Ruleset-Update: 42000442 Wordpress XMLRPC possible Password Brute Forceand some more
14 views
Skip to first unread message
mex
Oct 19, 2015, 2:10:27 AM10/19/15
to naxsi-discuss
hi everyone,
just updated the doxi-rules with a rule to detect and block
wp-pw-brute-force via xmlrpc (which shoudl be blocked anyway)
credits goes to sucuri:
https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html
MainRule "str:system.multicall" "msg:Wordpress XMLRPC possible
Password Brute Force" "mz:$URL:/xmlrpc.php|BODY" "s:$ATTACK:8"
id:42000442 ;
there has been a couplke of rules added too, mostly JAVA.* - stuff to detect
generic attacks against java-based app, inspired by the latest
elasticsearch - exploits
cheers,
mex
just updated the doxi-rules with a rule to detect and block
wp-pw-brute-force via xmlrpc (which shoudl be blocked anyway)
credits goes to sucuri:
https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html
MainRule "str:system.multicall" "msg:Wordpress XMLRPC possible
Password Brute Force" "mz:$URL:/xmlrpc.php|BODY" "s:$ATTACK:8"
id:42000442 ;
there has been a couplke of rules added too, mostly JAVA.* - stuff to detect
generic attacks against java-based app, inspired by the latest
elasticsearch - exploits
cheers,
mex
bui
Oct 21, 2015, 2:47:12 AM10/21/15
to naxsi-discuss
Hey Mex!
Thanks,
--
You received this message because you are subscribed to the Google Groups "naxsi-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to naxsi-discus...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages