So a few weeks back when the Shellshock issues came to light, I took early precautions and patched my personal Ubuntu web server (not my blog server, just a personal one I use for family photos and things).
Phew, I was safe!
Or so I thought…
Well apparently not! I discovered last night when noticing some odd connections being accepted and blocked on my firewall, it turns out that there have been several waves of vulnerabilities, all with associated fixes. Patching my server 3+ weeks ago was not sufficient to catch all of the updates.
I trawled through the logs and processes on my web server and found a few dodgy things, then went to https://shellshocker.net/ and manually ran all of their tests. From this I discovered that I was still vulnerable to three exploits and one had been exploited!
Fortunately it appears that the worst which had happened is that the attacker had gained access, but hadn’t actually used it for anything yet. I have recently implemented Veeam for backing up my home lab, and I retain backups for 14 days, so I was able to restore an older backup prior to the attack, then quickly patch the restored server to ensure I was no longer vulnerable.
Finally I ran the following checker against my home and blog sites:
http://shellshock.brandonpotter.com/
Phew, I was safe!
To cheesily quote this week’s episode of The Walking Dead:
No matter what anyone says, no matter what you think… You are not safe! It only takes one second, one second and it’s over. Never let your guard down. Ever.
Stay safe! 🙂