Search found 14 matches
- Mon Jan 19, 2015 10:53 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Testing WAF Redirect
- Replies: 16
- Views: 15530
Re: Testing WAF Redirect
I am trying to set a remote domain for my block page so that if users are blocked for something they get redirected to another domain name on a server outside my hosting network and I grab all the variables over there. However, in ASL 4.0, if I try and put the following format into the field for WAF...
- Fri Nov 21, 2014 12:13 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: redirect users when they are blocked
- Replies: 1
- Views: 4266
redirect users when they are blocked
When someone triggers a rule or gets blocked I want to redirect them to another server url with a custom page giving them details of the block. I can se in the ASL GGUI there is a setting for https://%{server_name}:30000/blocked.php?eventid=%{unique_id} whcih I have replaced with my own url. How do ...
- Thu Jan 23, 2014 8:07 am
- Forum: Atomic Protector (formerly ASL)
- Topic: how to interpret the ossec active response log
- Replies: 10
- Views: 11566
Re: how to interpret the ossec active response log
Unfortunately like I mentioned the web console doesnt work - it never loads and virtually anything we open in there doesnt work either except for the ASL config page, thats the only item that seems to come up right away. On some servers it takes about half hour to load the opening page and the item...
- Fri Sep 27, 2013 3:24 am
- Forum: Atomic Protector (formerly ASL)
- Topic: WAF red dot but says is disabled but is enabled?
- Replies: 5
- Views: 7814
Re: WAF red dot but says is disabled but is enabled?
last night I opedned the GUi on all my machines and there was an update so I updated all of them.
After that it was green across the board.
After that it was green across the board.
- Thu Sep 26, 2013 11:26 am
- Forum: Atomic Protector (formerly ASL)
- Topic: WAF red dot but says is disabled but is enabled?
- Replies: 5
- Views: 7814
Re: WAF red dot but says is disabled but is enabled?
Whats the output of this command: asl -s -f quote a bit of stuff. [root@maggie ~]# asl -s -f Starting Atomic Secured Linux scan, please be patient... Checking Kernel security settings ASL kernel: detected [OK] KERNEXEC protections: detected [OK] UDEREF protections: detected [OK] Runtime module load...
- Thu Sep 26, 2013 8:00 am
- Forum: Atomic Protector (formerly ASL)
- Topic: WAF red dot but says is disabled but is enabled?
- Replies: 5
- Views: 7814
WAF red dot but says is disabled but is enabled?
This ASL software is driving me around the bend. I am seeing in the logs today the following entries: [Thu Sep 26 12:51:30 2013] [error] [client 212.89.9.133] ModSecurity: [file "/usr/local/apache/modsecurity.d/12_asl_brute.conf"] [line "61"] [id "377360"] [rev "2&...
- Thu Sep 26, 2013 4:44 am
- Forum: Atomic Protector (formerly ASL)
- Topic: two factor auth with google auth?
- Replies: 2
- Views: 5072
Re: two factor auth with google auth?
I have found some companies like codeguard.com use two factor auth with SMS, the problem is sometimes the sms can take over 10 minutes + to arrive especially to international numbers.
Google AUTH would be my preferred option as I can open the app on my phone and get my code right away.
Google AUTH would be my preferred option as I can open the app on my phone and get my code right away.
- Tue Sep 24, 2013 5:48 am
- Forum: General Help and Development Discussion
- Topic: List of SSH Commands needed
- Replies: 4
- Views: 9963
Re: List of SSH Commands needed
Is there a way to see a list of ip's that have been blacklisted?
I would like to run a ssh command to see which ip's are blocked rather than having to go into the gui each time.
I would like to run a ssh command to see which ip's are blocked rather than having to go into the gui each time.
- Sun Sep 22, 2013 5:01 am
- Forum: Atomic Protector (formerly ASL)
- Topic: two factor auth with google auth?
- Replies: 2
- Views: 5072
two factor auth with google auth?
I am a bit concurred about the ease of access of being able to login to the ASL GUI. Apart from blocking port 30000 to certain fixed ip's, is there any plan for example to implement two factor auth say with google auth? Seems alot of companies are implementing this. There is even a free google wordp...
- Fri Sep 20, 2013 2:37 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Many Wordpress "Login Failure Detected" (Rule 377306)
- Replies: 7
- Views: 9796
Re: Many Wordpress "Login Failure Detected" (Rule 377306)
Is there a way to configure the rule so that if there is more than 3 failed login attempts to the wordpress admin that the ip gets grey listed for 30 minutes? When you say greylisting, do you mean shunning or something else? I am not sure what "shunning" means but if they could be blocked...
- Thu Sep 19, 2013 12:57 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: cpanel host access control
- Replies: 1
- Views: 4259
cpanel host access control
In cpanel servers there is a function to manage Host Access Control settings inside Home »Security Center »Host Access Control In order to restrict access to my ssh port to my fixed ip for example I have been using function and has worked pretty well. Now that ASL is installed can I still use it? Sh...
- Thu Sep 19, 2013 12:32 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Many Wordpress "Login Failure Detected" (Rule 377306)
- Replies: 7
- Views: 9796
Re: Many Wordpress "Login Failure Detected" (Rule 377306)
Is there a way to configure the rule so that if there is more than 3 failed login attempts to the wordpress admin that the ip gets grey listed for 30 minutes? One of the big issues is that there are ALOT amateur web designers out there posing as "professional" wordpress developers without ...
- Thu Sep 19, 2013 12:04 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: PHP_CHECKS
- Replies: 2
- Views: 4935
PHP_CHECKS
I can see that PHP_CHECKS is OFF by default. Is it recommended to be on? If so, I used to use CSF firewall which gave me a nice clear list of recommended security actions to apply in order to make the server a little "safer". In ASL configuration there is a section for PHP configuration an...
- Thu Sep 19, 2013 11:47 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Server aholed after ASL update?
- Replies: 51
- Views: 40603
Re: Server aholed after ASL update?
Hi, I have followed the steps and now in my Security Events log its triggering event 4151 even though I do have FW_DROP_INVALID set to yes. Is this something I need to address or can I set the rule to not log these entries? montague kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:c9:...