Atomicorp

Is this in v5?

Ah! I've just been doing an asl- bl [ip] rather than manually adding a rule. And of course asl -bl adds them after the state=related/established rule. So how about this instead then: killip.sh #!/bin/bash #usage: killip.sh IP #KILL THEM NOW iptables -I INPUT 1 -s $1 -j DROP #BLACKLIST THEM SO THEY D...

woohoo! I've always hated that old portal. it was so slow for me. zendesk will be much better.
And thanks for leaving the old one in read-only mode. That will be very useful to check up on old issues.

Nope. Sorry.

Why not boot from the OpenVZ ISO to start with?

I don't honestly know the technical situation on what's happening, so I'd better describe a couple of the issues: 1) spammer connected on port 25, authenticated using guessed or stolen credentials and sending spam, one after another, in one long connection. Adding IP to firewall ineffective. Must ki...

I've been seeing the same thing

I'm just being too cautious, that's all.

I tend to assume packages of this nature are more likely to be a target for "subversion" than others.

That looks perfect but it comes in a collection of tools that would typically be used for bad things - which raises some concerns.

Still, one would hope that a package in epel would be trustworthy.

Is there a way to totally kill all connections from a particular IP? We've been suffering from brute force attacks on Plesk itself, resulting in server load skyrocketing and the database becoming inaccessible. When I see this happening, I immediately blacklist the IP in question, which adds it to th...

Well, I'd be keen to know why the site was able to be compromised if your server was running ASL. I know that ASL can't protect against everything. One site on one of our systems was compromised via a vulnerability in the script. But if we can discover what was going on, it might help to create a ne...

Hmm....that's good to know. Thanks.

But does anybody actually do it, or not, in a mainly Plesk environment?

According to my logs, rule 397989 is being triggered almost constantly by some IP or other. Certainly it is being triggered more than any other rule. In the GUI event viewer, it says "Atomicorp.com WAF Rules: MSIE 6.0 detected (Disable if you want to allow MSIE 6)" The word "Fake"...

Is it still recommended to make /tmp (and possibly /var/tmp) tmpfs with noexec, nosuid and nodev ?

I remember doing so years and years ago had an adverse effect with Plesk and ASL, but I don't remember what/when/why.
This was AGES ago, mind you.

Thanks. I'll do likewise then.

Is it safe to block access to port 8880 (non-https Plesk) with Plesk 12.5?

I experienced certain issues doing so with 10.4.4 but it was so long ago that I don't remember the details:-(

None of our customers login via 8880 to my knowledge.