BASE64-encoded Injection Log Messages

  • Resolved roaming1

    (@roaming1)


    2 years, 9 months ago

    Let me start by saying this program is lightweight and excellent.

    I have been getting Ninja Firewall log messages like the following:

    “#5844841 CRITICAL – 74.249.245.33 POST /index.php – BASE64-encoded injection – [POST:lZXJyb3JfcmVwb3J0aW5nKDApOyBlY2hvIHBocF91bmF……..”

    Usually, I will get a RULE from the firewall that has been triggered included in the log message. These do not include a triggered rule. No rules have been changed/modified/deleted.

    Please forgive my lack of knowledge, but is it safe to assume if the message appears in the log (without a triggered rule) it has still been blocked by the firewall?

    • This topic was modified 2 years, 9 months ago by roaming1.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    2 years, 9 months ago

    That is the “Firewall Policies > Intermediate Policies > Decode Base64-encoded POST variable” policy. If there’s no rule number, it’s most likely a firewall policy.

    Unless stated otherwise (e.g. DEBUG_ON, INFO, sanitized user input), everything in the log has been blocked.

    Thread Starter roaming1

    (@roaming1)

    2 years, 9 months ago

    Excellent-thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘BASE64-encoded Injection Log Messages’ is closed to new replies.