Is this something that can be turned into a rule
Posted: Thu Mar 26, 2015 9:02 pm
I've seen 3 or 4 of these this week in my logs and it looks like it puts a "you've been hacked" file in the images folder in a Joomla site. Is this something that can be put into a rule to be blocked from POST ?
Modsecurity: 197.6.154.97
IP Address: -
Domain Name: -0400]
Error Code: "POST
Date / Time: /index.php?option=com_media&task=file.upload&tmpl=component&cf5d620812e81fabdcda4a1915e5160d=30b24580d8b9500a719561542099e8e8&8bbe86555b8b52889623e02b1cdb22a8=1&asset=com_content&author=&view=images&folder=
File : 303
File Path : -
Rule ID : NT
Thread Id : 6.1)
process ID: AppleWebKit/537.36
Column18 : like
Column 19 : Gecko)
Column 20 : Chrome/41.0.2272.89
Column 21 : Safari/537.36"
Modsecurity: 197.6.154.97
IP Address: -
Domain Name: -0400]
Error Code: "POST
Date / Time: /index.php?option=com_media&task=file.upload&tmpl=component&cf5d620812e81fabdcda4a1915e5160d=30b24580d8b9500a719561542099e8e8&8bbe86555b8b52889623e02b1cdb22a8=1&asset=com_content&author=&view=images&folder=
File : 303
File Path : -
Rule ID : NT
Thread Id : 6.1)
process ID: AppleWebKit/537.36
Column18 : like
Column 19 : Gecko)
Column 20 : Chrome/41.0.2272.89
Column 21 : Safari/537.36"