26 Sep

Shellshock is a vulnerability that could allow a black hat hacker* to remotely take control of a system through Bash (Bourne-again shell) which is a program used to make changes, write scripts, and control a server remotely in everyday tasks. Unix-based systems like Linux and Mac are the only systems affected, but since most of the internet is served by Linux-based servers, chances are if you have a site, it’s served on Linux.

We can help

If you already host with us, then your system has been updated already. If you host with someone else or run your own dedicated system, Perelli Concepts can check your website server for the Shellshock vulnerability. There is no charge at all to do a check, and if you need a patch then we can let you know and take care of it immediately. If you are on an all inclusive shared, or maintenance plan of some sort with your provider, then you may have been patched already – but you should call, chat or email them right away to check.

If you run your own site or are unsure contact us here and we can help you out.

Check it yourself with Bash

Log into your root terminal and run this test command to check if you are vulnerable:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If your system is not vulnerable, and you are in the clear it will return:

bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x'
hello

Or anything with just “hello” is good, but if you have the vulnerability it will say:

vulnerable
hello

If it says this, update, upgrade and patch the system immediately.

*Not all hackers are bad, white hat hackers do good things