If you run a website, then you’ve probably heard about a massive new security flaw called Shellshock. Any web server using Unix, Linux or Mac OS X is at risk of being hacked into and giving root access to all of your files.
As you might guess, everyone’s freaked out. We all know it’s bad, but what exactly does the Shellshock bug mean to the average blogger or business owner and how do you test your server to see if you’re at risk? In this video, YouTube user Tom Scott tells you everything you need to know about Shellshock in just 4 mins. We’ve also posted some shell commands that will enable you to test your server below.
If you want to see if you’re at risk from Shellshock, then connect to your server and copy and paste the below into a command prompt (doesn’t have to be root).
env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’
If it echoes the below you are vulnerable:
[root@eur-centosweb02 rtm-admin]# env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’
vulnerable
hello
If you are patched it will echo the following:
[root@rtm-centosweb ~]# env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
hello
If you want to check your httpd access logs to see if hackers have been checking you out:
cat /var/log/httpd/access_log | grep “{ :;}”
If you’re unsure about using command line, then ask a professional for help. Command line can be pretty powerful stuff. Whatever you do, DON’T type “rm -rf /” unless you want to erase everything. Those 8 characters have the power to kill. Be careful and good luck!
Frank Wilson is a retired teacher with over 30 years of combined experience in the education, small business technology, and real estate business. He now blogs as a hobby and spends most days tinkering with old computers. Wilson is passionate about tech, enjoys fishing, and loves drinking beer.
VIDEO: Massive Wasp Nest On Living Room Window
Leave a Reply
You must be logged in to post a comment.