×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PHP Remote Code Execution attempts recently

Unanswered Question
Sep 11th, 2014
User Badges:

Hello experts,

I have hundreds of alerts related to PHP Remote Code Execution received from my IPS this week. My questions are:

1. Is there a active exploit / attack in the wild?

2. Though this is blocked "droppedPacket, deniedFlow, tcpOneWayResetSent", what is the chance of us getting at risk?

3. The attacks came from different IP address with 8 attempts each.? Is there a possibility that it came from a single source via IP spoofing?

4. What is the next recommended action?

 

Appreciate your reply.

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion