WAF Rule ID 377360


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 5

HTTP Status:

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377390


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login with no user-agent or referrer, Bot attempting Wordpress Login

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 3

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • lowercase

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login with no user-agent or referrer, Bot attempting Wordpress Login

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377391


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login with empty user-agent and referrer, possible bot

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 4

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • lowercase

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login with empty user-agent and referrer, possible bot

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377609


Alert message: Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 4

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377619


Alert message: Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377368


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Multiple Wordpress Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Multiple Wordpress Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377367


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Multiple Wordpress Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Multiple Wordpress Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 378410


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: WHMCS login failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: WHMCS login failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377410


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Recaptcha invalid code

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Recaptcha invalid code

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377300


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: VBulletin Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: VBulletin Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377301


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: PHPBB Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: PHPBB Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377302


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Wikimedia Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Wikimedia Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377303


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Sugarcrm Administration system Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Sugarcrm Administration system Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377304


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Joomla Administration Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 5

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Joomla Administration Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377305


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377605


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377679


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377689


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377625


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 3

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377626


Alert message: Atomicorp.com WAF Rules: Potential WordPress Method Probe Detected

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 3

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Potential WordPress Method Probe Detected

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377306


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Wordpress invalid username failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Wordpress invalid username failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377308


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Drupal invalid username or password failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Drupal invalid username or password failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377309


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Typo3 invalid username or password failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Typo3 invalid username or password failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377310


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: MODX invalid username failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: MODX invalid username failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377311


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: MODX password login failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: MODX password login failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377312


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Moodle login failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Moodle login failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377313


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Plesk login failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Plesk login failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377314


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Oscommerce customer login failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Oscommerce customer login failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377315


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Oscommerce admin login failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Oscommerce admin login failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377323


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: ZenCart customer login failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: ZenCart customer login failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377316


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: ZenCart admin login failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: ZenCart admin login failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377317


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Dokuwiki login failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Dokuwiki login failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377319


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Magento admin login failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Magento admin login failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377320


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (invalid password)

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (invalid password)

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377321


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (invalid email)

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (invalid email)

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377322


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (blank password)

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (blank password)

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377326


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: PHPBB Login Attempt Failure - Incorrect Username

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: PHPBB Login Attempt Failure - Incorrect Username

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377307


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: ASL GUI invalid username or password failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 3

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 4

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: ASL GUI invalid username or password failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377363


Alert message: Atomicorp.com WAF Rules - Login Failure Detection: Cpanel WHM Login Attempt Failure

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 5

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Failure Detection: Cpanel WHM Login Attempt Failure

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 377364


Alert message: Atomicorp.com WAF Rules - Login Detection: Cpanel WHM root Login succeeded

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 5

HTTP Status: 403

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Detection: Cpanel WHM root Login succeeded

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 307367


Alert message: Atomicorp.com WAF Rules - Login Brute Force: Wordpress Authentication Probes detected .

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version:

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • lowercase

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules - Login Brute Force: Wordpress Authentication Probes detected .

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 317368


Alert message: Atomicorp.com WAF Rules: WHMCS brute force probe blocked.

Rule Class: Generic Attack Ruleset (12_asl_brute.conf)

Version:

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • lowercase

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: WHMCS brute force probe blocked.

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.