mirror of https://github.com/webbukkit/dynmap.git
Add message about JNDI/Haxr
parent
7d232b6e00
commit
35a0faaec3
63
FAQ.md
63
FAQ.md
|
@ -27,9 +27,68 @@ progressloginterval: 100
|
|||
```
|
||||
I recommend setting this to 1,000 for mid-size server maps and 10,000 or greater for large server maps. You will need to restart your server for this to take affect.
|
||||
|
||||
### Q: What does 'Invalid plugin.yml' mean
|
||||
### 7) What does 'Invalid plugin.yml' mean
|
||||
|
||||
A: Joined with 'Could not load x plugin' and 'ZipException' - this usually means that the file was downloaded badly or corrupted in some way.
|
||||
**A)** Joined with 'Could not load x plugin' and 'ZipException' - this usually means that the file was downloaded badly or corrupted in some way.
|
||||
|
||||
Re-download a fresh version and confirm it looks complete. This is a good time to check what the latest version is too
|
||||
|
||||
### 8) What are these weird `{jdni}` / `IaM5uchA1337Haxr-Ban Me!` messages I am getting from Dynmap?
|
||||
|
||||
**A)** Some hacker online realized Dynmap webchat can be used to send messages to a Minecraft server log. These messages exploit a vulnerability called Log4J or Log4Shell. For sake a brevity these are exploits which allow hackers to run code on your server without your permission. If you haven't heard of these attacks recently here is [more reading](https://time.com/6128795/log4j-security-flaw/). If you are running the most up to date version of your server you are safe. I want to be very clear that Dynmap will not make you more vulnerable or protect you from this vulnerability. **The only way to protect yourself it to patch your minecraft server.**
|
||||
If you want to make these messages go away you can disable the webchat by editing configuration.txt and commenting out all of the chat plugins
|
||||
<details><summary>Original (Click to expand)</summary>
|
||||
|
||||
```yaml
|
||||
- class: org.dynmap.InternalClientUpdateComponent
|
||||
allowwebchat: true
|
||||
- class: org.dynmap.SimpleWebChatComponent
|
||||
allowchat: true
|
||||
# If true, web UI users can supply name for chat using 'playername' URL parameter. 'trustclientname' must also be set true.
|
||||
allowurlname: false
|
||||
- class: org.dynmap.ClientComponent
|
||||
type: chat
|
||||
allowurlname: false
|
||||
- class: org.dynmap.ClientComponent
|
||||
type: chatballoon
|
||||
focuschatballoons: false
|
||||
- class: org.dynmap.ClientComponent
|
||||
type: chatbox
|
||||
showplayerfaces: true
|
||||
messagettl: 5
|
||||
# Optional: set number of lines in scrollable message history: if set, messagettl is not used to age out messages
|
||||
#scrollback: 100
|
||||
# Optional: set maximum number of lines visible for chatbox
|
||||
#visiblelines: 10
|
||||
# Optional: send push button
|
||||
# sendbutton: false
|
||||
```
|
||||
|
||||
</details>
|
||||
<details><summary>With all Chat Disabled (Click to Expand)</summary>
|
||||
|
||||
```yaml
|
||||
- class: org.dynmap.InternalClientUpdateComponent
|
||||
# allowwebchat: true
|
||||
# - class: org.dynmap.SimpleWebChatComponent
|
||||
# allowchat: true
|
||||
# # If true, web UI users can supply name for chat using 'playername' URL parameter. 'trustclientname' must also be set true.
|
||||
# allowurlname: false
|
||||
# - class: org.dynmap.ClientComponent
|
||||
# type: chat
|
||||
# allowurlname: false
|
||||
# - class: org.dynmap.ClientComponent
|
||||
# type: chatballoon
|
||||
# focuschatballoons: false
|
||||
# - class: org.dynmap.ClientComponent
|
||||
# type: chatbox
|
||||
# showplayerfaces: true
|
||||
# messagettl: 5
|
||||
# # Optional: set number of lines in scrollable message history: if set, messagettl is not used to age out messages
|
||||
# #scrollback: 100
|
||||
# # Optional: set maximum number of lines visible for chatbox
|
||||
# #visiblelines: 10
|
||||
# # Optional: send push button
|
||||
# # sendbutton: false
|
||||
```
|
||||
</details>
|
Loading…
Reference in New Issue