Magma’s negligence breaches the trust users place in modded projects like ours, and many more.
After meeting our partners and contacts to inform them of the situation, we felt this post was needed to clarify and inform others beyond our reach. Magma’s failure to address the actions of their developer, when witnessed by their project leader and admins, affects far beyond those 26 targeted servers. We recognize that the actions of our teams reflect on the modded community at large - our successes instill trust in players, and pave the way for years of shared growth. We have learned that modded projects such as ours become an integral part of the Minecraft community. For all intents and purposes, Magma feels as though they should not be held responsible for TheDevMiner’s actions.
#PIXELMON 1.12.2 DOWNLOAD FREE#
In fact, TheDevMiner’s actions were “done in free time”, and therefore, our issue would be “an issue with DevMiner”. Having contacted the affected servers within our community, it was within our interest to understand Magma’s response to the events.Īfter failing to stop Log4Shell attacks, deleting chat logs, providing false evidence and keeping silent and inactive in the face of a grave action by their team, Magma’s lead, Hexeption, clarified that they “don’t have control over the actions of staff team”. Upon disproving the evidence provided by Magma, we contacted Hexeption one last time, on December 13th, 2021 to discuss the way forward.
Further timeline analysis allowed us to prove that TheDevMinerTV’s teachings inspired others to attack more servers, endlessly increasing the damages caused by Magma’s negligence. Furthermore, affected servers allowed us to confirm that TheDevMinerTV used both their own Minecraft account, as well as alts to continuously attack servers.
#PIXELMON 1.12.2 DOWNLOAD CODE#
Indeed, the executed code provided did not match the logs of the victim servers, making it impossible to ascertain the scope of the Log4Shell damage. Thanks to the log contributions of the community, we were able to determine that Magma delivered false information. Several days later, we were provided with a repository of the code executed by TheDevMinerTV. The present Magma moderators that attended did commit to gathering information on the actions of their developer. Sadly, Hexeption did not attend the meeting, leaving my Community Manager waiting almost 2 hours with no explanation instead sending junior members of their team without any knowledge of the situation. Thanks to that, TheDevMinerTV’s account remains active on their Discord, providing support for unsuspecting members of the modded community.Īt our request, a meeting was arranged to discuss the events of December 10th. Their Discord admin, Kwright02, deleted all messages of our members reporting these events, clearing their Discord of any evidence this ever happened. This allowed TheDevMinerTV to continue under the eyes of their project’s senior members.Īfter our community’s reports of the attacks, Magma silently removed TheDevMinerTV’s development rank from their Discord. However, despite the severity of their developer’s actions, no Magma member intervened to stop the attacks. Indeed, chat logs confirmed that they raised the alarm in Magma’s own discord. Upon discovering the source of the attacks, affected public servers and our own staff contacted moderation members of the Magma project to get their help in protecting their servers against the Log4Shell vulnerability. The stream in question was hosted in Magma’s very own public voice channels, which showcased the malicious consequences of TheDevMinerTV’s actions on servers and clients alike. We have successfully confirmed that 26 servers, and a number of clients ranging from vanilla to modded, were targeted with several payloads including shutdown code. We confirmed that TheDevMinerTV was actively teaching and exploiting the Log4Shell vulnerability against public servers, while their project lead, Hexeption, watched.
(You can read about how this affects Minecraft at this Mojang blog post. On the morning of December 10th, 2021, Magma’s developer TheDevMinerTV exploited the Log4j RCE (Remote Code Execution) vulnerability known as Log4Shell. While this post first intends to disseminate information regarding this event, we hope they explain why Magma’s breach of trust goes beyond PixelmonMod.
#PIXELMON 1.12.2 DOWNLOAD MOD#
The Pixelmon Mod will no longer be supporting, recommending or working with the Magma Team, a Spigot-Forge hybrid server API, for having compromised the security of modded communities online. To read this post in document form, go to here (Pixelmon Storage) or here (Google Drive) I am Isi, representing The Pixelmon Mod, with a statement for our own community and the broader modding/Minecraft community as a whole.
0 kommentar(er)
