Rule History

alert dns [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_CLIENT Wordpress possible Malicious DNS-Requests - upload.wikimedia.com.*"; dns.query; content:".upload.wikimedia.com."; nocase; isdataat:1,relative; pcre:"/(?:^|\.)upload\.wikimedia\.com\./i"; reference:url,web.archive.org/web/20110807204218/http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/; reference:url,web.archive.org/web/20111102155359/blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html; classtype:web-application-attack; sid:2013359; rev:3; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2011_08_04, deployment Datacenter, deprecation_reason Relevance, performance_impact Low, signature_severity Major, tag Wordpress, updated_at 2023_06_05;)