Minecraft servers before version 1.18.1 are vulnerable to a Remote Code Execution attack. You must upgrade immediately.
Create fix_minecraft.sh in your text editor.
# nano ~/fix_minecraft.sh
Paste the following script:
#!/bin/bash
echo "Vultr Minecraft Log4j RCE Patcher - v1.0"
if ! [ -z "$(grep "Dlog4j.configurationFile=log4j2.xml" /home/minecraft/minecraft_server.sh)" ]; then
echo "Already patched!"
exit 0
fi
echo "Grabbing version!"
VERSION="$(cat minecraft_server_version)"
VERSION_MAJOR="$(echo ${VERSION} | awk -F'.' '{print $1}')"
VERSION_MINOR="$(echo ${VERSION} | awk -F'.' '{print $2}')"
echo "Found Version: ${VERSION}"
if [ "${VERSION_MAJOR}" == "1" ] && [ "${VERSION_MINOR}" -lt "12" ]; then
echo "Found OLD Version: ${VERSION}, using pre 1.12 xml fix!"
URL="https://launcher.mojang.com/v1/objects/dd2b723346a8dcd48e7f4d245f6bf09e98db9696/log4j2_17-111.xml"
fi
URL="https://launcher.mojang.com/v1/objects/02937d122c86ce73319ef9975b58896fc1b491d1/log4j2_112-116.xml"
if [ "${VERSION}" == "1.18.1" ] || [ "${VERSION_MINOR}" -gt "18" ]; then
echo "Found NEW Version: ${VERSION}, no patch needed!"
exit 0
fi
echo "Downloading: ${URL}"
curl -Ls "${URL}" > /home/minecraft/log4j2.xml
echo "Patching: /home/minecraft/minecraft_server.sh"
sed -i -e 's/java -Xmx/java -Dlog4j.configurationFile=log4j2.xml -Xmx/g' /home/minecraft/minecraft_server.sh
Type CTRL+X, and then Y to save and exit.
Make the script executable.
# chmod u+x ~/fix_minecraft.sh
Run the script.
# bash ~/fix_minecraft.sh
As a precaution, please reboot your server.
There is a new zero-day exploit for the Log4J2 library used by Minecraft. This exploit allows unsophisticated attackers to take over your server remotely. The vulnerability has been reported with CVE-2021-44228 against the log4j-core jar and is fixed in Log4J v2.15.0.
To protect our network, Vultr may shut down vulnerable Minecraft servers. Please upgrade immediately.