Announcement

Collapse
No announcement yet.

77142193:IM360 WAF: Track spam in Joomla admin page after updating to Joomla 4.2.8

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • 77142193:IM360 WAF: Track spam in Joomla admin page after updating to Joomla 4.2.8

    Since installing the critical security Joomla 4.2.8 update on 17th February, We've been experiencing admin users being blocked and shown the reCaptcha screen. It appears to be random. Sometimes immediately after successful login. Other times it can be clicking on a link to edit an article. Other times you can login and work away without any problem.

    The rule being triggered is

    Imunify360 and Mod Security logs show "IM360 WAF: Track spam in Joomla admin page".
    CRITICAL 303
    77142193:IM360 WAF: Track spam in Joomla admin page || T:APACHE || MVN:REQUEST_HEADERS || MV:0
    # Track spam in Joomla admin page
    SecRule REQUEST_METHOD "@rx ^POST$" "id:77142193,chain,pass,t:none,severity:2,msg: 'IM3 60 WAF: Track spam in Joomla admin page||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATC HED_VAR}||',tag:'joomla_core'"
    SecRule REQUEST_FILENAME "@contains /administrator/index.php" "chain,t:none,t:urlDecodeUni,t:normalizePath"
    SecRule &REQUEST_HEADERS:Referer "@eq 0" "t:none"

    This is happening on multiple sites on different servers, with different hosting companies. I've checked Mod Security logs and the first entry was on 2023-02-17 17:23:48, which would have been shortly after installing the Joomla 4 updates.

    Hosting support have raised a support ticket with Imunify, but wondering if anyone else is experiencing the same problem.
Working...
X