1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[URGENT] If you host using Linux or BSD read this NOW.

Discussion in 'BlackHat Lounge' started by bartosimpsonio, Sep 26, 2014.

  1. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,833
    Likes Received:
    7,446
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/

    Here's a trick I used for a long time: Change your SSH shell port to something other than 22. I used to have my SSH port at 33333 for example, when you ssh into your box, do ssh -p 33333

    Hackers have to scan all ports from 22 to 33333 to find your SSH process by then I hope your tripwire catches the MF's.

    Also: Unless you still live in 1995, deny all access to /cgi-bin/ on your server.

    Lastly : Check every PHP program you got on your server and patch it NOW.

    This thing is for real, there's a worm out there and it'll fuck all your sites if it gets in via any of these paths.
     
    • Thanks Thanks x 1