[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228
Arne Vajhøj
arne at vajhoej.dk
Wed Dec 15 13:19:02 EST 2021
On 12/15/2021 12:51 PM, David Turner wrote:
> I wonder if there is anything that can be done in the .htaccess file
I don't think so.
It must be possible to come up with blocking rules for mod_security though.
> I have most countries outside of our business realm blocked so they
> cannot even connect to the website
> Since these attempts are typically made by a few malicious players in a
> few countries, blocking access via country and ip has really helped us
That can help against amateur hackers.
It does not help against the more professional hackers.
This vulnerability is supposedly already being exploited by what
is known as "state actors".
Arne
More information about the Info-vax
mailing list