BleedingPipe is a current (as of July 2023) exploit malware that has been spreading quietly around the Minecraft community. The vulnerability has been discovered in many popular mods, spreading to Minecraft servers and clients running Forge. BleedingPipe uses a vulnerability found in mods that use an unsafe deserialization code, which then gives the malware full remote code execution on clients and servers.
However not all hope is lost, as there is a Patcher that has been released called serializationisbad which resolves the issue and keeps players & servers protected. This patcher can be installed client-side, to protect players from any server they join. Alternatively, it can be installed server-side to protect any players that connect to your server.
When using a Shockbyte server, all servers that use our Modpack Installer are protected as they have this patcher pre-installed. If you have any concerns or think your server may be infected, don't hesitate to get in touch with our dedicated support staff who can scan your server to ensure it hasn't been compromised!
Installing serializationisbad to your Server/Client
This patcher's JAR file should be added to your mods folder in either your server or client.
- Download the latest version of serializationisbad.
- Upload serializationisbad.jar to your mods folder, in either your client or server.
What if you may have already been affected?
If you're worried that the malware has already reached your PC or server, then you can use a JAR malware detection tool to check for you. To do this, we would suggest using jNeedle. jNeedle requires you to specify a folder and it will search the JAR files to detect any malware existing in that folder.
There are various ways to use jNeedle to detect malware, but we would suggest using the GUI mode.
- Download jneedle-gui-xxx.jar.
- Double-click the JAR file to run the software.
- Specify the folder you wish to scan for vulnerabilities.
- Once the scan is complete, you will see the complete message in the console with the number of files scanned, and malicious file(s) found.
To learn more about Minecraft server hosting, you can browse our library of Knowledgebase articles here.
If you require any further assistance, please contact our support at: https://shockbyte.com/billing/submitticket.php