Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_SERVER .PHP being served from WP 1-flash-gallery Upload DIR (likely malicious)"; flow:established,to_server; http.uri; content:"/wp-content/uploads/fgallery/"; fast_pattern; nocase; content:".php"; nocase; distance:0; classtype:bad-unknown; sid:2015518; rev:6; metadata:created_at 2012_07_24, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_22;)