[Snort-sigs] Wordpress-attack

Joel Esler (jesler) jesler at ...3865...
Mon Feb 22 09:55:54 EST 2016

It would help us immensely if you were able to provide an example of what the attack looked like?  A packet capture?

Joel Esler
Manager, Talos Group

On Feb 20, 2016, at 10:42 AM, ARUN LAL <arunlal7701 at ...2420...<mailto:arunlal7701 at ...2420...>> wrote:

Hi All,

Currently we have seen some Word press and PHP injection to our domain via snorby(Snort) Our server currenlt have snort and ossec. Could you please suggest some snort rule that blocks IP automatically when this type of event happens.

Thanks in Advance :)


Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net

Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160222/48330463/attachment.html>

More information about the Snort-sigs mailing list