oss-sec mailing list archives
Re: Of Shellshock and logfiles
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 09 Oct 2014 22:23:04 -0600
Red Hat posted some mod_security rules as a workaround/hardening that will block a lot of the shellshock web based shenanigans, a public article with them is available here: https://access.redhat.com/articles/1212303 please note the rules should be updated to use @contains instead of the way I originally wrote them (I'm still getting the hang of mod_security). Also note the rule ID's are correct and do not need changing to avoid conflicts, we now have a vendor ID block for mod_security rules. On 09/10/14 02:51 PM, Dave Horsfall wrote:
I don't *think* I've seen this mentioned here (and apologies if so), but somebody posited on another list that Shellshock attempts in one's Apache logs are not directed against PHP or its scripts, but rather against those Bash scripts that analyse the Apache logs in turn... I've heard of similar things in mail logs, which *could* be the result of attempting to target either Procmail or logfile analysers. Then again, maybe the spammers really are that desperate that they'll try anything that they think might work. -- Dave
-- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Of Shellshock and logfiles Dave Horsfall (Oct 09)
- Re: Of Shellshock and logfiles Kurt Seifried (Oct 09)