**maple "mavica" syrup [6502]** @mavica_again@computerfairi.es · 2022-03-11T13:01:07Z

maple "mavica" syrup [6502] @mavica_again@computerfairi.es

maple "mavica" syrup [6502] @mavica_again@computerfairi.es

woke up to a potentially successful log4j exploit attempt on my minecraft server (yes yes i know) and traced back the payload to this address it tries to open a TCP connection to. found myself talking to a transphobic hacker (ftr i don't actually wish them a good day)
(i'm blue)

f32cd5a42e90e636.png

Mar 11, 2022, 13:01 · · Mastodon Twitter Crossposter · · ·

**maple "mavica" syrup [6502]** @mavica_again@computerfairi.es · Mar 11, 2022, 13:07

**maple "mavica" syrup [6502]** @mavica_again@computerfairi.es · Mar 11, 2022, 13:07

Mar 11, 2022, 13:07

maple "mavica" syrup [6502] @mavica_again@computerfairi.es

anyway the IP they're doing this from is 217.151.98.168 if that helps anybody

**maple "mavica" syrup [6502]** @mavica_again@computerfairi.es · Mar 11, 2022, 13:40

**maple "mavica" syrup [6502]** @mavica_again@computerfairi.es · Mar 11, 2022, 13:40

Mar 11, 2022, 13:40

maple "mavica" syrup [6502] @mavica_again@computerfairi.es

the payload attempts to run a bash interactive shell with a net redirect to that address, whose tcp server expects a shell to respond appropriately (hence the echo at the start that i replied manually), i looked through everywhere in my server and thankfully it seems no harm done

**Psy Chuan** @PsyChuan@plush.city · Mar 11, 2022, 13:06

**Psy Chuan** @PsyChuan@plush.city · Mar 11, 2022, 13:06

Mar 11, 2022, 13:06

Psy Chuan @PsyChuan@plush.city

@mavica_again bullet dodged but only narrowly. yeesh

Resources

Developers

What is Mastodon?

computerfairi.es

More…