Skip to content

Commit

Permalink
1.21.1 - Remove client side rce exploit fix
Browse files Browse the repository at this point in the history
  • Loading branch information
moom0o committed Dec 13, 2021
1 parent 6201564 commit 289a18a
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 23 deletions.
11 changes: 7 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,13 @@ alongside AEF to patch the majority of exploits.
**All features listed here can be disabled or enabled in the config.**

* Prevent NoCom exploit. - Prevent the 'NoCom' coordinate exploit
* Prevent log4j RCE (remote code execution) exploit for client side users. All messages sent to players are checked like
death messages, not just player made messages. **MAKE SURE TO USE [Papaya](https://github.com/moom0o/Papaya) FOR
SERVER SIDE OR YOU COULD POSSIBLY BE BACKDOORED!**
[//]: # (* Prevent log4j RCE (remote code execution) exploit for client side users. All messages sent to
players are checked like)

[//]: # ( death messages, not just player made messages. **MAKE SURE TO USE [Papaya](https://github.com/moom0o/Papaya) FOR)

[//]: # ( SERVER SIDE OR YOU COULD POSSIBLY BE BACKDOORED!**)

* Prevent BowBomb exploit. - Prevent an exploit where bows can instantly kill a player.
* Prevent burrow hack - Where you step inside a block so crystals can't do any damage.
* Prevent boatfly exploit - Prevent the futureclient/rusherhack boatfly exploit.
Expand Down Expand Up @@ -157,7 +161,6 @@ LookForIllegalsInShulkers: false # WARNING: DO NOT ENABLE IF YOU DON'T WANT A DU
# Bugfixes
PreventNoComCoordinateExploit: true
NoComMaxDistance: 64 # Recommended not to increase
PreventRCEClientSideExploit: true # CLIENTSIDE ONLY - SERVER IS STILL VULNERABLE Blocks all messages containing "${" make sure you are using mojang's patch (https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition) or updated Papaya to patch this exploit on the server side, OTHERWISE YOU CAN BE BACKDOORED.
PreventEndGatewayCrashExploit: true
PreventDispenserCrashExploit: true
PreventSnowBallExploit: true
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<groupId>me.moomoo</groupId>
<artifactId>anarchyexploitfixes</artifactId>
<version>1.21.0</version>
<version>1.21.1</version>
<packaging>jar</packaging>

<name>AnarchyExploitFixes</name>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,23 +47,6 @@ public void onPacketReceiving(PacketEvent event) {
});
}

if (plugin.getConfig().getBoolean("PreventRCEClientSideExploit")) {
protocolManager.addPacketListener(
new PacketAdapter(plugin, ListenerPriority.NORMAL, PacketType.Play.Server.CHAT) {
@Override
public void onPacketSending(PacketEvent event) {
if (event.getPacketType() == PacketType.Play.Server.CHAT) {
String message = event.getPacket().getChatComponents().read(0).getJson();
if (message.toLowerCase().contains("${")) {
plugin.getLogger().info(message);
plugin.getLogger().warning("Blocked RCE vulnerability attempt!");
event.setCancelled(true);
}
}
}
});
}

if (plugin.getConfig().getBoolean("PreventPacketFly")) {
protocolManager.addPacketListener(
new PacketAdapter(plugin, ListenerPriority.HIGHEST, PacketType.Play.Client.TELEPORT_ACCEPT) {
Expand Down
1 change: 0 additions & 1 deletion src/main/resources/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ LookForIllegalsInShulkers: false # WARNING: DO NOT ENABLE IF YOU DON'T WANT A DU
# Bugfixes
PreventNoComCoordinateExploit: true
NoComMaxDistance: 64 # Recommended not to increase
PreventRCEClientSideExploit: true # CLIENTSIDE ONLY - SERVER IS STILL VULNERABLE Blocks all messages containing "${" make sure you are using mojang's patch (https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition) or updated Papaya to patch this exploit on the server side, OTHERWISE YOU CAN BE BACKDOORED.
PreventEndGatewayCrashExploit: true
PreventDispenserCrashExploit: true
PreventSnowBallExploit: true
Expand Down

0 comments on commit 289a18a

Please sign in to comment.