ET DELETED Compromised Wordpress Redirect

SID: 2014334Rev: 50 views
History
Sourceet/open
CreatedMarch 9, 2012
UpdatedSeptember 9, 2019
Classificationattempted-user
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Compromised Wordpress Redirect"; flow:established,to_server; content:"GET"; http_method; content:"/mm.php?d=1"; http_uri; content:".rr.nu"; http_header; pcre:"/Host\x3A\x20[^\r\n]*.rr.nu/H"; reference:url,community.websense.com/blogs/securitylabs/archive/2012/03/02/mass-injection-of-wordpress-sites.aspx; classtype:attempted-user; sid:2014334; rev:5; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2012_03_09, deployment Datacenter, signature_severity Major, tag Wordpress, updated_at 2019_09_09;)

References

urlcommunity.websense.com/blogs/securitylabs/archive/2012/03/02/mass-injection-of-wordpress-sites.aspx

Metadata

affected productWordpress_Plugins
attack targetWeb_Server
created at2012_03_09
deploymentDatacenter
signature severityMajor
tagWordpress
updated at2019_09_09

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!