[Emerging-Sigs] Possible WordpressPingbackPortScanner detected

Will Metcalf william.metcalf at gmail.com
Tue Dec 18 05:55:38 HAST 2012


Sweet! Will get it into QA today.

Regards,

Will

On Tue, Dec 18, 2012 at 6:41 AM, mex <mail at mare-system.de> wrote:
> alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB_APPS Possible
> WordpressPingbackPortScanner detected "; flow:established,to_server;
> content:"POST"; depth:4; nocase; uricontent:"/xmlrpc.php";
> content:"pingback.ping"; http_client_body; nocase; threshold: type limit,
> track by_src, seconds 60, count 5; classtype:web-application-attack;
> reference:url,seclists.org/bugtraq/2012/Dec/101;
> reference:url,github.com/FireFart/WordpressPingbackPortScanner/;
> reference:url,www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/;
> sid:XXXXX; rev:2;)


More information about the Emerging-sigs mailing list