Rule History

SID: 2019804 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 4 • Nov 25, 2014, 12:00 PM

Message:

ET WEB_SERVER PHP.//Input in HTTP POST

Rule:

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER PHP.//Input in HTTP POST"; flow:established,to_server; http.method; content:"POST"; http.uri.raw; content:"php|3a 2f 2f|input"; fast_pattern; http.request_body; content:"<?"; depth:2; reference:url,www.deependresearch.org/2014/07/another-linux-ddos-bot-via-cve-2012-1823.html; classtype:trojan-activity; sid:2019804; rev:4; metadata:created_at 2014_11_25, signature_severity Major, updated_at 2020_05_13;)

Created:

Nov 25, 2014, 12:00 PM

Updated:

May 13, 2020, 12:00 PM

DB Created:

Nov 25, 2014, 12:00 PM

DB Updated:

Sep 10, 2024, 1:01 PM

Filename:

rules/emerging-web_server.rules