Versions (2)
Version DetailsCurrent
Rev: 5 • Jul 23, 2014, 12:00 PMET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response
alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response"; flow:established,from_server; flowbits:isset,ET.XMLRPC.PHP; file_data; content:"<name>faultCode</name>"; content:"<int>403</int>"; content:"<string>Incorrect username or password.</string>"; threshold:type both, track by_src, count 5, seconds 120; reference:url,isc.sans.edu/diary/+WordPress+brute+force+attack+via+wp.getUsersBlogs/18427; classtype:attempted-admin; sid:2018755; rev:5; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2014_07_23, deployment Datacenter, confidence Medium, signature_severity Major, tag Wordpress, updated_at 2019_07_26;)
Jul 23, 2014, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-scan.rules