Bash ShellShock bug – Find out if you’ve been “tested”

Rob —  September 26, 2014 — 3 Comments

We’ve seen the articles about how to find out if you’re vulnerable to the bash shellshock bug, we’ve also seen the articles on how to patch your system.  What I’ll show you is how to find out if people are testing your system.

First, ssh into your server and find your http access logs. Some common places are:
cPanel: /usr/local/apache/domlogs/
Debian/Apache: /var/log/apache2/
CentOS: /var/log/httpd/

Once you find them, you can cat them, grepping for this pattern:

You can make it prettier by using awk…
This will show me the IP addresses that have tried it..

(print $1 means print the first column. Your access log might have the IP in a different column.. try $3 if $1 doesn’t work)

This will show me how many times each IP hit me:

Then, i can take it further by using csf to block anyone who’s tried it:

Related posts from Linux Brigade!

  • Add time and date to your bash historyAdd time and date to your bash history Often, you’ll go looking for a shell command that you used in the past – you can remember around when you did it but of course that won’t help you because by default the bash history won’t […]
  • Download Linux – Links to 20 popular distributionsDownload Linux – Links to 20 popular distributions I always find myself telling people to just download Linux. This usually follows up with “which distribution” and i’ll recommend a couple but always end with “try a few and see which one […]
  • LFD: Excessive resource usage If you run the CSF/LFD firewall on your server then you’ve no doubt seen the emails complaining about high resource usage for various accounts. This small tutorial will show you how to […]
  • Manually run ClamAV on cPanel and check every userManually run ClamAV on cPanel and check every user If you’re running WHM/cpanel and want to run a scan on every user manually, perhaps when first installing ClamAV, you’ll want to run this command which is endorsed by cPanel […]
  • Download CentOS 7 Nightly BuildsDownload CentOS 7 Nightly Builds As the CentOS folks are working on releasing a final version of CentOS 7, you can get in on the action and download their nightly builds. We’re estimating (guessing? Based on previous […]

Trackbacks and Pingbacks:

  1. How to patch your Linux system for shell shockLinux News Pro - September 26, 2014

    […] LinuxBrigade has a nice tutorial explaining how to find out of you’ve been ‘tested’ yet by the community.. also, how to auto block them with CSF! Article here: http://www.linuxbrigade.com/bash-shellshock-bug-find-youve-tested/ […]

  2. Bonus bash thoughts but no change on my view, | Bananas in the Falklands - September 27, 2014

    […] from here [not this blog] The scan looks […]

  3. How to patch bash for shell shock in CentOS, Ubuntu, etc.. | PCFlex T.I. - October 7, 2014

    […] LinuxBrigade has a nice tutorial explaining how to find out of you’ve been ‘tested’ yet by the community.. also, how to auto block them with CSF! Article here: http://www.linuxbrigade.com/bash-shellshock-bug-find-youve-tested/ […]

Leave a Reply

Text formatting is available via select HTML.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url=""> 

*