Date: Thu, 09 Oct 2014 22:23:04 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Of Shellshock and logfiles Red Hat posted some mod_security rules as a workaround/hardening that will block a lot of the shellshock web based shenanigans, a public article with them is available here: https://access.redhat.com/articles/1212303 please note the rules should be updated to use @contains instead of the way I originally wrote them (I'm still getting the hang of mod_security). Also note the rule ID's are correct and do not need changing to avoid conflicts, we now have a vendor ID block for mod_security rules. On 09/10/14 02:51 PM, Dave Horsfall wrote: > I don't *think* I've seen this mentioned here (and apologies if so), but > somebody posited on another list that Shellshock attempts in one's Apache > logs are not directed against PHP or its scripts, but rather against those > Bash scripts that analyse the Apache logs in turn... I've heard of > similar things in mail logs, which *could* be the result of attempting to > target either Procmail or logfile analysers. > > Then again, maybe the spammers really are that desperate that they'll try > anything that they think might work. > > -- Dave > -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ