shellshock probing
Cole Tierney
cole.putnamhill at comcast.net
Wed Apr 1 21:07:29 UTC 2015
Thanks mex, I’ll check it out.
> On Apr 1, 2015, at 4:50 PM, mex <nginx-forum at nginx.us> wrote:
>
> hi cole,
>
> if implemetable you couldd use naxsi https://github.com/nbs-system/naxsi
> for this, there exists a rule to detect and block
> shellshock-exploit-attempts:
>
> MainRule "str:() {" "msg:Possible Remote code execution through Bash
> CVE-2014-6271" "mz:BODY|HEADERS" "s:$ATTACK:8" id:42000393 ;
>
> see -> http://spike.nginx-goodies.com/rules/view/42000393
>
> there is also an extended ruleset available
> -> https://bitbucket.org/lazy_dogtown/doxi-rules
>
> cheers,
>
> mex
More information about the nginx
mailing list