The software that runs a vast number of the world’s web servers, Apache, has been found to have a vulnerability in a library file known as Log4J. As a website owner the main thing you need to know is that this vulnerability enables hackers to disrupt the server and remotely access website files within it.
Christmas has come early for the hackers, and it has been reported that 100 hacking attempts are being made every minute trying to exploit this security loophole. By all accounts this vulnerability is an easy one to exploit and is akin to a door that’s been left unlocked.
Microsoft researchers have said they have seen hackers installing malicious software that mines crypto-currency, steals passwords & log-ins, and extracts data from compromised systems.
On ecommerce websites this hack can be used to steal credit card and other customer data, with serious consequences for the merchant responsible for the website.
Security patches are available to counter Log4J and these updates should be applied urgently. A list of known vulnerable software is maintained by the National Cyber Security Centrum from the Netherlands at https://github.com/NCSC-NL/log4shell/tree/main/software
We recommend that security monitoring services should be installed on all websites in order to counter both emerging and known vulnerabilities. For this purpose we offer the Sucuri firewall. This has been proven to defend servers and websites from malicious activities and attacks and is effective against Log4J.
If you would like Sucuri protection for your website then please contact us.