after 3 years of peace with WAF I have a malicious malware
FILE HIT LIST:
{HEX}php.base64.v23au.186 : /public_html/profiles/favicon_24c0ce.ico
drupal 7.34 / cpanel with comodo waf
after 3 years of peace with WAF I have a malicious malware
FILE HIT LIST:
{HEX}php.base64.v23au.186 : /public_html/profiles/favicon_24c0ce.ico
drupal 7.34 / cpanel with comodo waf
Any sugestion with waf configuration. ?
Looks like waf don’t detect this atack.
Hi jarecki74.
You cna try to use:
as part of:
where our specialists will clean your site from malware.
Strongly recommende to change all your credentials to exclude their leakage and reason of reinfection. Also possible that infection was not from web but by ftp or any other sources.
Files with extesios “.ico” usually whitelisted by firewalls to aviod false positives, so without collecting of logs we can’t determine attack vector. You can change “SecAuditEngine” settings of your firewall to “on” to log every request to analyze and catch reinfection (if it was from the web).
Regards.
Hi,
Drupal versions 6,7 and 8 can be exploided if you are not running the lastest version.
See: Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002 | Drupal.org
Drupal released version 7.58
https://www.drupal.org/project/drupal/releases/7.58
Maybe Comodo can include the following rule to fight the exploit: