Skip to content

Commit

Permalink
[Minor] Improve HACKED_WP_PHISHING coverage
Browse files Browse the repository at this point in the history
  • Loading branch information
@twesterhever
twesterhever committed Jun 2, 2023
1 parent eb001dc commit 6a9bb36
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion conf/composites.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ composites {
policy = "remove_weight";
}
HACKED_WP_PHISHING {
expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | DBL_PHISH | PHISHED_OPENPHISH | PHISHED_PHISHTANK)";
expression = "(HAS_X_POS | HAS_PHPMAILER_SIG) & HAS_WP_URI & (PHISHING | CRACKED_SURBL | PH_SURBL_MULTI | DBL_PHISH | DBL_ABUSE_PHISH | URIBL_BLACK | PHISHED_OPENPHISH | PHISHED_PHISHTANK)";
description = "Phish message sent by hacked Wordpress instance";
policy = "leave";
}
Expand Down
4 changes: 2 additions & 2 deletions conf/scores.d/phishing_group.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ symbols = {
}
HACKED_WP_PHISHING {
weight = 4.5;
description = "Phishing message from hacked wordpress";
description = "Phish message sent by hacked Wordpress instance";
}
REDIRECTOR_FALSE {
weight = 0.0;
Expand All @@ -50,4 +50,4 @@ symbols = {
weight = 0.0;
description = "Phishing exclusion symbol for known exceptions";
}
}
}

0 comments on commit 6a9bb36

Please sign in to comment.