Fake bot alert level 14?
Fake bot alert level 14?
I was wondering why the various fake bot rules (e.g. fake Baidu, fake Googlebot) are set to level 14? Surely that's a "real and present danger" level, when I'd have thought this kind of bot is just an annoyance in terms of security.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Fake bot alert level 14?
It typically is a method used to bypass WAFs and IDS systems. So it can be an indicator of a more serious type of attacker. You can always changes the levels if you disagree and prefer to treat these as less important.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Fake bot alert level 14?
Unfortunately changing alert levels on these doesn't work. Someone else mentioned a similar problem recently.
But with ASL 4 out any moment now, I guess it isn't worth the hassle of trying to figure out what's going on.
But with ASL 4 out any moment now, I guess it isn't worth the hassle of trying to figure out what's going on.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: Fake bot alert level 14?
Not sure it's the same problem but I'm having a big trouble with rules sending email even if email is turned off and level lowered. In the support ticket I was told to update to ASL 4 which I have been running for two weeks now. The problem is still there and the support ticket isn't updated anymore. So don't be to sure this problem is solved in ASL 4...
Right now I'm receiving email notifications more or less 24 times a day which kind off makes them useless.
Right now I'm receiving email notifications more or less 24 times a day which kind off makes them useless.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Fake bot alert level 14?
Which case number are you referring to?The problem is still there and the support ticket isn't updated anymore.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Fake bot alert level 14?
Sorry, should of course included the case number, 29079
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Fake bot alert level 14?
Thank you. So that cases status is Pending - Internal Input. That means the case is still being worked on, but there is nothing to share with you at this time. That does not mean the case is no longer being updated.
Case status explanations are included in the status change emails that are sent automatically and are also documented here:
https://www.atomicorp.com/wiki/index.ph ... ort_Status
Pending Internal Input: The customer support representative is consulting with a colleague for the next step in resolving your case. When additional information is available to share with you the status of the case will change, and information will be added to your case at that time.
I've added a note to your case to explain the status of the case as well:
Case status explanations are included in the status change emails that are sent automatically and are also documented here:
https://www.atomicorp.com/wiki/index.ph ... ort_Status
Pending Internal Input: The customer support representative is consulting with a colleague for the next step in resolving your case. When additional information is available to share with you the status of the case will change, and information will be added to your case at that time.
I've added a note to your case to explain the status of the case as well:
So I can assure you, that when a case says Pending Internal Input that means the case is being worked on and it will be updated when there is new information to share with you. We apologize that we can not resolve all issues immediately, but please know we are working hard on this issue and will have it resolved soon.There is no update to share at this time. The case is still open, and being worked on.
If you aren't sure of the status of a case, just check the label and that should inform you of its current disposition.
In this case, the status is: Pending Internal Input
that means there is no update to share with you this time, but the case is still being worked on. If you see that status it means the support team and developers are waiting on the results of something from each other or need additional information or test results from each other. In this case our developers are working on this issue. When there is an update to share with you, the status of the case will change and information will be added to the case.
Thank you for your query. You will find an explanation for what the status levels mean for any cases in the automatic email that is sent when you open a case, or online at the URL below:
https://www.atomicorp.com/wiki/index.ph ... ort_Status
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Fake bot alert level 14?
Thanks a lot for the explanation. The reason I though nothing was happening was that I had not seen any update for two weeks and even asked for the current status without any reply. When you get an email every hour you tend to loose patience quicker and actually thought it had been forgotten. I'm really sorry about that.