Tag: snort
Linux Malware Detectection
by Ryan M. on Oct.19, 2009, under Development Blog, My Blog
I have the last few weeks been working on a new project for malware detection on Linux web servers, it is already at a pre-release version in use at work and it has shown phenomenal promise.
Right to it, some background… On a daily basis the network I manage receives a large number of attacks, [...]
Snorting the Web Farm
by Ryan M. on Jun.10, 2009, under My Blog
Here are some rules for you snort freaks to chew on that I have found useful in web heavy environments.
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE x2300 phpshell detected”; content:”Locus7Shell”; nocase; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300010; rev:1;)
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE RFI Scanner detected”; content:”RFI Scanner”; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300020; [...]