Uploaded image for project: 'Minecraft: Java Edition'
  1. Minecraft: Java Edition
  2. MC-44007

Spammers can crash any Vanilla server with a few keystroke from chat window

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Resolution: Duplicate
    • Affects Version/s: Minecraft 1.7.4
    • Fix Version/s: None
    • Environment:
      vanilla server, no plugins. disconnects 100% of users who have chat turned on, across all system
    • Confirmation Status:
      Unconfirmed

      Description

      All a player has to do is /me @a to list every player in the game.

      Do @a several times to make an even longer list. If you have a lot a players on the server, the resulting string will be too large and will disconnect everyone from the server unless they have their multiplayer chat settings set to HIDDEN. This is a severe exploit and needs to be fixed.
      @a already doesn't work when you're whispering someone. It needs to be expanded to /me.
      We had to whitelist our whole server (8664 players, which I had to pull from the scoreboard.dat) to stop this, because players are coming in waves just to wreak havoc on vanilla. Please patch. Thanks

      PS Please hurry because undesirable characters are already spreading this easy mayhem around, and vanilla servers have no plugins to stop it:
      http://www.hackforums.net/showthread.php?tid=3963589

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                setzke Elsyth Feathervine
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: