Is Your Minecraft Server at Risk? Log4j Explained

Not many months ago, we saw the rise of a terrifying exploit that affected millions of servers across the globe. However, now that companies have had time to fight back is Log4j still an issue? Today we answer that question and more in Log4j explained.

Log4j Explained

Using a vulnerability in Apache Log4j, bad actors learned they could gain control of a server with a single line of text. For Minecraft servers, this meant remote console access and all the permissions that come along with it. To this day, server owners occasionally report players joining, typing something code-like into chat, and then leaving. These are users attempting to use the exploit on various servers in hopes of finding one without protection. Mojang’s official statement on this matter can be found here.

Is My Server Safe?

All servers running 1.18.1 and above are completely safe. For those still running version 1.18 and older, part of the necessary fix is to add specific JVM arguments to your startup command line. This can be done by following the instructions below:

1. Log into your Minecraft control panel
2. Click ‘Startup Parameters’ on the left-hand side menu
3. Click the toggle next to the JVM argument you need to enable (If you do not see the JVM argument, restart your server, and it should show up. If you still don’t see it, please create a support ticket*)
4. Restart your server

*If you are running 1.17+ you won’t see the JVM argument because we automatically add the correct one by default to the server’s startup script. No need to contact us in this case. Thankfully the Minecraft community is fantastic, and most server versions have since been patched. This means that as long as your server runs the latest builds, it does not require any fixes. At the time of writing this article, the latest builds of the following jars have all been patched:

• Bungeecord
• Paper Waterfall
• CraftBukkit 1.18.1
• Fabric Loader
• Forge 1.18
• Forge 1.17.1
• Forge 1.16.5
• Forge 1.15.2
• Forge 1.14.4
• Forge 1.13.2
• Forge 1.12.2
• Paper 1.18.1
• Paper 1.18
• Paper 1.17.1
• Paper 1.16.5
• Paper 1.15.2
• Paper 1.14.4
• Paper 1.13.2
• Paper 1.12.2
• Paper 1.10.2
• Spigot 1.18.1
• Spigot 1.18
• Spigot 1.17.1
• Spigot 1.17
• Spigot 1.16.5
• Spigot 1.15.2
• Spigot 1.14.4
• Spigot 1.13.2
• Spigot 1.12.2
• Spigot 1.11.2
• Spigot 1.10.2
• Spigot 1.9.4
• Spigot 1.8.8
• Vanilla 1.7 to 1.18.1

If your server is running anything else, it’s best to proceed cautiously and either update to 1.18.1+ (recommended) or apply the fix mentioned by Mojang.

Questions & Concerns

Your peace of mind is always our top priority. Should you have any questions or concerns, please do not hesitate to contact our support. We are happy to answer any and all questions or simply take a look to confirm your server is safe. Until Next Time, BisectHosting =)