WAF 360009

From Atomicorp Wiki
Revision as of 18:39, 4 May 2010 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID

360009

Alert Message

Atomicorp.com Malware Blacklist: Malware domain detected in webserver output - this is a CRITICAL security issue. This means your system may be serving up malware.

Description

This rules detects that your system is displaying a URL with a known malware site. This can happen if your system is in fact serving up malware, or if you have some kind of trusted application that is displaying known malware sites (but is not in fact serving up malware).

Serving up malware can comprise your users systems and can (and probably will) get your domain added to other malware blacklists, such as the google blacklist. If this alert is occuring on your system your site may have been compromised. This is a critical alert and should be investigated before disabling this rule. ASL is protecting your users from possible compromise by your site.

False Positives

A false positive can occur if the domain is not actually serving up malware (the domain may have been infected and no longer is) or if the webpage is simply displaying the URL but is not serving up malware. If you believe this is a false positive, it is recommended that you report this to our security team to determine if this is a legitimate case, or if its clever attack on your system.

If you do disable this rule, we recommend you enable the [ASL real time redactor] which can safely remove some malicious iframes and javascri[t code from your web pages without blocking access to the web page.

We do not recommend you not disable this rule without the [ASL real time redactor] enabled until our security team has reviewed the attack. Instructions to report false positives are detailed on the Reporting False Positives wiki page.

Similar Rules


Outside References

Personal tools