I installed FTB Academy 1.16 on my server the other day using the official download link from the FTB app, and I have since done testing and it appears my server is susceptible to log4j attacks. I found this out by simply logging into my server with my client and typing this in the chat "${date:YYYY}", and when I checked the latest logs "2022" was printed out. How do I fix the log4j exploit? My server files and start.sh file that was automatically generated upon server installation seems to use a file in the log4jfix directory called Log4jPatcher-1.0.0.jar. My start.sh file looks like this:
#!/bin/bash
if ! grep -q "eula=true" eula.txt; then
echo "Do you agree to the Mojang EULA available at https://account.mojang.com/documents/minecraft_eula ?"
read -N 1 -p "[y/n] " EULA
if [ "$EULA" = "y" ]; then
echo "eula=true" > eula.txt
echo
fi
fi
/usr/lib/jvm/java-11-openjdk-amd64/bin/java -javaagent:log4jfix/Log4jPatcher-1.0.0.jar -XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -Xmx5000M -Xms4000M -jar forge-1.16.5-36.2.2.jar nogui
Isn't this supposed to fix the log4j exploit? If not, then how do I fix the exploit? I have already taken down the server but I would like to run it soon if possible.
#!/bin/bash
if ! grep -q "eula=true" eula.txt; then
echo "Do you agree to the Mojang EULA available at https://account.mojang.com/documents/minecraft_eula ?"
read -N 1 -p "[y/n] " EULA
if [ "$EULA" = "y" ]; then
echo "eula=true" > eula.txt
echo
fi
fi
/usr/lib/jvm/java-11-openjdk-amd64/bin/java -javaagent:log4jfix/Log4jPatcher-1.0.0.jar -XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -Xmx5000M -Xms4000M -jar forge-1.16.5-36.2.2.jar nogui
Isn't this supposed to fix the log4j exploit? If not, then how do I fix the exploit? I have already taken down the server but I would like to run it soon if possible.