WAF Rule ID 311221
Alert message: Atomicorp WAF Rules : XMLRPC - Ratelimiting calls/possible attack
Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp WAF Rules : XMLRPC - Ratelimiting calls/possible attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 377370
Alert message: Atomicorp.com WAF Rules - Login Detection: Multiple Wordpress Authentication Failures from the same IP.
Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)
Version: 3
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Login Detection: Multiple Wordpress Authentication Failures from the same IP.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 377366
Alert message: Atomicorp.com WAF Rules - Login Detection: Wordpress Authentication Failure
Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 4
HTTP Status: 200
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Login Detection: Wordpress Authentication Failure
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 377369
Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Authentication Failure
Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 5
HTTP Status: 200
Action: pass
Options: No active Response
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Authentication Failure
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 377365
Alert message: Atomicorp.com WAF Rules - Login Detection: Wordpress Admin Authentication Failure
Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 4
HTTP Status: 200
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Login Detection: Wordpress Admin Authentication Failure
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 311222
Alert message: Atomicorp.com WAF Rules - Login Detection: WordPress XMLRPC Failure
Rule Class: Generic Attack Ruleset (11_asl_brute_enhanced.conf)
Version:
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 4
HTTP Status: 200
Action: pass
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Login Detection: WordPress XMLRPC Failure
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.