Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 09 Oct 2014 22:23:04 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Of Shellshock and logfiles

Red Hat posted some mod_security rules as a workaround/hardening that
will block a lot of the shellshock web based shenanigans, a public
article with them is available here:

https://access.redhat.com/articles/1212303

please note the rules should be updated to use @contains instead of the
way I originally wrote them (I'm still getting the hang of
mod_security). Also note the rule ID's are correct and do not need
changing to avoid conflicts, we now have a vendor ID block for
mod_security rules.


On 09/10/14 02:51 PM, Dave Horsfall wrote:
> I don't *think* I've seen this mentioned here (and apologies if so), but 
> somebody posited on another list that Shellshock attempts in one's Apache 
> logs are not directed against PHP or its scripts, but rather against those 
> Bash scripts that analyse the Apache logs in turn...  I've heard of 
> similar things in mail logs, which *could* be the result of attempting to 
> target either Procmail or logfile analysers.
> 
> Then again, maybe the spammers really are that desperate that they'll try 
> anything that they think might work.
> 
> -- Dave
> 

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ