Snort mailing list archives
Wordpress Login
From: James Lay <jlay () slave-tothe-box net>
Date: Thu, 18 Apr 2013 16:59:57 -0600
Seeing as there's so much WP excitement these days: alert tcp $HOME_NET $HTTP_PORTS -> $EXTERNAL_NET any (msg:"SERVER-WEBAPP Wordpress Incorrect Login possible bruteforce"; content:"Error"; content:"Incorrect password"; depth:200; fast_pattern; reference:url,http://blog.spiderlabs.com/2013/04/defending-wordpress-logins-from-brute-force-attacks.html; classtype:trojan-activity; sid:10000047; rev:1;) For those that host it...not sure if a threshold should be set. James ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Wordpress Login James Lay (Apr 18)