Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Log4J Exploit
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Comments

  • DirectAdmin doesn't use Log4j anywhere, so there is nothing for us to announce or fix. :smile:

  • The funny thing is that minecraft servers are vulnerable :D

    Thanked by 1tux
  • @DA_Mark said:
    DirectAdmin doesn't use Log4j anywhere, so there is nothing for us to announce or fix. :smile:

    What is new in 1.63.3?
    There is no information at directadmin.com/versions.php.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @frog said:

    @DA_Mark said:
    DirectAdmin doesn't use Log4j anywhere, so there is nothing for us to announce or fix. :smile:

    What is new in 1.63.3?
    There is no information at directadmin.com/versions.php.

    https://docs.directadmin.com/changelog/version-1.63.3.html

    Smells like @DA_Mark needs a redirect :)

    Francisco

    Thanked by 2frog DA_Mark
  • JamesFJamesF Member, Host Rep

    @DA_Mark

    Thanks for the update, any news when the DA installer will be fixed please?

  • jarjar Patron Provider, Top Host, Veteran
    edited December 2021

    Third place I've seen this tonight. Never in my life heard of log4j. Feels like the notices outweigh the installs 😂

  • @jar said:
    Third place I've seen this tonight. Never in my life heard of log4j. Feels like the notices outweigh the installs 😂

    Guess you've never heard of left-pad then?

  • @jar said:
    Third place I've seen this tonight. Never in my life heard of log4j. Feels like the notices outweigh the installs 😂

    It's one of those libraries that used by a lot of stuff I think. When scanning for this at work yesterday we think we've found it tucked away in Nutch - fortunately looks like it's the unaffected 1.2 version.

    Thanked by 2jar vr10
  • @jar said:
    Third place I've seen this tonight. Never in my life heard of log4j. Feels like the notices outweigh the installs 😂

    Possible if you never worked in "enterprise" IT. A lot is still Java and i never encountered a Java application that doesn't use log4j.

    Thanked by 1Nekki
  • @babuum said:

    @jar said:
    Third place I've seen this tonight. Never in my life heard of log4j. Feels like the notices outweigh the installs 😂

    Possible if you never worked in "enterprise" IT. A lot is still Java and i never encountered a Java application that doesn't use log4j.

    Oh. You will be surprised...

    So many enterprise java applications scaled to 1000s of customers had logging via System.out.println is mind boggling...

    They are laughing now.... for not using log4j

  • fixxationfixxation Member
    edited December 2021

    Backblaze took their services offline last night to address this. 7+ hours downtime, and no notification to the customers... boooooooooo

  • @fixxation said:
    Backblaze took their services offline last night to address this. 7+ hours downtime, and no notification to the customers... boooooooooo

    O really? That sux... atleast if the downtime is related to this fix, it will be good in the end

  • JamesFJamesF Member, Host Rep

    they did post on twitter

  • @jar said:
    Third place I've seen this tonight. Never in my life heard of log4j. Feels like the notices outweigh the installs 😂

    Haha yeah it's a popular library though that handles logging. I've used it in a webapp I built. It's pretty decent at what it does.

    Thanked by 1jar
  • NekkiNekki Veteran
    edited December 2021

    It’s in fucking Solr and the npm JSS Proxy too. Bang goes my weekend.

  • https://tomshardware.com/news/hacker-hijacks-hp-epyc-servers-raptoreum-crypto-mining

    Using the Log4J exploit, an unidentified actor managed to wrestle control of HP's AMD-based 9000 EPYC servers, turning the powerful hardware into cryptocurrency miners.

    The Log4J Raptoreum mining exploit started December 9th until it mostly ended on December 17th. During this period hackers were able to collect approximately 30% of the total block reward which is roughly 3.4 million Raptoreum (RTM), worth around $110,000 USD as of 12/21/2021.`

    Thanked by 1Falzo
Sign In or Register to comment.