""ET CURRENT_EVENTS Possible FortDisco Wordpress Brute-force Site list download 10+ wp-login.php""
SID: 2017310
Revision: 2
Class Type: trojan-activity
Metadata: affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2013_08_12, deployment Datacenter, signature_severity Major, tag Wordpress, updated_at 2013_08_12
Reference:
-
md5
-
722a1809bd4fd75743083f3577e1e6a4
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "/wp-login.php|0d 0a|"
-
Value: "/wp-login.php|0d 0a|"
-
Value: "/wp-login.php|0d 0a|"
-
Value: "/wp-login.php|0d 0a|"
-
Value: "/wp-login.php|0d 0a|"
-
Value: "/wp-login.php|0d 0a|"
-
Value: "/wp-login.php|0d 0a|"
-
Value: "/wp-login.php|0d 0a|"
-
Value: "/wp-login.php|0d 0a|"
-
Value: "/wp-login.php|0d 0a|"
-
Value: "/wp-login.php|0d 0a|"
Within:
PCRE:
Special Options:
-
file_data
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase