alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT DRIVEBY Redirection - Wordpress Injection"; flow:established,to_client; file_data; content:"15,15,155,152,44,54"; classtype:trojan-activity; sid:2017124; rev:2; metadata:affected_product Any, affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2013_07_09, deployment Perimeter, deployment Datacenter, signature_severity Major, tag DriveBy, tag Wordpress, updated_at 2019_07_26;)