What would the thoughts on something like the following be?
uri LOC_WP
m{/((wp-content/plugins|wp-content/themes|wp-includes|modules/mod_wdbanners|includes/|google_recommends|mt-static|data/module).{0,64}(?!gif|jpg|png|bmp).{3})$}
This seems to match on the example posted, uses a negative match to not match
common image file types
Paul
On 05/09/14 16:26, Mike Grau wrote:
I'm also getting WP phishing urls that end in "/", like so:
... /wp-includes/logs/
spample plz?
http://pastebin.com/yBLqTrYP
--
Paul Stead
Systems Engineer
Zen Internet
