Freitag, 27. September 2013

Ruleset-Update: Wordpress-UA, probably Botnet-Attack?

[+] new sigs:
42000317 :: scanner.rules :: DN SCAN Wordpress-UA, probably Botnet-Attack



MainRule "str:wordpress/" "msg:DN SCAN Wordpress-UA, probably Botnet-Attack" "mz:$HEADERS_VAR:User-Agent" "s:$UWA:8" id:42000317 ;


refs:

http://thehackernews.com/2013/09/thousands-of-wordpress-blogs.html
http://pastebin.com/NP64hTQr


Mittwoch, 25. September 2013

Ruleset-Updates / more scanner-rules

[+] new sigs:
42000309 :: scanner.rules :: DN SCAN Misformed Proxy-Scan
42000310 :: scanner.rules :: DN SCAN Abnormal double http:// in HTTP header,
42000311 :: scanner.rules :: DN SCAN poss. malicious Scanner using Fake UA Apache/Synapse
42000312 :: scanner.rules :: DN SCAN Havij-SQL_scanner
42000313 :: scanner.rules :: DN SCAN Joomlas Administrator-Login-Attempt
42000314 :: scanner.rules :: DN SCAN Joomla highlight.php PHP Object Injection
42000315 :: scanner.rules :: DN SCAN Generic Joomla /plugins/system - Scan
42000316 :: scanner.rules :: DN SCAN WinHttpRequest - UA