Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PHP Remote Code Execution attempts recently

Hello experts,

I have hundreds of alerts related to PHP Remote Code Execution received from my IPS this week. My questions are:

1. Is there a active exploit / attack in the wild?

2. Though this is blocked "droppedPacket, deniedFlow, tcpOneWayResetSent", what is the chance of us getting at risk?

3. The attacks came from different IP address with 8 attempts each.? Is there a possibility that it came from a single source via IP spoofing?

4. What is the next recommended action?

 

Appreciate your reply.

 

85
Views
0
Helpful
0
Replies
CreatePlease to create content