aboutsummaryrefslogtreecommitdiffstats
path: root/rules/regexp/compromised_hosts.lua
diff options
context:
space:
mode:
Diffstat (limited to 'rules/regexp/compromised_hosts.lua')
-rw-r--r--rules/regexp/compromised_hosts.lua4
1 files changed, 1 insertions, 3 deletions
diff --git a/rules/regexp/compromised_hosts.lua b/rules/regexp/compromised_hosts.lua
index e5e6e6aec..3cf104d23 100644
--- a/rules/regexp/compromised_hosts.lua
+++ b/rules/regexp/compromised_hosts.lua
@@ -11,7 +11,7 @@ reconf['HAS_PHPMAILER_SIG'] = {
reconf['PHP_SCRIPT_ROOT'] = {
re = "X-PHP-Originating-Script=/^0:/Hi",
description = "PHP Script executed by root UID",
- score = 2.0,
+ score = 1.0,
group = "compromised_hosts"
}
@@ -99,14 +99,12 @@ reconf['HAS_WP_URI'] = {
reconf['WP_COMPROMISED'] = {
re = '/\\/wp-(?:content|includes)[^\\/]+\\//Ui',
description = "URL that is pointing to a compromised WordPress installation",
- score = 5.0,
group = "compromised_hosts"
}
reconf['PHP_XPS_PATTERN'] = {
re = 'X-PHP-Script=/^[^\\. ]+\\.[^\\.\\/ ]+\\/sendmail\\.php\\b/Hi',
description = "Message contains X-PHP-Script pattern",
- score = 5.0,
group = "compromised_hosts"
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-05 19:05:25 +0000