[Emerging-Sigs] Nginx
Matt Jonkman
jonkman at jonkmans.com
Fri Mar 28 12:51:16 EST 2008
I modified these some. Disabled the original by default, it was falsing
too often. Added two more which just went across the update list to
catch modified version strings.
Best I think we can do for now...
Matt
Matt Jonkman wrote:
> There's been some discussion f late about the incredibly high percentage
> of nginx instances that serve malware. Storm and the RBN like to use it
> quite often.
>
> But it's not 100% hostile. (I'd guess 90%)
>
> I'd like to put a rule up for it, just put it in th epolicy section and
> call it suspicious. Anyone have a better idea?
>
> matt
>
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Emerging-sigs
mailing list