Monday, March 2. 2015

"Shellshock" is the name of a range of 6 vulnerabilities with the BASH command shell in linux. Details about the vulnerability can be found here (wikipedia).

When running the security Onion (see previous post), I noticed that people were trying various files to find a vulnerability on my webserver. Being the curious type, this prompted me to think, what is being queried and can I log it, following on to what would the malware do if I respond to it, if there is a pattern with the filename.

In order to try to find out more about this, I modified my 404 page (a php script) to include a file, which will record the information for us.