The new Log4Shell vulnerability is overstated in the media. Sure this can affect Apache web servers that use a Java application to parse logs, but this is not all and it has already been patched. All you need to do is update your web server Apache installation. So many clickbait websites are saying this is the end of the world and this is all over for gamers and web users, but the impact of this is quite minimal if you update your server and install all required Apache updates. And check your Apache config as well. The CVE below contains the information you need to check to alleviate this issue in your Log4J installation, but updating the software to the latest version as I have said will fix this issue. But check the log4j2.formatMsgNoLookups setting is set to “true”. This is how to prevent this issue.
The CVE for this vulnerability.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228.
More information on this vulnerability.
https://www.kaspersky.com/blog/log4shell-critical-vulnerability-in-apache-log4j/43124/.
Education is the key, not reading the many clickbait articles that make this out to be worse than it is. As long as you keep updating the server OS and server software you will be OK, having a server running outdated server applications is asking for trouble. You must constantly update server software to address any security vulnerabilities. That is the most important thing to take from this. Subscribe to security mailing lists and keep up to date with all of the news. That will help when you are administering a server and you are responsible for keeping it safe in the modern world. if you can do that it will really help you out. Ignoring security vulnerabilities will lead you to the same road as Twitch that suffered a major security breach. That was very embarrassing indeed.
Twitch leak.
Do not let that happen to you. Having your entire database and server-side software end up in a torrent is not good publicity at all. And having your code samples shared in 4chan. The Twitch software was very interesting, but most of the Python stuff requires the installation of the Twitch Python libraries, which is easy though. But there are other video transcoding solutions out there, a modified version of FFmpeg is pretty tame. At least the database of Streamer income was interesting. I am sure the Twitch company has improved security practices after that little debacle. Hindsight is not always the best thing, it is better to aim for a proper security model in advance, instead of having to deal with the aftermath. That is not very good at all. Especially when the world is watching.