Home page logo
/

snort logo Snort mailing list archives

Wordpress Login
From: James Lay <jlay () slave-tothe-box net>
Date: Thu, 18 Apr 2013 16:59:57 -0600

Seeing as there's so much WP excitement these days:

alert tcp $HOME_NET $HTTP_PORTS -> $EXTERNAL_NET any 
(msg:"SERVER-WEBAPP Wordpress Incorrect Login possible bruteforce"; 
content:"Error"; content:"Incorrect password"; depth:200; fast_pattern; 
reference:url,http://blog.spiderlabs.com/2013/04/defending-wordpress-logins-from-brute-force-attacks.html; 
classtype:trojan-activity; sid:10000047; rev:1;)

For those that host it...not sure if a threshold should be set.

James

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!


  By Date           By Thread  

Current thread:
  • Wordpress Login James Lay (Apr 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault