Sonntag, 18. Oktober 2015

Ruleset-Update: 42000442 Wordpress XMLRPC possible Password Brute Forceand some more

just updated the doxi-rules with a rule to detect and block
wp-pw-brute-force via xmlrpc (which shoudl be blocked anyway)

credits goes to sucuri:
https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html


MainRule  "str:system.multicall" "msg:Wordpress XMLRPC possible
Password Brute Force" "mz:$URL:/xmlrpc.php|BODY" "s:$ATTACK:8"
id:42000442  ;

there has been a couple of rules added too, mostly JAVA.* - stuff to detect generic attacks against java-based app, inspired by the latest elasticsearch - exploits

Keine Kommentare:

Kommentar veröffentlichen