Spam-Links in Joomla-Content, blocked by 337106?

Customer support forums for the modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the real time modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
stephan-zrh
Forum User
Forum User
Posts: 71
Joined: Mon May 07, 2012 9:37 am
Location: Zurich

Spam-Links in Joomla-Content, blocked by 337106?

Unread post by stephan-zrh »

Hello,

This week we discovered some spam-links injected into content of old Joomla-Installations (2.5.28).

In the apache-logs I found several requests with JDatabasedriverMysqli in them that started to get blocked around mid december 2015 by rule 337106. Before that the requests seem to have gotten through.

I was not able to definitely pinpoint the intrusions to these requests, but have a suspicion (or maybe rather a big hope) that they were, in fact, the ones. I can also not determine the exact time of the intrusion.

Is there a changelog for the rules as to when they were updated/added and why? Was this rule added/updated for these cases?

Has someone else had similar experience that inserting spam-links (mostly pharma-stuff) into content (article with id=1) was performed with such requests that are now blocked?

I must say, ASL is truly a life-saver and responsible for quite a bit of my inner peace. Thank you!

Kind regards -Stephan
Post Reply