The Chat Message That KILLED Minecraft

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
thursday night the minecraft community entered complete mayhem but nobody exactly knew why a mysterious exploit was supposed to somehow let hackers steal accounts find your location crash servers and much more the scariest exploit we've likely ever seen in minecraft and yet all you needed was a single message in chat and as the dust from the discovery settles the panic of the community continues to rise so in today's episode of minecraft uncovered we explore the chat message that killed minecraft and how to protect yourself from the craziest exploit in the game's history i remember it like it was yesterday because it was yesterday at 5 10 p.m my time to be exact fellow youtuber duper trooper broke the news to myself and some friends that there was something insane going on something unbelievable literally i didn't believe it i thought there was some new session exploit or something and he was just panicking since i'm pretty used to seeing the chaos that follows things like this but no this was something much more sinister than that no simple session exploits no haha i steal your skyblock coins because bad minecraft security no this was big literal seconds later my entire discord client blew up with server after server and friend after friend warning me of a mysterious exploit that could cause you to lose everything at first it was just something that worked on servers running paper mc then it was breaking fabric after that it was all of minecraft since 1.8 and now it's grown past that like a virus that spread into steam icloud even the nsa is at risk but what is this boogeyman that has millions of people fearing for their online safety well it all boils down to something called log4j basically a logger for java applications that saves things like debug info chat messages and more see log4j has something called a zero day a terrible exploit that the developers apache know about but haven't fixed yet in fact there have been jet hub issues and bug reports since november that have so far fallen on deaf ears essentially the log 4j to restrict access to something called jndi which organizes and names different parts of code when a hacker sends a special chat message meant to exploit the issue the logger reads the chat message saves it on your computer in your logs and it's executed like a piece of code in this case the code tells java to open a java class file from whatever website your attacker included in their message which allows the hacker to do pretty much whatever they want within the bounce of a class file and that includes a lot of bad things as you could imagine when people started to fully understand what was going on it was a lot less confusing but even scarier that meant that if someone wanted a good shot at stealing data from you or even getting into your computer all they had to do was join your minecraft server and send a special message in chat that links back to their website and because glitches like this are somewhat common though they aren't usually this widespread there are already tons of tools that any random person could download quickly upload to their website and use on pretty much any server they wanted for a while no one was safe so how exactly did this affect the players well it's not as bad as you might think though it's not exactly good either see in later versions of java this was partially patched so that no one could run code on your computer just from a single message which is just about the bare minimum they could do but as i said that was only in later versions of java everything after java 8. if you were like me a few years back still desperately clutching onto your 2007 dell inspiron running windows vista that literally couldn't even install java 8 you would be at serious risk of a random player getting access to your pc through minecraft chat of all things not visiting some weird scam website not entering a 5 million club penguin gift card giveaway not pirating family guy season 7 episode 337 minecraft chat and even after the java update it was still only partially patched they couldn't run code on your pc but they could still use the exploit to find your ip address and location by making your computer send a request to whatever website they wanted you at as i said before no one was safe but let's take a moment to veer away from how the exploit affected players and instead look at the servers remember back in june when we had a mysterious man ddosing tons of huge minecraft servers just for the fun of it well today it seems like we have a bit of a repeat even as servers desperately tried to understand what was going on and roll out patches to save themselves many couldn't keep the server afloat while they did it again newer versions of java were able to prevent hackers from running code on your computer just from a chat message but they couldn't prevent the message from going through entirely only a single chat message was needed to find the private ip of the server spam it with requests and basically ddos it until the server went down and this time anyone could use the exploit to take down nearly any server they wanted so that's exactly what happened one by one servers in the 1.8 pvp community began to drop first mind men club then lunar viper mc invaded lands cave pvp sage pvp and many more and after that it began to spread out even further even managing to take out mineplex and mine hut some of the largest servers of all time by player count in fact tons of people tried to use it to take down hypixel and other huge servers like it but fortunately for us many managed to patch it early before the panic began or never used anything exploitable in the first place for those that didn't it was not going to be fun throughout this video you've probably had one thing on your mind how do you stay safe well the answer to that question is very different depending on what you use and what servers you play in terms of the server side of things i imagine most will implement a fix in the coming days if they haven't already paper mc has released a new update since the discovery of this exploit and any servers that are actively keeping up with new versions should be fine for server owners that can't or for some reason won't update blocking messages that contain the code should also probably be fine as long as you use something to block it before it reaches log4j no it's the players we really need to be worried about since this is quite a complicated situation for them the good news is that anyone that's completely up to date is safe the bad news is that not everybody is up to date so the number one easiest way to prevent this is just update everything you can update your client update your mods update the minecraft launcher update java update your operating system if you have to unless it's trying to make you move to windows 11 also known as the oops we stole iphone's design update and then you can stay behind like i did but for those that can't or won't update let's go down the list and see what can be done starting with java now java 8 is what you'll need if you want to prevent any sort of code being run on your computer and that shouldn't be too crazy of an ask in fact most of you probably already have it since any version of minecraft from 1.12 onwards requires java 8. it supports all the way back to vista and even older versions like xp at your own risk so if you have a computer made anytime in the last 15 years you're probably fine to use java 8. if your computer is older than that it's time to upgrade man when your hardware pre-dates the gummy bar song you might be the problem here you can really easily download new versions of java from the java website just google java 8 download and you'll be able to find plenty of installers and tutorials and so on as for your clients the solution is pretty much all the same on vanilla forge fabric and so on you just have to add this line to your jvm arguments i'll post this in the description so it's easy to copy and as long as you paste it into your arguments which should be under your minecraft installations tab you'll be safe from the exploit if you use lunar client where jvm arguments aren't available in the launcher there's a helpful guide on the hypixel forum that you can use at your own risk to try to add them badline doesn't really have any jvm workaround that i know of though so updating really is your only solution considering that both lunar and badline should be automatically updating themselves though you really shouldn't have to worry when all that's taken care of this message is harmless no matter how many times you spam it to yourself nothing will happen since the java arguments shut down the connection between your game and the logger before any bad requests can be made and just like that you kill the chat message that kills minecraft hope you all enjoyed the video i really tried to get this one out quickly so you would all know the extent of the situation and how to keep yourself safe it really isn't something that the average person has to care about too much since most of you will probably be able to go about your days as normal and automatic updates will take care of everything for you but this should hopefully have kept you in the know so you don't have to worry as always a lot more videos are in the works so stay tuned subscribe if you want like if you want whatever else it is that youtubers are supposed to say have a good one guys peace [Music] foreign
Info
Channel: MCBYT
Views: 66,964
Rating: undefined out of 5
Keywords: minecraft exploit, log4j, minecraft hacks, minecraft patch, minecraft security, minecraft news, minecraft vulnerability, minecraft security patch, log4j vulnerability, log4j exploit, ldap exploit, jndi exploit, jndi, ldap, apache, pache log4j, log4j2, minecraft, minecraft chat exploit, minecraft uncovered, mcbyt, mcb yt
Id: kWKyY-zba_I
Channel Id: undefined
Length: 9min 51sec (591 seconds)
Published: Sun Dec 12 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.