https://community.cisco.com/t5/network-security/ids-4-1-php-injection-alarms/m-p/501249#M100187 <P>After updating one of the signature files (ver. 198) last week, I have been receiving several alarms for PHP injection coming from my site and out to Google and other addresses. None are inbound as I am not running PHP on any of our servers and they have all been patched. I've followed up on the machines in question and found them to be needing an update to the latest windows patches. They have all had updated antivirus signatures. The last straw was when my machine was flagged and I am meticulous about applying patches and anti-spyware scanning. Is there anyone else running into this? Is it a false positive?</P><P></P><P>Regards,</P><P></P><P>Mark</P> Sun, 10 Mar 2019 09:44:27 GMT Loffhagen_Mark 2019-03-10T09:44:27Z https://community.cisco.com/t5/network-security/ids-4-1-php-injection-alarms/m-p/501249#M100187 <P>After updating one of the signature files (ver. 198) last week, I have been receiving several alarms for PHP injection coming from my site and out to Google and other addresses. None are inbound as I am not running PHP on any of our servers and they have all been patched. I've followed up on the machines in question and found them to be needing an update to the latest windows patches. They have all had updated antivirus signatures. The last straw was when my machine was flagged and I am meticulous about applying patches and anti-spyware scanning. Is there anyone else running into this? Is it a false positive?</P><P></P><P>Regards,</P><P></P><P>Mark</P> Sun, 10 Mar 2019 09:44:27 GMT https://community.cisco.com/t5/network-security/ids-4-1-php-injection-alarms/m-p/501249#M100187 Loffhagen_Mark 2019-03-10T09:44:27Z https://community.cisco.com/t5/network-security/ids-4-1-php-injection-alarms/m-p/501250#M100207 <HTML><HEAD></HEAD><BODY><P>We have identified a false positive with signature 5638; this will be corrected in an upcoming signature update. </P></BODY></HTML> Mon, 07 Nov 2005 19:01:08 GMT https://community.cisco.com/t5/network-security/ids-4-1-php-injection-alarms/m-p/501250#M100207 craiwill 2005-11-07T19:01:08Z https://community.cisco.com/t5/network-security/ids-4-1-php-injection-alarms/m-p/501251#M100225 <HTML><HEAD></HEAD><BODY><P>Many thanks for your fast reply. </P><P></P><P>Have a great day... Mark</P></BODY></HTML> Mon, 07 Nov 2005 20:52:52 GMT https://community.cisco.com/t5/network-security/ids-4-1-php-injection-alarms/m-p/501251#M100225 Loffhagen_Mark 2005-11-07T20:52:52Z