I have hundreds of alerts related to PHP Remote Code Execution received from my IPS this week. My questions are:
1. Is there a active exploit / attack in the wild?
2. Though this is blocked "droppedPacket, deniedFlow, tcpOneWayResetSent", what is the chance of us getting at risk?
3. The attacks came from different IP address with 8 attempts each.? Is there a possibility that it came from a single source via IP spoofing?
4. What is the next recommended action?
Appreciate your reply.