Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
386
Views
0
Helpful
2
Replies

IDS 4.1 PHP injection alarms

Loffhagen_Mark
Level 1
Level 1

‎11-07-2005 08:49 AM - edited ‎03-10-2019 01:44 AM

After updating one of the signature files (ver. 198) last week, I have been receiving several alarms for PHP injection coming from my site and out to Google and other addresses. None are inbound as I am not running PHP on any of our servers and they have all been patched. I've followed up on the machines in question and found them to be needing an update to the latest windows patches. They have all had updated antivirus signatures. The last straw was when my machine was flagged and I am meticulous about applying patches and anti-spyware scanning. Is there anyone else running into this? Is it a false positive?

Regards,

Mark

Labels:
0 Helpful
2 Replies 2

craiwill
Cisco Employee
Cisco Employee

‎11-07-2005 11:01 AM

We have identified a false positive with signature 5638; this will be corrected in an upcoming signature update.

0 Helpful

Loffhagen_Mark
Level 1
Level 1
In response to craiwill

‎11-07-2005 12:52 PM

Many thanks for your fast reply.

Have a great day... Mark

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card