ET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response

SID: 2018755Rev: 511 views
History
Sourceet/open
CreatedJuly 23, 2014
UpdatedJuly 26, 2019
Classificationattempted-admin
alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response"; flow:established,from_server; flowbits:isset,ET.XMLRPC.PHP; file_data; content:"<name>faultCode</name>"; content:"<int>403</int>"; content:"<string>Incorrect username or password.</string>"; threshold:type both, track by_src, count 5, seconds 120; reference:url,isc.sans.edu/diary/+WordPress+brute+force+attack+via+wp.getUsersBlogs/18427; classtype:attempted-admin; sid:2018755; rev:5; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2014_07_23, deployment Datacenter, confidence Medium, signature_severity Major, tag Wordpress, updated_at 2019_07_26;)

References

urlisc.sans.edu/diary/+WordPress+brute+force+attack+via+wp.getUsersBlogs/18427

Metadata

affected productWordpress_Plugins
attack targetWeb_Server
created at2014_07_23
deploymentDatacenter
confidenceMedium
signature severityMajor
tagWordpress
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!