The Log4j Vulnerability And How To Protect Your Site From Hackers

log4j vulnerability

On December 1, 2021 a researcher working for Chinese tech firm Alibaba learned that there was a security vulnerability in Log4j software. This vulnerability allowed data to be fetched from an external website. Log4j is an open-sourced software used in the programming language Java. It is responsible for some common mundane website tasks such as debugging, and it also creates an activity log on a specific device.

What makes this vulnerability so severe is that billions of websites use this Java framework including iCloud, Minecraft, and Baidu. When exploited, hackers would be able to take over anyone’s computer that was using this software. They could alter information on your website, steal money, access sensitive information, and so much more. So after this discovery, immediate panic and chaos ensued. Hackers and cybersecurity experts began working around the clock to see who would be exploited and who could be protected first.

icloud hack

Photo: By Katja Frischbutter via Shutterstock

How The Log4j Vulnerability Affects Our Customers: It Doesn’t

If you are one of our customers at The BBS Agency, don’t panic! Our platform is unaffected by this recent vulnerability. We don’t make use of the functionality of this Apache software. Our server team has confirmed we don’t utilize Log4j in any of our server-side services so there is no cause for concern with this vulnerability on our platform. This is why we partner with the best in the industry like Flywheel hosting.

How To Protect Yourself From The Log4j Vulnerability:

Just a reminder if you are one of our customers, you are not effected by this at all! The good news is that once it is discovered a site is sensitive to the Log4j vulnerability, it’s not difficult to implement mitigation.

The first step is to contact your hosting company immediately to find out if your site has been affected by this vulnerability. Many different security companies have already issued patched software updates. They also recommend updating your software as soon as possible if you have been impacted. A good practice is to make sure you’re keeping the software on your website up to date on at least a weekly basis. You can also contact us at The BBS Agency. We make sure your website is always up to date and secure so that you can always sleep soundly at night knowing that your website is safe from cyber attack.

This is why we always preach about the importance of good website hosting! If the price sounds too good to be true, it definitely is. A good website hosting company should have everything always patched up to date. They should manage this for you so that vulnerabilities like this don’t effect you. We host only our clients through Flywheel, or if you have a very high traffic site we recommend WP Engine, which is also a quality website host.

If you want to make sure your WordPress site is ALWAYS patched, always safe, always secure, and always well taken care of, contact us at The BBS Agency or Prebuilt Sites. We’d love to help you out!

Written By: Megan Fine for The BBS Agency.

References:

https://www.npr.org/2021/12/14/1064123144/companies-scramble-to-defend-against-newly-discovered-log4j-digital-flaw

https://www.f5.com/labs/articles/threat-intelligence/explaining-the-widespread-log4j-vulnerability

https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/

Share the Post: