Date: Thu, 09 Oct 2014 22:23:04 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Of Shellshock and logfiles Red Hat posted some mod_security rules as a workaround/hardening that will block a lot of the shellshock web based shenanigans, a public article with them is available here: https://access.redhat.com/articles/1212303 please note the rules should be updated to use @contains instead of the way I originally wrote them (I'm still getting the hang of mod_security). Also note the rule ID's are correct and do not need changing to avoid conflicts, we now have a vendor ID block for mod_security rules. On 09/10/14 02:51 PM, Dave Horsfall wrote: > I don't *think* I've seen this mentioned here (and apologies if so), but > somebody posited on another list that Shellshock attempts in one's Apache > logs are not directed against PHP or its scripts, but rather against those > Bash scripts that analyse the Apache logs in turn... I've heard of > similar things in mail logs, which *could* be the result of attempting to > target either Procmail or logfile analysers. > > Then again, maybe the spammers really are that desperate that they'll try > anything that they think might work. > > -- Dave > -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.