shellshock probing

Cole Tierney cole.putnamhill at comcast.net
Wed Apr 1 21:07:29 UTC 2015


Thanks mex, I’ll check it out.

> On Apr 1, 2015, at 4:50 PM, mex <nginx-forum at nginx.us> wrote:
> 
> hi cole, 
> 
> if implemetable you couldd use naxsi https://github.com/nbs-system/naxsi
> for this, there exists a rule to detect and block
> shellshock-exploit-attempts:
> 
> MainRule "str:() {" "msg:Possible Remote code execution through Bash
> CVE-2014-6271" "mz:BODY|HEADERS" "s:$ATTACK:8" id:42000393  ;
> 
> see -> http://spike.nginx-goodies.com/rules/view/42000393
> 
> there is also an extended ruleset available
> -> https://bitbucket.org/lazy_dogtown/doxi-rules
> 
> cheers, 
> 
> mex



More information about the nginx mailing list