Spam-Links in Joomla-Content, blocked by 337106?
Posted: Fri Jan 22, 2016 4:12 am
Hello,
This week we discovered some spam-links injected into content of old Joomla-Installations (2.5.28).
In the apache-logs I found several requests with JDatabasedriverMysqli in them that started to get blocked around mid december 2015 by rule 337106. Before that the requests seem to have gotten through.
I was not able to definitely pinpoint the intrusions to these requests, but have a suspicion (or maybe rather a big hope) that they were, in fact, the ones. I can also not determine the exact time of the intrusion.
Is there a changelog for the rules as to when they were updated/added and why? Was this rule added/updated for these cases?
Has someone else had similar experience that inserting spam-links (mostly pharma-stuff) into content (article with id=1) was performed with such requests that are now blocked?
I must say, ASL is truly a life-saver and responsible for quite a bit of my inner peace. Thank you!
Kind regards -Stephan
This week we discovered some spam-links injected into content of old Joomla-Installations (2.5.28).
In the apache-logs I found several requests with JDatabasedriverMysqli in them that started to get blocked around mid december 2015 by rule 337106. Before that the requests seem to have gotten through.
I was not able to definitely pinpoint the intrusions to these requests, but have a suspicion (or maybe rather a big hope) that they were, in fact, the ones. I can also not determine the exact time of the intrusion.
Is there a changelog for the rules as to when they were updated/added and why? Was this rule added/updated for these cases?
Has someone else had similar experience that inserting spam-links (mostly pharma-stuff) into content (article with id=1) was performed with such requests that are now blocked?
I must say, ASL is truly a life-saver and responsible for quite a bit of my inner peace. Thank you!
Kind regards -Stephan