[Snort-sigs] Wordpress Login

James Lay jlay at ...3266...
Thu Apr 18 18:59:57 EDT 2013


Seeing as there's so much WP excitement these days:

alert tcp $HOME_NET $HTTP_PORTS -> $EXTERNAL_NET any 
(msg:"SERVER-WEBAPP Wordpress Incorrect Login possible bruteforce"; 
content:"Error"; content:"Incorrect password"; depth:200; fast_pattern; 
reference:url,http://blog.spiderlabs.com/2013/04/defending-wordpress-logins-from-brute-force-attacks.html; 
classtype:trojan-activity; sid:10000047; rev:1;)

For those that host it...not sure if a threshold should be set.

James




More information about the Snort-sigs mailing list