Title: shellshock (bash) scanning Last modified: August 22, 2016 --- # shellshock (bash) scanning * [webby1973](https://wordpress.org/support/users/webby1973/) * (@webby1973) * [11 years, 7 months ago](https://wordpress.org/support/topic/shellshock-bash-scanning/) * Hello, * could you please update WF to automatically block the so called shellshock scanning? I saw several scans toward one of my host, with “shellshock-scan” and other agent identifiers trying to check the bash bug (they were not the Robert Graham of Errata Security scans but some malware scanning). * Thank you. * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 3 replies - 1 through 3 (of 3 total) * [WFSupport](https://wordpress.org/support/users/wfsupport/) * (@wfsupport) * [11 years, 7 months ago](https://wordpress.org/support/topic/shellshock-bash-scanning/#post-5359891) * Can you send a few more details of the scans to tim [at] wordfence.com. I want to pass that to the dev team to ask. I’d be interested in anything you saw in the log that flagged it for you. * I know all our servers in the data center were patched very soon after we announced it on our site here: [http://www.wordfence.com/blog/2014/09/major-bash-vulnerability-disclosed-may-affect-a-large-number-of-websites-and-web-apps/](http://www.wordfence.com/blog/2014/09/major-bash-vulnerability-disclosed-may-affect-a-large-number-of-websites-and-web-apps/) * I’ll let you know what the dev team says. * Thanks! * tim * Thread Starter [webby1973](https://wordpress.org/support/users/webby1973/) * (@webby1973) * [11 years, 7 months ago](https://wordpress.org/support/topic/shellshock-bash-scanning/#post-5359997) * Hi Tim, I have a plugin called “WP Sattistics” showing all the User Agents visiting the website (it’s still under construction, with a plugin protecting the actual pages). I see agents such as: – masscan (both the “good” one by Robert David Graham and the fakes one by black-hat hackers); – shellshock-scan * And as “Platforms” (such as Android, iOS, Windows, etc.) wierd things that are malware scanners, eg. “-c 1 198.101.206.138” and other strings. See an exemple: 1st row = my website 2nd/3rd/4th/5th rows = User Agent, Platform, version, UAString 6th/7th rows = IP, location [http://www.[munged].it() { :;}; -c \"echo testing9123123\"; /bin/uname -a bin/bash 54.251.83.67 SG * [GeekSpecialties](https://wordpress.org/support/users/geekspecialties/) * (@geekspecialties) * [11 years, 7 months ago](https://wordpress.org/support/topic/shellshock-bash-scanning/#post-5360000) * I agree it would be nice to block these. * Until then you can test your server for the vulnerability with a plugin. * [https://wordpress.org/plugins/shellshock-check/](https://wordpress.org/plugins/shellshock-check/) Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘shellshock (bash) scanning’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [bash](https://wordpress.org/support/topic-tag/bash/) * [shell](https://wordpress.org/support/topic-tag/shell/) * 3 replies * 3 participants * Last reply from: [GeekSpecialties](https://wordpress.org/support/users/geekspecialties/) * Last activity: [11 years, 7 months ago](https://wordpress.org/support/topic/shellshock-bash-scanning/#post-5360000) * Status: not resolved