http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/ Here's a trick I used for a long time: Change your SSH shell port to something other than 22. I used to have my SSH port at 33333 for example, when you ssh into your box, do ssh -p 33333 Hackers have to scan all ports from 22 to 33333 to find your SSH process by then I hope your tripwire catches the MF's. Also: Unless you still live in 1995, deny all access to /cgi-bin/ on your server. Lastly : Check every PHP program you got on your server and patch it NOW. This thing is for real, there's a worm out there and it'll fuck all your sites if it gets in via any of these paths.