[Oisf-users] Wordpress Brute Force Rules
Mesra.net CEO
admin at mesra.my
Wed Aug 2 16:35:38 UTC 2017
Dear All,
I try to make a rule to drop any of access out of Singapore on wplogin.php, and this is the rule:
drop tcp $EXTERNAL_NET any -> any $HTTP_PORTS (msg:"WORDPRESS Brute Force Login"; flow:to_server,established;content:"POST"; nocase; http_method; uricontent:"/wp-login.php"; nocase; geoip:src,!SG; sid:56; rev:1;)
But i have an error:
[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
What i’m doing wrong, please help and thank you so much
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170803/e9c94286/attachment.html>
More information about the Oisf-users
mailing list