Fake bot alert level 14?

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Fake bot alert level 14?

Unread post by faris »

I was wondering why the various fake bot rules (e.g. fake Baidu, fake Googlebot) are set to level 14? Surely that's a "real and present danger" level, when I'd have thought this kind of bot is just an annoyance in terms of security.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Fake bot alert level 14?

Unread post by mikeshinn »

It typically is a method used to bypass WAFs and IDS systems. So it can be an indicator of a more serious type of attacker. You can always changes the levels if you disagree and prefer to treat these as less important.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Fake bot alert level 14?

Unread post by faris »

Unfortunately changing alert levels on these doesn't work. Someone else mentioned a similar problem recently.

But with ASL 4 out any moment now, I guess it isn't worth the hassle of trying to figure out what's going on.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Fake bot alert level 14?

Unread post by biggles »

Not sure it's the same problem but I'm having a big trouble with rules sending email even if email is turned off and level lowered. In the support ticket I was told to update to ASL 4 which I have been running for two weeks now. The problem is still there and the support ticket isn't updated anymore. So don't be to sure this problem is solved in ASL 4...

Right now I'm receiving email notifications more or less 24 times a day which kind off makes them useless.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Fake bot alert level 14?

Unread post by mikeshinn »

The problem is still there and the support ticket isn't updated anymore.
Which case number are you referring to?
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Fake bot alert level 14?

Unread post by biggles »

Sorry, should of course included the case number, 29079
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Fake bot alert level 14?

Unread post by mikeshinn »

Thank you. So that cases status is Pending - Internal Input. That means the case is still being worked on, but there is nothing to share with you at this time. That does not mean the case is no longer being updated.

Case status explanations are included in the status change emails that are sent automatically and are also documented here:

https://www.atomicorp.com/wiki/index.ph ... ort_Status

Pending Internal Input: The customer support representative is consulting with a colleague for the next step in resolving your case. When additional information is available to share with you the status of the case will change, and information will be added to your case at that time.

I've added a note to your case to explain the status of the case as well:
There is no update to share at this time. The case is still open, and being worked on.

If you aren't sure of the status of a case, just check the label and that should inform you of its current disposition.

In this case, the status is: Pending Internal Input

that means there is no update to share with you this time, but the case is still being worked on. If you see that status it means the support team and developers are waiting on the results of something from each other or need additional information or test results from each other. In this case our developers are working on this issue. When there is an update to share with you, the status of the case will change and information will be added to the case.

Thank you for your query. You will find an explanation for what the status levels mean for any cases in the automatic email that is sent when you open a case, or online at the URL below:

https://www.atomicorp.com/wiki/index.ph ... ort_Status
So I can assure you, that when a case says Pending Internal Input that means the case is being worked on and it will be updated when there is new information to share with you. We apologize that we can not resolve all issues immediately, but please know we are working hard on this issue and will have it resolved soon.
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Fake bot alert level 14?

Unread post by biggles »

Thanks a lot for the explanation. The reason I though nothing was happening was that I had not seen any update for two weeks and even asked for the current status without any reply. When you get an email every hour you tend to loose patience quicker and actually thought it had been forgotten. I'm really sorry about that.
Post Reply