Hi guys, For a few weeks now, we have been hammered with Apache Log4j logging remote code execution attempts from host0484.sdjihtbwyu8rtgutrw.com / 95.214.55.244. How can I absolutely ensure this traffic is dropped? The MX identifies that this traffic originates from Poland, so I have added that country to our Geo blocklist. I've also added a L7 rule to deny this IP. Are there any other steps I should take to combat this threat actor? We are an SME and there's only a handful of us in IT, none of us are security specialists, so I want to make as sure as I can that this IP is blackholed, blocked, bounced, whatever - as long as it doesn't get though! Thanks all J 🙂
... View more