/etc/snort/rules/community-deleted.rules is in snort-rules-default 2.9.7.0-5.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 | # Copyright 2006 Sourcefire, Inc. All Rights Reserved. # These rules are licensed under the GNU General Public License.
# Please see the file LICENSE in this directory for more details.
# $Id: community-deleted.rules,v 1.3 2006/12/05 20:32:48 akirk Exp $
#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY DELETED PhpWebGallery XSS attempt"; content:"GET"; nocase; depth:3; uricontent:"comments.php"; nocase; uricontent:"keyword="; nocase; classtype:web-application-attack; sid:100000819; rev:2;)
#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY DELETED PhpWebGallery XSS attempt"; content:"GET"; nocase; depth:3; uricontent:"comments"; nocase; uricontent:"|2E|php"; nocase; uricontent:"|3F|keyword"; nocase; reference:bugtraq,18798; classtype:web-application-attack; sid:100000848; rev:2;)
#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY DELETED phpNuke admin_ug_auth.php remote file include"; flow:to_server,established; uricontent:"/modules/Forums/admin/admin_ug_auth.php"; nocase; uricontent:"phpbb_root_path="; nocase; pcre:"/phpbb_root_path=(https?|ftp)/Ui"; reference:bugtraq,18186; classtype:web-application-attack; sid:100000381; rev:3;)
|