Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 09 Oct 2014 22:23:04 -0600
From: Kurt Seifried <>
Subject: Re: Of Shellshock and logfiles

Red Hat posted some mod_security rules as a workaround/hardening that
will block a lot of the shellshock web based shenanigans, a public
article with them is available here:

please note the rules should be updated to use @contains instead of the
way I originally wrote them (I'm still getting the hang of
mod_security). Also note the rule ID's are correct and do not need
changing to avoid conflicts, we now have a vendor ID block for
mod_security rules.

On 09/10/14 02:51 PM, Dave Horsfall wrote:
> I don't *think* I've seen this mentioned here (and apologies if so), but 
> somebody posited on another list that Shellshock attempts in one's Apache 
> logs are not directed against PHP or its scripts, but rather against those 
> Bash scripts that analyse the Apache logs in turn...  I've heard of 
> similar things in mail logs, which *could* be the result of attempting to 
> target either Procmail or logfile analysers.
> Then again, maybe the spammers really are that desperate that they'll try 
> anything that they think might work.
> -- Dave

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.