Log4j vulnerability: What you need to know
As you’ve probably heard, a critical vulnerability in a Java Library called Log4J was discovered last week, affecting millions of websites running Java applications around the world. Log4J is a common software present on most Java web applications, including on certain cPanel servers.
What is happening?
Cybercriminals are actively exploiting a vulnerability that affects the Java logging library Log4j. This exploit was first discovered on December 9 and poses a great risk of unauthenticated remote code execution and access to servers.
The exploit has the potential to let hackers compromise millions of devices across the internet, as Log4j is used in many forms of software, such as cloud server platforms, web applications, and email services. And as such, there is a wide range of software that could be at risk from attempts to exploit the vulnerability.
Who is impacted?
Log4j is used in a variety of software applications by a large number of popular online platforms, including Apple, Twitter, Amazon, Tesla, and Steam to name only a few.
What should I do?
If you are a Dedicated or Cloud Server client and do not provide WHC with direct access to your server, please ensure that you are using the latest supported cPanel version. See how to upgrade to the latest cPanel version.
Once you’re up to date, you can use the following command to check the status of your server (via the command line):
rpm -q cpanel-dovecot-solr --changelog | grep CVE-2021-44228
If you have a Web Hosting, Managed WordPress Hosting, or Reseller Hosting account, no action is required on your part.
At this point, we have not identified any impact relating to this flaw on the WHC platform. Our team has already patched our servers, and are diligently continuing to monitor the situation so we can take appropriate action as needed.
Also on the WHC Blog
Introducing .CA Domain Backorders
We just launched our new Backorder Tool for .CA domains! That’s right! You can now secure valuable .CA domains before they become available to the general public with WHC’s new Domain Backordering tool. What...Read full article
Is it time to invest in domain names?
Wish you had been tracking crypto and NFTs long before they became ‘mainstream’? Maybe it’s time to consider investing in domain names. Although we get it, securing a domain name is not as exciting as trading...Read full article
How can we help?
WHC Live Chat
As the number of communications has significantly increased due to the August 28 incident, response time is impacted. We have prepared an FAQ where you can find most answers on the situation and how-tos on restoration.See the FAQ I'm patient, chat now Follow the evolution of the situation
How can we help?Our experts are available 24/7
Our friendly customer service team is available right now.