alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET DOS Possible WordPress Pingback DDoS in Progress (Inbound)"; flow:established,to_server; threshold:type both, track by_src, count 5, seconds 90; http.uri; content:"/xmlrpc.php"; nocase; http.request_body; content:"pingback.ping"; nocase; fast_pattern; classtype:attempted-dos; sid:2018277; rev:4; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2014_03_14, deployment Datacenter, confidence Medium, signature_severity Major, tag Wordpress, updated_at 2020_05_14;)