mojira.dev
MC-44007

Spammers can crash any Vanilla server with a few keystroke from chat window

All a player has to do is /me @a to list every player in the game.

Do @a several times to make an even longer list. If you have a lot a players on the server, the resulting string will be too large and will disconnect everyone from the server unless they have their multiplayer chat settings set to HIDDEN. This is a severe exploit and needs to be fixed.
@a already doesn't work when you're whispering someone. It needs to be expanded to /me.
We had to whitelist our whole server (8664 players, which I had to pull from the scoreboard.dat) to stop this, because players are coming in waves just to wreak havoc on vanilla. Please patch. Thanks

PS Please hurry because undesirable characters are already spreading this easy mayhem around, and vanilla servers have no plugins to stop it:
http://www.hackforums.net/showthread.php?tid=3963589

Linked issues

Attachments

Comments 2

How is this "unconfirmed"? Join any Vanilla server with 20+ members and type /me @a @a @a @a

Watch everyone, including yourself, get disconnected

This was fixed. I thank soooo much who ever fixed this!

setzke

(Unassigned)

Unconfirmed

crash, exploit, minecart, multiplayer

Minecraft 1.7.4

Retrieved