Re: Of Shellshock and logfiles

[Kurt Seifried <kseifried () redhat com>]

Red Hat posted some mod_security rules as a workaround/hardening that
will block a lot of the shellshock web based shenanigans, a public
article with them is available here:

https://access.redhat.com/articles/1212303

please note the rules should be updated to use @contains instead of the
way I originally wrote them (I'm still getting the hang of
mod_security). Also note the rule ID's are correct and do not need
changing to avoid conflicts, we now have a vendor ID block for
mod_security rules.


On 09/10/14 02:51 PM, Dave Horsfall wrote:
> I don't *think* I've seen this mentioned here (and apologies if so), but 
> somebody posited on another list that Shellshock attempts in one's Apache 
> logs are not directed against PHP or its scripts, but rather against those 
> Bash scripts that analyse the Apache logs in turn...  I've heard of 
> similar things in mail logs, which *could* be the result of attempting to 
> target either Procmail or logfile analysers.
>
> Then again, maybe the spammers really are that desperate that they'll try 
> anything that they think might work.
>
> -- Dave

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature