Zero Day. log4j exploit - what we fixed and how it affects you (CVE-2021-44228)

Published by: xShadowLightx

About log4j

log4j (CVE-2021-44228) known as (log4shell) is a library user for logging at the most basic level in any number of given java applications. log4j is widely used, making this vulnerability a very serious one.


our exploit comes from what log4j does and how it does what it does.. again log4j is a logging utility, meaning it logs events in a system or application. in layman's terms, it has been discovered that log4j can run or execute commands, if it finds one in one of the logs it makes. i.e., for us, log4j would log and save everything from player movements, to usernames, and to every piece of text that is sent into to chat, meaning to you type and send a very specific command into game chat, the log4j utility would see this, and run it. if someone knows what they are doing, they could do anything from a simple dos attack (denial of service) to gaining remote control of the affected system and every device/service connected to it.

How We Fixed it

As discussed, log4j has become a serious liability. For this reason, we have taken liberty to take matters into our own hands. we have disabled the log4j utility all together and have undertaken the responsibility of writing and managing our own logging utility. we are calling it sysj4log, (its a technical joke). this new utility we take place and communicate with all of our management plugins on log4j's behalf, and the data will stored on its own storage network, with no possible execution. until the exploit is fully removed/patched and the log4j service utility can be fully trusted again, this is how it will remain. with that being said, the IronSideMC server is now fully playable again. we again apologize for any inconvenience.