Friendly forums for passionate Dems!
More than 92 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Help & Search»Computer Help and Support»What is Log4j? The Latest...»Reply #3
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Computer Help and Support

In reply to the discussion: What is Log4j? The Latest Internet Vulnerability [View all]

CloudWatcher

(1,948 posts)
3. A lot of bad reporting going on
Reply to douglas9 (Original post)
Tue Dec 28, 2021, 02:00 PM
Dec 2021

From above (and other sources too):

A common example of Log4j at work is when you type in or click on a bad web link and get a 404 error message. The web server running the domain of the web link you tried to get to tells you that there’s no such webpage. It also records that event in a log for the server’s system administrators using Log4j.

Well, no. I don't think that's quite correct. I'm running a web server with Apache, which by default it does *not* include Log4j (or Java). So to assert that every web server has the Log4j vulnerability is just not true.

Log4j is widely used as a logging too, but it is not installed by default when you run an Apache web server.

What is true is that my server's logs are full of hackers testing to see if I've got Log4j installed.

It bugs me that there's no infrastructure to block IP addresses that are being used by attackers. They can attack endlessly without consequence. I can add their addresses to my own black-list, but I'd sure like to see traffic from them blocked by their ISP (and if their ISP doesn't cooperate, drop the ISP from the Internet).

Edit history

Please sign in to view edit histories.

Recommendations

0 members have recommended this reply (displayed in chronological order):

8 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies RecommendedHighlight replies with 5 or more recommendations
What is Log4j? The Latest Internet Vulnerability [View all] douglas9 Dec 2021 OP
We've been dealing with this since it was 1st reported. sdfernando Dec 2021 #1
The counterpunch link is dead and I can't find on counterpunch site. The .gov link ShazamIam Dec 2021 #2
Some links ... CloudWatcher Dec 2021 #4
Thank you very much for that, now I don't have to do the searches. ShazamIam Dec 2021 #5
CounterPunch "cached" douglas9 Dec 2021 #7
Thank you very much, I think this is the most informative, to me article, it gave me what I ShazamIam Dec 2021 #8
A lot of bad reporting going on CloudWatcher Dec 2021 #3
We must remember the web was necessary for commerce and governance and designed to exploit ShazamIam Dec 2021 #6
Latest Discussions»Help & Search»Computer Help and Support»What is Log4j? The Latest...»Reply #3
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2025 Democratic Underground, LLC. Thank you for visiting.