alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Wordpress Login Bruteforcing Detected"; flow:to_server,established; content:"/wp-login.php"; nocase; fast_pattern; http_uri; content:"POST"; http_method; content:"log|3d|"; content:"pwd|3d|"; threshold: type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:2014020; rev:2;)

Added 2011-12-12 18:17:58 UTC


Topic revision: r1 - 2011-12-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats