Log4j vulnerability

[Matthew6:33]

Chris, I don't know what you use to run the website but you should look into the Log4j vulnerability. It is huge and widespread across the internet starting about a week ago. The bug affects the open source Log4j logging program by Apache and used in Java. It allows hackers to install malware remotely onto systems using Log4j. If you use this you need to get it patched ASAP.

https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/

https://thenextweb.com/news/log4j-bug-internet-open-source-contributors-analysis

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

https://logging.apache.org/log4j/2.x/

https://logging.apache.org/log4j/2.x/download.html

2.16.0 is the newest patched version.

 

[Matthew6:33]

Like I said, this bug is huge and widespread across the whole internet, as log4j versions have been used for 20 years (they are open source). Companies like IBM, Cisco, AWS, and Microsoft to name a few have be affected. This bug is an open door for malicious attacks in the near future. If anyone is running it, the systems are potentially compromised and already infected with malware. God speed.

 

[Chris]

Hi,
I have put in a ticket with LiquidWeb to see if they can run an audit or something. I am aware from this list that one software we use is effected and there is a fix for it. cPanel seems to be in "mitigation" status right now. I also asked them about our web server, but it is not on the list below. I've asked them about it so I will wait and see what they say. I found this list interesting and helpful:

https://github.com/NCSC-NL/log4shell/tree/main/software

Thanks for bringing it to my attention.

 

[Matthew6:33]

From the list you sent over, according to https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/
It may be prudent to uninstall this feature until they have a remediation for it.

Support may be slow going because web facing tech support is all swamped right now.

It also looks like the cPanel Solr plugin is the only software provided and supported by cPanel that contains log4.

If you have access to your server you may be able to update it yourself given the instructions on that forum.

 

[Everlasting Life]

Is this more of large company related challenges?

 

[Matthew6:33]

Is this more of large company related challenges?

Possibly. Professionals are saying it's not a matter of 'who is affected' but rather 'who is not affected.'

 

[Chris]

I have checked and confirmed with LiquidWeb that we do not have any vulnerabilities with the software we run on RF like CentOS, LiteSpeed web server, ElasticSearch, etc. when it comes to the Log4j issue.

We should be good to go from here on out. We didn't seem to have any potential issues as cPanel patched it very early and that was applied to our server.

That;'s one less thing to worry about.

 

[GEOINTAnalyst]

Testing your Linux Server can be done by using this script - https://github.com/rubo77/log4j_checker_beta