[Snort-sigs] Wordpress-attack

Joel Esler (jesler) jesler at ...3865...
Mon Feb 22 09:55:54 EST 2016


It would help us immensely if you were able to provide an example of what the attack looked like?  A packet capture?

--
Joel Esler
Manager, Talos Group




On Feb 20, 2016, at 10:42 AM, ARUN LAL <arunlal7701 at ...2420...<mailto:arunlal7701 at ...2420...>> wrote:

Hi All,

Currently we have seen some Word press and PHP injection to our domain via snorby(Snort) Our server currenlt have snort and ossec. Could you please suggest some snort rule that blocks IP automatically when this type of event happens.

Thanks in Advance :)

Regards
Arunlal

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160222/48330463/attachment.html>


More information about the Snort-sigs mailing list