Minecraft Spigot plugin for detecting Log4Shell attacks in chat.
As you might be aware, popular Java library Log4j contained a serious security flawthat allowed remote arbitrary code execution. This vulnerability caused wreack havocon the Internet and affected many Java applications, including Minecraft. Since itwas fixed, Log4Shell no longer poses as much of a threat as before the fix. However,some applications are yet not patched, and there are number of Minecraft servers thatare running Minecraft version 1.8, which isn't patched (especially PVP servers).These servers are vulnerable to this attack vendor and therefore have to be protectedsomehow. One thing that can be used to advantage: chat is processed by an event handlerthat can be used by plugins. This allows for scanning messages and translate chat colorcodes (the ones denoted with&), allows to use a swear filter, or kick or ban usersbased on certain phrases in the chat. Event handler doesn't log the chat message contentby default when it is catched by a plugin, it fully transfers that responsibility to theplugin itself. The chat message is only logged when it's sent. So what if we could scanmessages by players to see if it contains the dreaded JNDI lookup? Yes, we certainly could.
This is a simple plugin that detects the JNDI lookup in the message and bans the playeraccordingly. In future, I might have a soft depend on popular punishment plugins that handlethis functionality and detect their presence. If present, the plugin will use their APIinstead (provided the source code of them is available). Otherwise it will use vanillafeatures to ban players.
Plugin has no configuration, it is simple install, reboot and use. Since newest versionsof Minecraft have this vulnerability patched, the aim is directed at the older versionsthat might have this vulnerability. Notably the most widely used Minecraft version 1.8.First testing release is out, so give this plugin a try if you want to make your servermore secure. Source code is available here online, so you can look into it yourself.Since my IDE doesn't offer me Minecraft Spigot versions below 1.12, this is the SpigotAPI version this plugin is currently using. It may or may not work on older versionsthan Spigot Minecraft 1.12, but it is guaranteed to work on this version or newer.Tested version was 1.18.1.