[Emerging-Sigs] Nginx
Reg Quinton
reggers at ist.uwaterloo.ca
Wed Mar 26 13:18:11 EST 2008
> There's been some discussion f late about the incredibly high
> percentage
> of nginx instances that serve malware. Storm and the RBN like to use it
> quite often.
>
> But it's not 100% hostile. (I'd guess 90%)
>
> I'd like to put a rule up for it, just put it in th epolicy section and
> call it suspicious. Anyone have a better idea?
It's not 100% hostile, but close enough. When it alarms in concert with
other things it's a very good indication that there's a serious issue.
I'd like an alarm that I could use if I wanted to, go for it.
More information about the Emerging-sigs
mailing list