[BDS-15105] Exploit to change/delete command blocks

BDS server, yesterday a player joined, and as all players are given the "member" role. This player used some kind of exploit to simultaneously put a title text on screen that would never go away, (something like a repeating /title command), spawned barrier blocks into all players inventories, and put all players into creative (on a survival server). When i tried to ban said player through the use of a command block with the kick command, (i have a ticking area set up for my command blocks) all my command blocks (10+ all with kick player commands, and item deletion commands to help prevent exploits) turned into some kind of wood plank-like block i have never seen before, rendering them all useless. I had to revert to a backup, then 3 hours later while i was asleep a player with a different username did the same thing, going even further to delete most of the spawn area to void, including the bedrock. Seeing as though it has happened twice now i will try my best to get screenshots/video the next time, because i am almost positive this will happen again, and probably soon.

Environment

Windows 10 home, Bedrock Dedicated Server, version 1.17.11

Attachments1

Screenshot (483).png

Aaron V.

2022-04-26, 06:24:51 AM

Comments7

[Mod] OcelotOnesie 2021-09-10, 02:46:42 PM

Restricted to staff

MEQS_KEEP_PRIVATE

Maciej Piornik 2021-12-15, 05:49:15 PM

Have this happend again after updating to 1.18.2?

This ticket will automatically reopen when you reply.

[MCQA] Kinga Izdebska 2022-03-15, 02:11:23 PM

Cleaning up old tickets: This ticket had been set to 'Awaiting Response', but has not received a response from the reporter (~3 months+) so is being closed as Incomplete. If you feel this is still a valid issue then please comment, or create a new ticket following the Issue Guidelines which includes steps to reproduce the problem.

Quick Links:
📓 Issue Guidelines – 💬 Mojang Support – 📧 Suggestions – 📖 Minecraft Wiki

Aaron V. 2022-04-25, 03:41:36 AM

edited 2022-04-25, 04:48:31 AM

It happened again, this time very cryptic, i've never seen anything like it, my best guess is some kind of command block exploit due to the repeated text, graphics, and audio. unfortunately i'm not sure how to get any logs besides the one that says running auto compaction/ players joining and leaving and the server console doesn't show anything out of order. I am taking a copy of this server and putting it to the side (with it all messed up like that in case maybe it can help fix the exploit some other way.) I know Mojang in no way provides an anti-cheat, but honestly just look at the video, should that really be happening anti-cheat or not? Thankfully i have backups.

This happened today on version 1.18.30 of the Bedrock Dedicated Server.

Windows 10 home.

The file is to big to upload, but here is a link for the video https://drive.google.com/file/d/16aRvYn8cYNYmy_qFYuEtr6pFtYCKhQku/view?usp=drivesdk

Unfortunately I don't know how to reproduce this. It only happens after a player tampers with something on the server, how they do it I don't know. I am the only person with actual OP status. Because of intense lag and being able to hardly see what you're holding let alone anything around you makes it impossible to see if a command block or something else is causing it.

Expected result: When joining the server I should be loaded into a minecraft world. I'm not sure what to call this. Non Admin/OP players should not be able to execute commands, obtain command blocks or change major functioning aspects of the server and cause it to be left in an unusable state.

Aaron V. 2022-04-26, 07:06:08 AM

[Bot] Arisa edited 2022-04-26, 07:06:15 AM

This was caused by command blocks, and not just a couple, but 32 command blocks in minecraft carts. I turned command blocks off and was able to go to the source of it.

And It just begs the question how are people obtaining command blocks on my server without OP status?

Here is a picture from the affected server after i managed to get the command blocks to stop all that nonsense. Also even after getting everything else to stop the skin appears oversized. I can only attach one picture per comment without an external link, but most are just showing how messed up it left the server even after disabling the cmd blocks. Players lagged around even from my client on a high end PC that runs on the same network so it has seemingly permanently affected that save of the server map.

This seems to be pretty severe as its a recurring problem on every release version since i started this server on 1.16.201 (200 or 201?) And it has happened in many different ways. This is the first time I really thought to get evidence of it.

When something similar happened where any player could take over control of a server on java through an exploit Log4J Mojang put out a same day hotfix, not only for the Java server, but the client as well. granted this doesn't allow access (that i can tell) to the computer itself, but they can apparently take control of the server and wreck it pretty badly. It seems odd this has been going on for so long without anyone bringing it to attention.

I have endless shulkers of seemingly exploited items i've taken from players over the past year as well. Some of the items I know can produce the command block exploit, but have no idea in the slightest how it works, others cause server crashes, client crashes, world corruption, and similar yet varying effects of like what was shown in the video linked in the above comment.

Maciej Piornik 2022-07-13, 03:27:03 PM

Does this issue occur after updating to 1.19.10?

This ticket will automatically reopen when you reply.

Maciej Piornik 2023-01-27, 02:52:01 PM

Quick Links:
📓 Issue Guidelines – 💬 Mojang Support – 📧 Suggestions – 📖 Minecraft Wiki