Four days after the Shellshock vulnerability was disclosed, Incapsula’s Web application firewall deflected more than 217,000 attempted exploits on more than 4,100 domains. The company recorded upwards of 1,970 attacks per hour, from more than 890 IPs around the world. Shellshock was expected to be far worse than the Heartbleed flaw, which was expected to impact about 17 percent of the secure Web servers worldwide. That added up to about 500,000 servers. That’s because Shellshock lets the hacker take over — whereas Heartbleed did not.
