1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Suspicious PHP URI location

Web Attack: Suspicious PHP URI location

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects PHP Brobot Activity in the system which can lead to compromised networks, file execution and data leakage of confidential information.

Additional Information

PHP Brobot is a php script that is usually uploaded to compromised webservers to allow more access to systems. When used, the malware author can then view directories, execute files in the system and potentially get confidential information from systems.


  • PHP servers
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube