Difference between revisions of "WAF 330205"
From Atomicorp Wiki
(Created page with "{{Infobox |header1 = Rule 330205 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Atomicorp.com WAF Rules: Joomla Exploit Bot }} = Description = This rule ...") |
Revision as of 13:06, 12 December 2013
Rule 330205 | |
---|---|
Status | Active |
Alert Message | Atomicorp.com WAF Rules: Joomla Exploit Bot |
Contents |
Description
This rule detects a known malicious attack tool. If your system is getting alerts on this rule your system is being attacked. This is not a false positive.
The rule detects the "Bot for JCE" attack tool. This tool looks for vulnerable Joomla installations. It does this blindly, which means it just attacks the system and if a vulnerable Joomla install is detected on the system the system will be compromised, if this rule is disabled.
Troubleshooting
False Positives
None. This rule detects a known malicious attack tool. If your system is getting alerts on this rule your system is being attacked. This is not a false positive.
Tuning Guidance
None. Do not disable this rule.
Additional Information
Blog Articles
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.