WAF 330205

From Atomicorp Wiki
Revision as of 14:06, 12 December 2013 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 330205
Status Active
Alert Message Atomicorp.com WAF Rules: Joomla Exploit Bot

Contents

Description

This rule detects a known malicious attack tool. If your system is getting alerts on this rule your system is being attacked. This is not a false positive.

The rule detects the "Bot for JCE" attack tool. This tool looks for vulnerable Joomla installations. It does this blindly, which means it just attacks the system and if a vulnerable Joomla install is detected on the system the system will be compromised, if this rule is disabled.

Troubleshooting

False Positives

None. This rule detects a known malicious attack tool. If your system is getting alerts on this rule your system is being attacked. This is not a false positive.

Tuning Guidance

None. Do not disable this rule.

Additional Information

Blog Articles

Detection and Tripwires

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Notes

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=WAF_330205&oldid=4321"
Personal tools