Versions (2)
Version DetailsCurrent
Rev: 5 • Jul 23, 2014, 12:00 PMET SCAN Possible WordPress xmlrpc.php wp.getUsersBlogs Flowbit Set
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Possible WordPress xmlrpc.php wp.getUsersBlogs Flowbit Set"; flow:established,to_server; flowbits:set,ET.XMLRPC.PHP; flowbits:noalert; http.uri; content:"/xmlrpc.php"; nocase; fast_pattern; reference:url,isc.sans.edu/diary/+WordPress+brute+force+attack+via+wp.getUsersBlogs/18427; classtype:attempted-admin; sid:2018754; rev:5; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2014_07_23, deployment Datacenter, confidence Medium, signature_severity Major, tag Wordpress, updated_at 2020_09_24;)
Jul 23, 2014, 12:00 PM
Sep 24, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-scan.rules