Log4shell - Critical log4j Vulnerability

Log4shell infiltrates millions of sites around the world.

A software exploit affecting a popularly used software library (known as Apache Log4j). The Log4j flaw (also now known as "Log4Shell") is a zero-day vulnerability (CVE-2021-44228) that first came to light on December 9, with warnings that it can allow unauthenticated remote code execution and access to servers.

The vulnerability impacts default configurations of a number of Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, and Apache Flink, which are utilized by numerous organizations from Apple, Amazon, Cloudflare, Twitter, Steam, and others.

We at LCM247 protect your websites with the best security available. Each Website in our server runs a web application firewall (WAF) that identifies and blocks malicious traffic. It runs at the endpoint, enabling deep integration with WordPress. Unlike cloud alternatives it does not break encryption, cannot be bypassed and cannot leak data.

Each website we host is scanned daily. Our scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.

While our server uses Linux and Apache, we host exclusively WordPress based sites, which use PHP rather than Java, so the vulnerability should not affect any of our servers.

For our Hubspot clients, HubSpot is aware of the Log4j vulnerability, and they have performed a thorough check of their systems and have seen no indications of any impact from this vulnerability at this time. Out of an abundance of caution, their team is continuing to monitor their systems to ensure that no potential exploitation occurs.


Share this article:
Related articles: