Log4Shell Exploit and How to Protect Your Linux System

Log4Shell Exploit and How to Protect Your Linux System

The internet technology is currently growing very rapidly. Unfortunately, these developments do not always have a positive impact. There are also negative impacts that haunt these internet users. One of them is the very annoying Log4Shell bug.

The hackers carried out their attacks on the Java-based platform on Apache Log4j. Apache itself is a server on the web that can run on many operating systems.

The server is useful for serving and enabling websites to protocols to facilitate www using http. Hackers saw the Log4Shell vulnerability in the Apache logging platform.

How the Log4Shell Bug Works

How the Log4Shell Bug Works

The threat of the Log4Shell bug is scary because of how it works in the form of malicious malware. The hackers will send malware into the computer or mobile device.

The malware will allow attackers to perform remote commands by searching or converting the victim’s browser into a special string.

The types of bugs that hackers use in Log4Shell are Mirai and Muhstik threats. The malware family also includes IoT devices and botner servers.

The Microsoft Team said that a vulnerability in the Log4j system could also be exploit to bring down Cobalt Strike.

Cobalt Strike has uses for attacking malicious devices and further network surveillance.

If Cobalt Strike is destroyed, then there will be nothing to hold malware or malicious devices on the server or network.

Log4Shell was First Discovered in Minecraft

Log4Shell was First Discovered in Minecraft

This exploit of the server security flaw appears to have first appeared in the Minecraft app. Minecraft is a popular online game for kids by Microsoft.

A cybersecurity expert said that Minecraft does have vulnerabilities in its security system.

That’s what makes it easier for hackers to send malicious malware. They will send short messages in the chat box to other users and start contaminating other applications.

From the Microsoft side, they will issue a software update for the game application. Not only Microsoft, security researchers also found evidence of vulnerabilities on other servers.

These servers include Amazon, Apple, Cloudflare, and even Twitter social media.

Consequences

Seeing the danger of the Log4Shell bug threat, the consequences that will arise are also very dangerous.

Moreover, Log4Shell is often use on government websites for security verification. Therefore, it is not impossible that many people will become victims.

The actors controlling the malware on Log4Shell seem to be after users’ cryptocurrencies.

Cryptocurrency is a digital currency that is very popular lately. The hacker actors want to steal web users’ crypto by inserting their malware there.

Read More :

This is very detrimental because not only money is stolen, but other data on the device.

Get Rid of the Log4Shell Bug Malware

Get Rid of the Log4Shell Bug Malware

The threat of a Log4Shell bug will quickly spread to servers around the world. Therefore, several countries have carried out large-scale eradication.

One country that does is Canada in the Americas. The Canadian government shut down nearly 4,000 government websites.

The reason is, the website uses the Apache Log4j login system which has great potential to become an attack by hackers.

The site covers education, public administration, and even health. The closure occurred because the Canadian government did not want its people to become victims of the cyber attack.

The Canadian government revealed that there was no evidence that the site was contaminate with the Log4Shell bug threat. Even so, the closure of 4,000 government websites is a precautionary measure.

How to Scan Your Apache Server for Vulnerabilities

As these vulnerabilities greatly affect cybersecurity and the software community, it is not surprising that there are tools available for administrators to scan their servers for vulnerabilities.

One such scanner is the Log4j-RCE Scanner which allows you to scan remote command execution vulnerabilities in Apache Log4j across multiple addresses.

Installing Log4j-RCE-Scanner

Before we begin, we need to install the dependencies, httpx and curl.

Curl can be easily installed on Ubuntu and Debian based systems using apt.

The same can be done on Arch Linux using pacman.

And on CentOS and Fedora installations using yum.

Installing httpx can be done with the following command ;

git clone https://github.com/projectdiscovery/httpx
cd httpx/cmd/httpx && go build .
sudo mv httpx /usr/local/bin/

After installing all the required dependencies, clone the Log4J-RCE-Scanner repository: ;

git clone https://github.com/adilsoybali/Log4j-RCE-Scanner

Finally, add the necessary execute permissions for the Bash script ;

chmod +x log4j-rce-scanner.sh

After you have installed the scanner, the next steps are;

Read the script help section by typing:

bash log4j-rce-scanner.sh -h

Now, you can scan your Apache server for Log4shell vulnerabilities.

bash log4j-rce-scanner.sh -d [domain] -b [Burp collaborator]

You can specify your domain and Burp Collaborator using -d and -bS. If your domain is vulnerable, a DNS callback with the vulnerable domain name is sent to the burp collaborators.

Alternatively, -l can also be used to specify a list of domains.

How to Patch Apache

To work around this vulnerability, it is very important to keep your Apache configuration up to date.

Checking the Apache version can be done by checking from your administration panel, such as CPanel, or WebHost Manager. You can also check the version by running the httpd -v.

Apache can be updated to the latest and most secure version using apt on Debian and Ubuntu systems.

sudo apt update && sudo apt upgrade apache2

The same result is also achieved using yum on CentOS

Conclusion

In addition, you can also do your own prevention so that harmful malware does not enter the device. Here are some ways you can do it.

  • Always download trusted and official anti-virus software. Do not be careless because it has the potential to bring the virus itself.
  • Keep your application and operating system up to date.
  • Never open ads while surfing the web. Clicking on an ad takes you to their web page which is not necessarily malware-free.
  • Be wary of messages asking for personal confirmation. If you don’t think you’ve done it, then simply ignore it and change your social media passwords immediately.
  • Be careful when downloading apps. Keep downloading only on Google Play Store, App Store, or Microsoft Store.

In addition to the above, in order to avoid the threat of the Log4Shell bug, Microsoft as the Minecraft developer suggests updating the application immediately.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like