ET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response

7.0.35.0SID: 2018755Rev: 6Enabled11 views
Sourceet/open
Fileemerging-scan.rules
CreatedJuly 23, 2014
UpdatedMarch 13, 2024
Classificationattempted-admin
alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response"; flow:established,to_client; flowbits:isset,ET.XMLRPC.PHP; file.data; content:"<name>faultCode</name>"; content:"<int>403</int>"; content:"<string>Incorrect username or password.</string>"; threshold:type both, track by_src, count 5, seconds 120; reference:url,isc.sans.edu/diary/+WordPress+brute+force+attack+via+wp.getUsersBlogs/18427; classtype:attempted-admin; sid:2018755; rev:6; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2014_07_23, deployment Datacenter, confidence Medium, signature_severity Major, tag Wordpress, updated_at 2024_03_13;)

Metadata

affected productWordpress_Plugins
attack targetWeb_Server
created at2014_07_23
deploymentDatacenter
confidenceMedium
signature severityMajor
tagWordpress
updated at2024_03_13

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!