# WAF Rule ID 377360  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 5 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377390  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login with no user-agent or referrer, Bot attempting Wordpress Login 

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 3 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login with no user-agent or referrer, Bot attempting Wordpress Login

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377391  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login with empty user-agent and referrer, possible bot 

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 4 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Wordpress Login with empty user-agent and referrer, possible bot

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377609  

***  

**Alert message:** Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 4 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377619  

***  

**Alert message:** Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377368  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Multiple Wordpress Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Multiple Wordpress Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377367  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Multiple Wordpress Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Multiple Wordpress Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 378410  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: WHMCS login failure 

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: WHMCS login failure

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377410  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Recaptcha invalid code 

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Recaptcha invalid code

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377300  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: VBulletin Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: VBulletin Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377301  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: PHPBB Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: PHPBB Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377302  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Wikimedia Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Wikimedia Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377303  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Sugarcrm Administration system Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Sugarcrm Administration system Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377304  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Joomla Administration Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 5 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Joomla Administration Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377305  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377605  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377679  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377689  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377625  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 3 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377626  

***  

**Alert message:** Atomicorp.com WAF Rules: Potential WordPress Method Probe Detected  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 3 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: Potential WordPress Method Probe Detected 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377306  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Wordpress invalid username failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Wordpress invalid username failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377308  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Drupal invalid username or password failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Drupal invalid username or password failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377309  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Typo3 invalid username or password failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Typo3 invalid username or password failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377310  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: MODX invalid username failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: MODX invalid username failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377311  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: MODX password login failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: MODX password login failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377312  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Moodle login failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Moodle login failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377313  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Plesk login failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Plesk login failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377314  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Oscommerce customer login failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Oscommerce customer login failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377315  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Oscommerce admin login failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Oscommerce admin login failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377323  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: ZenCart customer login failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: ZenCart customer login failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377316  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: ZenCart admin login failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: ZenCart admin login failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377317  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Dokuwiki login failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Dokuwiki login failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377319  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Magento admin login failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Magento admin login failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377320  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (invalid password) 

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (invalid password)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377321  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (invalid email) 

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (invalid email)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377322  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (blank password) 

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Prestashop login failure (blank password)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377326  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: PHPBB Login Attempt Failure - Incorrect Username  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: PHPBB Login Attempt Failure - Incorrect Username 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377307  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: ASL GUI invalid username or password failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 3 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: ASL GUI invalid username or password failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377363  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Failure Detection: Cpanel WHM Login Attempt Failure  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 5 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Failure Detection: Cpanel WHM Login Attempt Failure 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 377364  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Detection: Cpanel WHM root Login succeeded  

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 5 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Detection: Cpanel WHM root Login succeeded 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 307367  

***  

**Alert message:** Atomicorp.com WAF Rules - Login Brute Force: Wordpress Authentication Probes detected . 

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:**  

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Login Brute Force: Wordpress Authentication Probes detected .

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 317368  

***  

**Alert message:** Atomicorp.com WAF Rules: WHMCS brute force probe blocked. 

**Rule Class:** Generic Attack Ruleset (12_asl_brute.conf)

**Version:**  

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WHMCS brute force probe blocked.

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

