<HTML><HEAD></HEAD>
<BODY dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial'; COLOR: #000000">
<DIV>Dear All,</DIV>
<DIV> </DIV>
<DIV>I try to make a rule to drop any of access out of Singapore on wplogin.php,
and this is the rule:<BR></DIV>
<DIV>drop tcp <FONT face="Times New Roman"><SPAN class=crayon-sy><FONT
style="FONT-SIZE: 12pt">$</FONT></SPAN><FONT style="FONT-SIZE: 12pt"><SPAN
class=crayon-e>EXTERNAL_NET </SPAN></FONT></FONT>any -> any $HTTP_PORTS
(msg:"WORDPRESS Brute Force Login"; flow:to_server,established;content:"POST";
nocase; http_method; uricontent:"/wp-login.php"; nocase; geoip:src,!SG; sid:56;
rev:1;)</DIV>
<DIV> </DIV>
<DIV>But i have an error:</DIV>
<DIV> </DIV>
<DIV>[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet
specific matches (like dsize, flags, ttl) with stream / state matching by
matching on app layer proto (like using http_* keywords).</DIV>
<DIV> </DIV>
<DIV>What i’m doing wrong, please help and thank you so much</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV></DIV></DIV></BODY></HTML>