ET SCAN Possible WordPress xmlrpc.php wp.getUsersBlogs Flowbit Set

SID: 2018754Rev: 57 views
History
Sourceet/open
CreatedJuly 23, 2014
UpdatedSeptember 24, 2020
Classificationattempted-admin
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Possible WordPress xmlrpc.php wp.getUsersBlogs Flowbit Set"; flow:established,to_server; flowbits:set,ET.XMLRPC.PHP; flowbits:noalert; http.uri; content:"/xmlrpc.php"; nocase; fast_pattern; reference:url,isc.sans.edu/diary/+WordPress+brute+force+attack+via+wp.getUsersBlogs/18427; classtype:attempted-admin; sid:2018754; rev:5; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2014_07_23, deployment Datacenter, confidence Medium, signature_severity Major, tag Wordpress, updated_at 2020_09_24;)

References

urlisc.sans.edu/diary/+WordPress+brute+force+attack+via+wp.getUsersBlogs/18427

Metadata

affected productWordpress_Plugins
attack targetWeb_Server
created at2014_07_23
deploymentDatacenter
confidenceMedium
signature severityMajor
tagWordpress
updated at2020_09_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!