Donnerstag, 28. Februar 2013

ruleset updates

[+] new sigs:
42000249 :: scanner.rules :: DN SCAN Webserver-Scanner DataCha0s
42000259 :: web_server.rules :: DN WEB_SERVER gzinflate in URI
42000258 :: scanner.rules :: DN SCAN Brutus - Scanner
42000253 :: web_server.rules :: DN WEB_SERVER possible INC - File - Access
42000252 :: web_server.rules :: DN WEB_SERVER possible CONF-File - Access
42000251 :: scanner.rules :: DN SCAN SQL-Injection-Scanner NV32ts
42000250 :: app_server.rules :: DN APP_SERVER JBOSS/JMX REMOTE WAR deployment attempt
42000257 :: web_server.rules :: DN WEB_SERVER /bin/sh in URI
42000256 :: scanner.rules :: DN SCAN Sumthin Scan
42000255 :: scanner.rules :: DN SCAN PHP Scan Precursor
42000254 :: web_server.rules :: DN WEB_SERVER possible INI - File - Access
42000260 :: malware.rules :: DN MALWARE possible FaTaLisTiCz_Fx - Access detected

Montag, 18. Februar 2013

ruleset - updates (PHPShell, UA-Injection)

[+] new sigs:
42000245 :: web_server.rules :: DN WEB_SERVER PHPShell - Access detected
42000246 :: web_server.rules :: DN WEB_SERVER UA-PHP-Injection
42000247 :: web_server.rules :: DN WEB_SERVER UA-PHP-Eval - Injection
42000248 :: web_server.rules :: DN WEB_SERVER UA-Base64_Decode-Injection


Freitag, 8. Februar 2013

doxi-tools in action


naxsi works like charme :)







ruleset - updates


[+] new sigs:
42000240 :: scanner.rules :: DN SCAN AB - ApacheBenchmark-Tool detected
42000241 :: scanner.rules :: DN SCAN MysqlDumper - Scanner
42000242 :: scanner.rules :: DN SCAN PHPPgAdmin - Scanner
42000243 :: scanner.rules :: DN SCAN PHPMyAdmin - Scanner
42000244 :: scanner.rules :: DN SCAN PHPMyAdmin - Scanner (2)


have pun!