Search found 74 matches

by gaia
Fri Jun 02, 2017 3:21 pm
Forum: Atomic Protector (formerly ASL)
Topic: Removing ASL tries to remove needed dependencies
Replies: 3
Views: 5273

Re: Removing ASL tries to remove needed dependencies

Can you send us the output of the uninstaller at support@atomicorp.com? Also, we're releasing the Ubuntu version of ASL this summer. Would you like to sign up for the early beta? also, kernel aside, how does ASL compare to Trend Micro Deep Security? do you have any ansible scripts for installing an...
by gaia
Fri Jun 02, 2017 3:11 pm
Forum: Atomic Protector (formerly ASL)
Topic: Removing ASL tries to remove needed dependencies
Replies: 3
Views: 5273

Re: Removing ASL tries to remove needed dependencies

mikeshinn wrote:Can you send us the output of the uninstaller at support@atomicorp.com?

Also, we're releasing the Ubuntu version of ASL this summer. Would you like to sign up for the early beta?
done. yes pls sign me up for the early beta.
by gaia
Fri Jun 02, 2017 1:42 pm
Forum: Atomic Protector (formerly ASL)
Topic: Removing ASL tries to remove needed dependencies
Replies: 3
Views: 5273

Removing ASL tries to remove needed dependencies

I would like to ideally remove ASL from a CentOS 6.9 system. When I follow the instructions , it tries to remove for dependencies packages from @base, @updates, @epel and worst, @virtualmin and @virtualmin-universal. It doesn't seem that the dependencies are being properly calculated. Maybe I should...
by gaia
Thu Oct 29, 2015 3:51 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: Atomicorp rules on Debian 7.7
Replies: 6
Views: 7316

Re: Atomicorp rules on Debian 7.7

Windows will be first, we're working on that right now. Then there be more work next quarter after that on the debian/suse/ubuntu WAF product (ie this is what we include on plesk now, making this more flexible, etc), which builds some dependencies for ASL on debian/ubuntu/suse. might be forking our...
by gaia
Sat Oct 10, 2015 3:39 pm
Forum: Atomic Protector (formerly ASL)
Topic: New Wordpress XML-RPC Attack
Replies: 9
Views: 5687

Re: New Wordpress XML-RPC Attack

Well for this specific attack, and only this one, you could get away with not turning it on. But in general brute force attacks are stopped better if you can enable all of these. The TI rules are stopping 75% of the attacks we see, so we highly recommend enabling them. Thanks for the clarification....
by gaia
Fri Oct 09, 2015 7:37 pm
Forum: Atomic Protector (formerly ASL)
Topic: New Wordpress XML-RPC Attack
Replies: 9
Views: 5687

Re: New Wordpress XML-RPC Attack

Yes. If you have these rulesets enabled: https://www.atomicorp.com/wiki/index.php?title=ASL_WAF#MODSEC_00_THREAT https://www.atomicorp.com/wiki/index.php?title=ASL_WAF#MODSEC_03_DOS https://www.atomicorp.com/wiki/index.php?title=ASL_WAF#MODSEC_12_BRUTE Note: If you use litespeed it doesnt support o...
by gaia
Mon Aug 10, 2015 1:52 pm
Forum: Atomic Protector (formerly ASL)
Topic: ROOTKIT Detection and Prevention
Replies: 6
Views: 6067

Re: ROOTKIT Detection and Prevention

Warning: Suspicious file types found in /dev: /dev/.udev/db/input:event4: ASCII text /dev/.udev/db/input:event0: ASCII text /dev/.udev/db/input:js0: ASCII text /dev/.udev/db/input:event3: ASCII text /dev/.udev/db/input:mouse2: ASCII text /dev/.udev/db/input:event1: ASCII text /dev/.udev/db/input:ev...
by gaia
Thu Jul 30, 2015 11:17 am
Forum: Requests
Topic: Ansible
Replies: 3
Views: 6814

Re: Ansible

breun wrote:You can install the ansible package from the EPEL repository.
I meant an Ansible recipe for installing ASL ;)
by gaia
Thu Jul 30, 2015 10:26 am
Forum: Requests
Topic: Ansible
Replies: 3
Views: 6814

Re: Ansible

breun wrote:Something for the atomic repository?
Ansible is a radically simple model-driven configuration management, deployment, and command execution framework.
http://ansible.github.com/
I also would like to use Ansible to deploy ASL. Or at least parts of it.
by gaia
Wed Jul 01, 2015 11:55 am
Forum: Atomicorp Modsecurity Rules Support
Topic: Atomicorp rules on Debian 7.7
Replies: 6
Views: 7316

Re: Atomicorp rules on Debian 7.7

Yes, we're planning on expanding into several other platforms, including debian, ubuntu, and windows. Currently we're working on expanding the WAF into Windows server systems. do you think debian or ubuntu will come first? and the natural follow up question, is there a rough estimate for when it wo...
by gaia
Tue Jun 30, 2015 10:31 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: Atomicorp rules on Debian 7.7
Replies: 6
Views: 7316

Re: Atomicorp rules on Debian 7.7

scott wrote:We do not have any .deb packages at this time, its something we're planning on having soon though.
Is Debian support planned for ASL entirely or just modsec?
by gaia
Tue Apr 21, 2015 10:51 am
Forum: Atomic Protector (formerly ASL)
Topic: How to block this threat?
Replies: 0
Views: 2026

How to block this threat?

Even if just for the fact that it spiked up resource usage to the point that I got an alert, I would like to stop these attacks: HEAD /?MDM0OTEwOTQzOTIwMzQwMTUwMDEwODc1MTI1NDQ0MDEzMDIxNzE1ODA0NDc0NzY2ODgxOTg5MzE5MDA3MDQ5Mjk3MjI0MDExNTE0NDE1MzkxMjMyNjAyOTM1MDUwMTY3NTE5MzEzNDI3NTIyNjAwMjg5MTU5ODA3MDQy...
by gaia
Sun Mar 22, 2015 9:55 pm
Forum: Atomic Protector (formerly ASL)
Topic: Blocking by rDNS' third level domain
Replies: 9
Views: 5744

Re: Blocking by rDNS' third level domain

Can you share your access logs with me, I'll see what we might be able to do on the RBL side as well. Since we can create as many RBLs as you can imagine, I'm thinking we might create some RBLs for things like "impolite bots" similar to the spammer RBLs and others we already have. PM me a...
by gaia
Fri Mar 20, 2015 2:26 pm
Forum: Atomic Protector (formerly ASL)
Topic: Blocking by rDNS' third level domain
Replies: 9
Views: 5744

Re: Blocking by rDNS' third level domain

We could add in a capability to make the lookups non-verified (the PTR doesnt have to match the A) - or both (you decide how verified it needs to be). This would only work on ASL systems so if thats something you'd like we can add it into the FRs and see about rolling it out next week. That would b...