# How to Protect Your Minecraft Server from the BleedingPipe Vulnerability (/docs/minecraft/bleeding-pipe-vulnerability) BleedingPipe is a vulnerability discovered in 2023 affecting many popular Forge mods. It allows attackers to execute arbitrary code on both servers and clients through unsafe Java deserialization. What Is BleedingPipe? [#what-is-bleedingpipe] BleedingPipe exploits a flaw in how some Forge mods handle network packets. Mods using Java's `ObjectInputStream` without proper filtering can be tricked into executing malicious code when receiving specially crafted packets. Am I Affected? [#am-i-affected] You may be affected if you run a **Forge modded server** (any Minecraft version) with mods that use unsafe deserialization. Known affected mods have included: * AetherCraft * Immersive Armors * ttCore * Gadomancy * And many others The list changes as mods get patched. Check the [MMPA BleedingPipe advisory](https://blog.mmpa.info/posts/bleeding-pipe/) for the current list. Protecting Your Server [#protecting-your-server]
Update all mods [#1-update-all-mods] The most important step. Update every mod in your `/mods/` folder to the latest version via `Files` on the [XGamingServer panel](https://panel.xgamingserver.com). Most mod authors have patched this vulnerability.
Install BleedingPipe fix mod [#2-install-bleedingpipe-fix-mod] Download and install the BleedingPipe fix mod from the MMPA (Minecraft Malware Prevention Alliance): Upload it to your `/mods/` folder. This mod patches the deserialization vulnerability at a global level, protecting against both known and unknown vulnerable mods.
Remove unused mods [#3-remove-unused-mods] Reduce your attack surface by removing mods you don't actually need. Fewer mods = fewer potential vulnerabilities.
Restart the server [#4-restart-the-server] Restart from `Console` to apply the fix.
Checking for Compromise [#checking-for-compromise] If your server was running vulnerable mods on a public-facing server:
Check for suspicious files [#5-check-for-suspicious-files] Look in your server directory via `Files` for: * Unknown `.jar` files outside the `/mods/` folder * Suspicious scripts or executables * Modified server files with recent timestamps you don't recognize
Check server logs [#6-check-server-logs] Review [server logs](/docs/minecraft/find-share-server-logs) for: * Unusual error messages about deserialization * Connection attempts from unknown sources * Unexpected plugin or mod loading messages
Scan uploaded JARs [#7-scan-uploaded-jars] Use a malware scanner on any JAR files you're unsure about. The MMPA provides tools for checking Minecraft JARs.
Prevention Best Practices [#prevention-best-practices] * **Only download mods from trusted sources** — CurseForge, Modrinth, official GitHub repos * **Keep mods updated** — Security patches are released frequently * **Don't run unnecessary mods** — Each mod is a potential attack vector * **Monitor your server logs** — Watch for unusual activity * **Back up regularly** — So you can [restore](/docs/minecraft/backups-vs-autosave) if compromised > ⚠️ **Warning:** BleedingPipe can affect both the server AND connected clients. Inform your players to update their client-side mods as well. > 📝 **Note:** This vulnerability only affects Forge servers with affected mods. Vanilla, Paper, Spigot, and Fabric servers are not affected by BleedingPipe. See also: [Installing Mods](/docs/minecraft/mod-setup) | [Uninstall Mods](/docs/minecraft/uninstall-mods) | [Find Server Logs](/docs/minecraft/find-share-server-logs) If you need help, join our [Discord](https://discord.xgamingserver.com/).