Search found 1509 matches
- Sun Jan 15, 2017 8:58 am
- Forum: Firewall Help and Discussion
- Topic: Immediate drop
- Replies: 12
- Views: 21320
Re: Immediate drop
Is this in v5?
- Wed Jan 11, 2017 10:21 am
- Forum: Firewall Help and Discussion
- Topic: Immediate drop
- Replies: 12
- Views: 21320
Re: Immediate drop
Ah! I've just been doing an asl- bl [ip] rather than manually adding a rule. And of course asl -bl adds them after the state=related/established rule. So how about this instead then: killip.sh #!/bin/bash #usage: killip.sh IP #KILL THEM NOW iptables -I INPUT 1 -s $1 -j DROP #BLACKLIST THEM SO THEY D...
- Tue Jan 10, 2017 6:48 am
- Forum: Atomic Protector (formerly ASL)
- Topic: error in the support portal
- Replies: 3
- Views: 11967
Re: error in the support portal
woohoo! I've always hated that old portal. it was so slow for me. zendesk will be much better.
And thanks for leaving the old one in read-only mode. That will be very useful to check up on old issues.
And thanks for leaving the old one in read-only mode. That will be very useful to check up on old issues.
- Mon Jan 09, 2017 12:51 pm
- Forum: Virtualization Help and Discussion
- Topic: OpenVZ and CentOS 7 ISO and Plesk
- Replies: 3
- Views: 12109
Re: OpenVZ and CentOS 7 ISO and Plesk
Nope. Sorry.
Why not boot from the OpenVZ ISO to start with?
Why not boot from the OpenVZ ISO to start with?
- Mon Jan 09, 2017 12:50 pm
- Forum: Firewall Help and Discussion
- Topic: Immediate drop
- Replies: 12
- Views: 21320
Re: Immediate drop
I don't honestly know the technical situation on what's happening, so I'd better describe a couple of the issues: 1) spammer connected on port 25, authenticated using guessed or stolen credentials and sending spam, one after another, in one long connection. Adding IP to firewall ineffective. Must ki...
- Mon Jan 09, 2017 12:39 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: error in the support portal
- Replies: 3
- Views: 11967
Re: error in the support portal
I've been seeing the same thing
- Wed Dec 07, 2016 6:32 am
- Forum: Firewall Help and Discussion
- Topic: Immediate drop
- Replies: 12
- Views: 21320
Re: Immediate drop
I'm just being too cautious, that's all.
I tend to assume packages of this nature are more likely to be a target for "subversion" than others.
I tend to assume packages of this nature are more likely to be a target for "subversion" than others.
- Mon Dec 05, 2016 9:46 am
- Forum: Firewall Help and Discussion
- Topic: Immediate drop
- Replies: 12
- Views: 21320
Re: Immediate drop
That looks perfect but it comes in a collection of tools that would typically be used for bad things - which raises some concerns.
Still, one would hope that a package in epel would be trustworthy.
Still, one would hope that a package in epel would be trustworthy.
- Mon Dec 05, 2016 7:44 am
- Forum: Firewall Help and Discussion
- Topic: Immediate drop
- Replies: 12
- Views: 21320
Immediate drop
Is there a way to totally kill all connections from a particular IP? We've been suffering from brute force attacks on Plesk itself, resulting in server load skyrocketing and the database becoming inaccessible. When I see this happening, I immediately blacklist the IP in question, which adds it to th...
- Sat Nov 26, 2016 12:54 pm
- Forum: Control Panel Support Help
- Topic: howto prevent outgoing brute-force attacks
- Replies: 1
- Views: 9812
Re: howto prevent outgoing brute-force attacks
Well, I'd be keen to know why the site was able to be compromised if your server was running ASL. I know that ASL can't protect against everything. One site on one of our systems was compromised via a vulnerability in the script. But if we can discover what was going on, it might help to create a ne...
- Sat Nov 26, 2016 12:50 pm
- Forum: Control Panel Support Help
- Topic: noexec /tmp and /var/tmp
- Replies: 2
- Views: 10184
Re: noexec /tmp and /var/tmp
Hmm....that's good to know. Thanks.
But does anybody actually do it, or not, in a mainly Plesk environment?
But does anybody actually do it, or not, in a mainly Plesk environment?
- Sat Nov 05, 2016 9:53 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Rule 397989 Fake or not fake MSIE 6.0 detected?
- Replies: 0
- Views: 6131
Rule 397989 Fake or not fake MSIE 6.0 detected?
According to my logs, rule 397989 is being triggered almost constantly by some IP or other. Certainly it is being triggered more than any other rule. In the GUI event viewer, it says "Atomicorp.com WAF Rules: MSIE 6.0 detected (Disable if you want to allow MSIE 6)" The word "Fake"...
- Fri Oct 28, 2016 6:59 pm
- Forum: Control Panel Support Help
- Topic: noexec /tmp and /var/tmp
- Replies: 2
- Views: 10184
noexec /tmp and /var/tmp
Is it still recommended to make /tmp (and possibly /var/tmp) tmpfs with noexec, nosuid and nodev ?
I remember doing so years and years ago had an adverse effect with Plesk and ASL, but I don't remember what/when/why.
This was AGES ago, mind you.
I remember doing so years and years ago had an adverse effect with Plesk and ASL, but I don't remember what/when/why.
This was AGES ago, mind you.
- Fri Oct 21, 2016 11:46 am
- Forum: Control Panel Support Help
- Topic: Safe to block 8880 with Plesk 12.5?
- Replies: 2
- Views: 10320
Re: Safe to block 8880 with Plesk 12.5?
Thanks. I'll do likewise then.
- Thu Oct 20, 2016 7:34 am
- Forum: Control Panel Support Help
- Topic: Safe to block 8880 with Plesk 12.5?
- Replies: 2
- Views: 10320
Safe to block 8880 with Plesk 12.5?
Is it safe to block access to port 8880 (non-https Plesk) with Plesk 12.5?
I experienced certain issues doing so with 10.4.4 but it was so long ago that I don't remember the details:-(
None of our customers login via 8880 to my knowledge.
I experienced certain issues doing so with 10.4.4 but it was so long ago that I don't remember the details:-(
None of our customers login via 8880 to my knowledge.