container so the damage is minimal. I'm using the container with a "custom" forge.jar still running 1.7.10. yep running any minecraft server v1.7.1 to v1.18.0 will expose you to the vulnerability, so that def explains why it happened. So i've done what i can here, i have spammed all Minecraft Java support threads that i own with a warning and what to do to patch, i have also automated patching of binhex/minecraftserver, however its not possible for me to automatically patch mineos-node or crafty (multi minecraft server frontend), as configuration for each server is done through the server web ui and thus must be done by the user for each running minecraft instance. 2 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.