Posted on December 11, 2021

FullHost and Log4j Vulnerability

As was widely reported yesterday, a critical unknown vulnerability was found in log4j, an open-source logging library used by apps and services across the internet. If exploited, the vulnerability would allow remote code execution on vulnerable servers.

When this zero-day exploit was announced, we began a deep dive in to reviewing the impact that this would have on us and you and made an announcement on Twitter that we were aware of this vulnerability.

With clients that have reached so far to get information regarding this, there appears to be some confusion over what is impacted. This vulnerability does not affect the Apache Web Server, which is commonly used in our services, but impacts Apache Log4j. The Apache Software Foundation, started in 1999, supports a number of open-source software projects which include both the Apache Web Server and Log4j. Log4j is a Java based logging package which is seldomly used with the services we provide.

As a result, the impact surface of this vulnerability was rather narrow for services we manage as Log4j is not utilized as part of our normal deployment.

  • Managed Cloud Servers using Elasticsearch or Apache Solr were possibly vulnerable and mitigation measures were put in place as soon as they became available.

We have conducted a thorough review of our Elastic Hosting, Multi Account Reseller Hosting, Managed WordPress Hosting, and Email Hosting were unaffected by this vulnerability. Other than the noted Managed Cloud Server above utilizing Elasticsearch or Apache Solr, were as well not impacted.

Where this vulnerability could have impacts is with our Self Managed Cloud Servers. As we are not managing these servers, nor have access to the server itself, we are unable to conduct a review of the impacts this would have with the environments that have been set up.

If you have one of our Self Managed Cloud Servers, it is strongly recommended to conduct your own independent assessment of your set up and take necessary steps and actions to mitigate this vulnerability. We have reached out to some of these clients where we could see from the outside that this vulnerability may be impacting them.

As more and more information come to light on this vulnerability, we will be updating this blog post with any other pertinent and relevant information that you, our clients, should be aware of as well as any further actions we have taken to mitigate this vulnerability.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trusted by Clients Across All Industries

Don’t take our word for it - let our happy clients do the talking. See More

Full Host did an amazing job of migrating my site seamlessly onto their server. My only regret was not switching my site over to them sooner. Now it is performing great, images are uploading way faster than ever before.

" Vancouver Sofa and Patio - Jerry Schmidt

Two thumbs up for Fullhost! Agents reply to me fairly quickly or at least let me know they received the ticket and are looking into it. Kudos to the support team as they have always given me exactly what I need without delays.

" Universal Staffing Inc. - Anthony Calvano

FullHost is an absolute pleasure to work with, and their customer service is exceptional. Whenever I have questions or need adjustments, they are there to help, quickly, efficiently, with answers and insights.

" Mooseworld Inc. Norine Leibel

With coast to coast coverage,
We help you serve the world.

Whether your audience is located in Europe, Asia, Africa, or Australia, provide them with lightening speed!

FullHost's data centers are located in Toronto and Vancouver to ensure worldwide quality and speed.

Get in Touch
We Trust Only The Best Tech to Support You

FullHost operates with the most innovative technology to bring you unparalleled levels of hosting services.