https://wiki.atomicorp.com/wiki/index.php?title=WAF_397678&feed=atom&action=historyWAF 397678 - Revision history2024-03-29T15:35:03ZRevision history for this page on the wikiMediaWiki 1.20.2https://wiki.atomicorp.com/wiki/index.php?title=WAF_397678&diff=2628&oldid=prevMshinn at 18:32, 11 September 20122012-09-11T18:32:58Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:32, 11 September 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 9:</td>
<td colspan="2" class="diff-lineno">Line 9:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Alert Message'''   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Alert Message'''   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>Atomicorp.com WAF Rules - Virtual Just In Time Patch: <ins class="diffchange diffchange-inline">Access </ins>to <ins class="diffchange diffchange-inline">unauthenticated </ins>BackupBuddy backup <ins class="diffchange diffchange-inline">file. Not blocked</ins>.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Atomicorp.com WAF Rules - Virtual Just In Time Patch: <del class="diffchange diffchange-inline">Attempt </del>to <del class="diffchange diffchange-inline">access insecure </del>BackupBuddy backup <del class="diffchange diffchange-inline">- disable this rule if you want to allow insecure downloads of BackupBuddy backups</del>.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Description'''   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Description'''   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>This rule detects if someone attempts to access a Backbuddy backup.  Backupbuddy does not authenticate access requests to backups, and <del class="diffchange diffchange-inline">attacks </del>can access a backup by either guessing the backup files name, which uses a standard format, or accessing the backups directory (if the server is so configured to allow access).  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>This rule detects if someone attempts to access a Backbuddy backup.  Backupbuddy does not authenticate access requests to backups, and <ins class="diffchange diffchange-inline">attackers </ins>can access a backup by either guessing the backup files name, which uses a standard format, or accessing the backups directory (if the server is so configured to allow access)<ins class="diffchange diffchange-inline">. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">By default ASL does not block this action, it just alerts that it has occurred.  If you wish to block this activity log into ASL and configure rule 64277 for active response</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''False Positives'''</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''False Positives'''</div></td></tr>
</table>Mshinnhttps://wiki.atomicorp.com/wiki/index.php?title=WAF_397678&diff=2621&oldid=prevMshinn: Created page with "'''Rule ID''' 397678 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempt to access insecur..."2012-09-07T20:02:43Z<p>Created page with "'''Rule ID''' 397678 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempt to access insecur..."</p>
<p><b>New page</b></p><div>'''Rule ID''' <br />
<br />
397678<br />
<br />
'''Status'''<br />
<br />
Active rule currently published.<br />
<br />
'''Alert Message''' <br />
<br />
<br />
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempt to access insecure BackupBuddy backup - disable this rule if you want to allow insecure downloads of BackupBuddy backups.<br />
<br />
'''Description''' <br />
<br />
This rule detects if someone attempts to access a Backbuddy backup. Backupbuddy does not authenticate access requests to backups, and attacks can access a backup by either guessing the backup files name, which uses a standard format, or accessing the backups directory (if the server is so configured to allow access). <br />
<br />
'''False Positives'''<br />
<br />
This rule blocks users from using BackupBuddy in an insecure manner. If you wish to allow your users to do this, disable this rule.<br />
<br />
'''Tuning Guidance'''<br />
<br />
If you you believe this is a false positive, please submit it to our support team. The process for submitting false positives is documented on the [[Reporting False Positives]] page.<br />
<br />
'''Similar Rules'''<br />
<br />
[[WAF_397679]]<br />
<br />
'''Knowledge Base Articles'''<br />
<br />
None.<br />
<br />
'''Outside References'''<br />
<br />
None.</div>Mshinn