Mobile app version of vmapp.org
Login or Join
Angela700

: Time for an official answer. What I learned is that hackers like to try to exploit the shell shock bug with variants. They like to try to use lines containing (){} and ( ){:;} and similar,

@Angela700

Time for an official answer.

What I learned is that hackers like to try to exploit the shell shock bug with variants. They like to try to use lines containing (){} and ( ){:;} and similar, where the only differences for the most part are the number of spaces between each character.

It's a matter of when apache writes data to the system's environment table (for example: setting an environment variable such as REQUEST_URI) that counts. If apache writes data before processing the mod_rewrite module, then configuring .htaccess using RewriteRule directives will have no effect.

The best thing to do is to access SSH (server shell) and enter commands to see if your system is vulnerable and if it is, then it needs to be patched.

See access.redhat.com/articles/1200223 for instructions on commands to type into the shell.

If you are on shared hosting or you have no access to SSH or a shell, then contact the administrator of your hosting environment and tell them to check the server for the vulnerability and fix as necessary.

Since you are concerned about this, what you should do ASAP is back up every piece of valuable website content you have along with any databases you have running just in case a hacker ends up trashing the server.

10% popularity Vote Up Vote Down


Login to follow query

More posts by @Angela700

0 Comments

Sorted by latest first Latest Oldest Best

Back to top | Use Dark Theme