Re: Wordpress-attack

["Joel Esler (jesler)" <jesler () cisco com>]

It would help us immensely if you were able to provide an example of what the attack looked like?  A packet capture?

--
Joel Esler
Manager, Talos Group




On Feb 20, 2016, at 10:42 AM, ARUN LAL <arunlal7701 () gmail com<mailto:arunlal7701 () gmail com>> wrote:

Hi All,

Currently we have seen some Word press and PHP injection to our domain via snorby(Snort) Our server currenlt have snort 
and ossec. Could you please suggest some snort rule that blocks IP automatically when this type of event happens.

Thanks in Advance :)

Regards
Arunlal

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!