Bash ShellShock bug – Find out if you’ve been “tested”

Rob —  September 26, 2014 — 3 Comments

We’ve seen the articles about how to find out if you’re vulnerable to the bash shellshock bug, we’ve also seen the articles on how to patch your system.  What I’ll show you is how to find out if people are testing your system.

First, ssh into your server and find your http access logs. Some common places are:
cPanel: /usr/local/apache/domlogs/
Debian/Apache: /var/log/apache2/
CentOS: /var/log/httpd/

Once you find them, you can cat them, grepping for this pattern:

You can make it prettier by using awk…
This will show me the IP addresses that have tried it..

(print $1 means print the first column. Your access log might have the IP in a different column.. try $3 if $1 doesn’t work)

This will show me how many times each IP hit me:

Then, i can take it further by using csf to block anyone who’s tried it:

Related posts from Linux Brigade!

  • Add time and date to your bash historyAdd time and date to your bash history Often, you’ll go looking for a shell command that you used in the past – you can remember around when you did it but of course that won’t help you because by default the bash history won’t […]
  • Valve’s Steambox will help Linux gamingValve’s Steambox will help Linux gaming If you’re a gamer, then you’ve heard of the steambox. This is Valve’s answer to the xbox, ouya, etc.. offering gaming in your living room.

    They’ll be announcing something today at 10am […]

  • Try a DigitalOcean VPS free for a month (or two)Try a DigitalOcean VPS free for a month (or two) Have you been meaning to try out an SSD Linux server on Digital Ocean but keep putting it off? LinuxBrigade.com is currently being hosted on a DigitalOcean server and now you can get a […]
  • Learn the CSF command line options You have CSF installed and use the GUI to do most things.  (If you don’t have it installed yet, you can read our article on how to install csf).  BUT – knowing the csf (ConfigServer […]
  • Warning: Skipping the data of table mysql.event.Warning: Skipping the data of table mysql.event. Your MySQL script was running great, but then you started getting errors – If you get this warning when dumping the mysql database, it’s not a bug – MySQL did this on purpose because they […]
In Security , ,
 permalink

Trackbacks and Pingbacks:

  1. How to patch your Linux system for shell shockLinux News Pro - September 26, 2014

    […] LinuxBrigade has a nice tutorial explaining how to find out of you’ve been ‘tested’ yet by the community.. also, how to auto block them with CSF! Article here: http://www.linuxbrigade.com/bash-shellshock-bug-find-youve-tested/ […]
  2. Bonus bash thoughts but no change on my view, | Bananas in the Falklands - September 27, 2014

    […] from here [not this blog] The scan looks […]
  3. How to patch bash for shell shock in CentOS, Ubuntu, etc.. | PCFlex T.I. - October 7, 2014

    […] LinuxBrigade has a nice tutorial explaining how to find out of you’ve been ‘tested’ yet by the community.. also, how to auto block them with CSF! Article here: http://www.linuxbrigade.com/bash-shellshock-bug-find-youve-tested/ […]

Leave a Reply

Text formatting is available via select HTML. 

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

*