On 9/26/2014 3:36 PM, Valeri Galtsev wrote: > On Fri, September 26, 2014 5:13 pm, John R Pierce wrote: >> >On 9/26/2014 2:51 PM, Always Learning wrote: >>> >>Probably all Windoze >> > >> >linux apache web servers with the bash exploit are getting owned en >> >masse today. my (patched) internet web server has logged 100s and >> >100s of attempts like... >> > >> >66.186.2.172 - - [26/Sep/2014:00:49:29 -0700] "GET /cgi-bin/test.sh > I feel really stupid, but I have to ask. If your server wasn't patched, it > only would have owned by the above if that file exists, is executable by > apache and it indeed invokes bash (say, has #!/bin/bash or whatever bash > location is as first line), right? no. mod_cgi launches /bin/sh and passes it the command, even if the file doesn't exist. and /bin/sh is linked to bash -- john r pierce 37N 122W somewhere on the middle of the left coast