Following the public disclosure of the critical Log4j vulnerability (CVE-2021-44228), widely referred to as "Log4Shell," we want to inform our customers of the proactive steps we have taken to safeguard our infrastructure. While our core hosting stack is PHP, DirectAdmin, and CloudLinux based and does not rely on the affected Java library, we treat any vulnerability of this severity as a priority.
We have completed a full scan of our network for any vulnerable Log4j components, applied mitigations to the limited number of ancillary monitoring and management tools where the library was present, and added detection rules at our edge to block known exploitation patterns. A brief maintenance window will run in the early morning of Monday, December 13th, 2021, from 2:00AM to 5:00AM EST to finalize these updates and rotate affected service credentials as a precaution.
This work takes advantage of our network's redundancy and resiliency, so no further action is required on your part. The most you should witness are potential brief periods of increased latency and/or packet loss. If you experience any issues extending beyond this window, or if you have questions about your own applications, please contact us at support@xwebhosting.org.
星期日, 十二月 12, 2021
