WAF Rule ID 311221


Alert message: Atomicorp WAF Rules : XMLRPC - Ratelimiting calls/possible attack

Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp WAF Rules : XMLRPC - Ratelimiting calls/possible attack

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377370


Alert message: Atomicorp.com WAF Rules - Login Detection: Multiple Wordpress Authentication Failures from the same IP.

Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)

Version: 3

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Detection: Multiple Wordpress Authentication Failures from the same IP.

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377366


Alert message: Atomicorp.com WAF Rules - Login Detection: Wordpress Authentication Failure

Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 200

Action: deny

Transforms:

  • lowercase

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Detection: Wordpress Authentication Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377369


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Authentication Failure

Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 5

HTTP Status: 200

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Authentication Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377365


Alert message: Atomicorp.com WAF Rules - Login Detection: Wordpress Admin Authentication Failure

Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 200

Action: deny

Transforms:

  • lowercase

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Detection: Wordpress Admin Authentication Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 311222


Alert message: Atomicorp.com WAF Rules - Login Detection: WordPress XMLRPC Failure

Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)

Version:

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 200

Action: pass

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Detection: WordPress XMLRPC Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.