[Oisf-users] Wordpress Brute Force Rules

Mesra.net CEO admin at mesra.my
Wed Aug 2 16:35:38 UTC 2017

Dear All,

I try to make a rule to drop any of access out of Singapore on wplogin.php, and this is the rule:

drop tcp $EXTERNAL_NET any -> any $HTTP_PORTS (msg:"WORDPRESS Brute Force Login"; flow:to_server,established;content:"POST"; nocase; http_method; uricontent:"/wp-login.php"; nocase; geoip:src,!SG; sid:56; rev:1;)

But i have an error:

[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).

What i’m doing wrong, please help and thank you so much

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170803/e9c94286/attachment.html>

More information about the Oisf-users mailing list