![]() From Hostinger’s side, we have contributed by donating to the Apache Software Foundation.Īdditionally, if you are a developer who needs hosting for a project or you are struggling with getting it online, let us know at All of us at Hostinger are ready to help. So, hit that sponsor button and send some good karma. Let’s use this as an opportunity to support these communities and foundations. Therefore, they deserve so much respect and appreciation for their work and effort. Times like these remind us that open-source software is created by enthusiasts who do it at no particular benefit to them.Īs this vulnerability hit the world over the weekend, developers gathered and worked for days and nights to fix the issue that affected the world. We, Hostinger, are an open company, mainly built on open-source software. Photo by Dainius Sakalinskas How can we all contribute? The Apache Software Foundation We can reminisce and learn from serious vulnerabilities such as Shellshock (Bash vulnerability) and Heartbleed (TLS vulnerability), which happened a few years ago when several re-patches were needed to secure the systems fully. As there is so much global focus on this Log4j library now, new ways to exploit it are being continuously identified. We already had new vulnerabilities patched for Log4j (CVE-2021-45046) after the initial bug (CVE-2021-44228) was found. We recommend following relevant news for a few weeks to ensure that a re-patch is not needed again. This traffic is obtrusive, and it may cause your website account to use more resources than needed and might even slow it down. They scan all websites across the world just to find vulnerable hosts. How can I further protect myself from malicious traffic from the Log4j vulnerability?Įven though your website hosting accounts on Hostinger’s servers are safe, massive scans are running on full internet IP ranges. We recommend at least the 1.18.1 version for your MC clients and when running your server. For more information, go over this article on the security vulnerability in the Java edition. You will be safe once the game is newly-launched. ![]() So please do not skip or try to stop the update. Specifically for VPS Minecraft users, the game will automatically be updated when you open the MC launcher. Otherwise, update the relevant software, including Log4j as a bundle, and restart your services. We would like to inform our VPS host customers who are running their Java services on VPS servers, to please update Log4j to at least the 2.16.1 version. Known as Log4Shell or LogJam, it’s a problem in an open-source Java-based logging library called log4j used by hundreds of business applications and websites. Do I need to do anything about the Log4j vulnerability? Either way, experts name it the most severe software vulnerability as numerous devices, sites, and services are exposed. The origins of reporting this vulnerability still differ – some believe it was first noticed in a Minecraft-related forum, while others say it was Chinese tech company Alibaba’s security researchers. In recent weeks, the cybersecurity community discovered that requesting the program to log a malicious code would lead attackers to take control of servers running Log4j. Each time developers build new software, they can apply this existing code element, which is free on the internet and commonly used. Log4j is a portion of code helping software applications keep track of their past activities. What is the Log4j vulnerability issue? How was Log4j found? Thus, even though we have noticed an influx of traffic hitting our APIs with “jndi”, “ldap”, and numerous variations of keywords trying to trigger the Log4j exploit, they are harmless to our systems and do not have any impact on customers’ data. Our API and UI systems do not run on Java, except for our internally-used Elasticsearch instance which has been patched. We can confirm that Hostinger’s web hosting servers do not support services that depend on Log4j, nor are they installed, making you and your data safe and unaffected by this Log4j vulnerability. Sprawling Active Attack Aims to Take Over 1. This vulnerability allows an attacker to execute code on a remote server. We are fast approaching the end of 2022 and it will soon be time to start focusing on new goals, resolutions and aspirations for the upcoming year.Many of our clients ask whether Hostinger is vulnerable to the new Java-based Apache Log4j library vulnerability that has been all over the news recently.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |