Is this something that can be turned into a rule

Customer support forums for the modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the real time modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
pcshost
New Forum User
New Forum User
Posts: 1
Joined: Fri Nov 14, 2014 3:23 pm
Location: Right Here

Is this something that can be turned into a rule

Unread post by pcshost »

I've seen 3 or 4 of these this week in my logs and it looks like it puts a "you've been hacked" file in the images folder in a Joomla site. Is this something that can be put into a rule to be blocked from POST ?

Modsecurity: 197.6.154.97
IP Address: -
Domain Name: -0400]
Error Code: "POST
Date / Time: /index.php?option=com_media&task=file.upload&tmpl=component&cf5d620812e81fabdcda4a1915e5160d=30b24580d8b9500a719561542099e8e8&8bbe86555b8b52889623e02b1cdb22a8=1&asset=com_content&author=&view=images&folder=
File : 303
File Path : -
Rule ID : NT
Thread Id : 6.1)
process ID: AppleWebKit/537.36
Column18 : like
Column 19 : Gecko)
Column 20 : Chrome/41.0.2272.89
Column 21 : Safari/537.36"
Post Reply