Search found 13 matches
- Mon Oct 13, 2014 2:05 pm
- Forum: Firewall Help and Discussion
- Topic: New CMS attack report. File inclusion attacks up 62%
- Replies: 0
- Views: 12486
New CMS attack report. File inclusion attacks up 62%
For those interested in seeing whats up in the CMS landscape on attacks. BF logins seem to be the same but, RFI is on the rise. http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed5.pdf Atomic, may want to keep beefing up your WAF for file inclusion detection. The question becomes, will ...
- Thu Apr 10, 2014 9:45 am
- Forum: Security Alerts
- Topic: CVE-2014-0160 Heartbleed bug in OpenSSL
- Replies: 21
- Views: 21531
Re: CVE-2014-0160 Heartbleed bug in OpenSSL
For those running cPanel WHM 11.42 (release), just restart the mail and apache services and you should be good to go.
Test your servers here: http://filippo.io/Heartbleed/
Update: This is only true if you allow nightly updates to pull down from cPanel
Test your servers here: http://filippo.io/Heartbleed/
Update: This is only true if you allow nightly updates to pull down from cPanel
- Fri Apr 04, 2014 1:52 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: 12_aslbrute not banning IP's
- Replies: 16
- Views: 17158
Re: 12_aslbrute not banning IP's
Email sent
- Fri Apr 04, 2014 1:31 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: 12_aslbrute not banning IP's
- Replies: 16
- Views: 17158
Re: 12_aslbrute not banning IP's
Thanks! Once I pay that, will I get access to the support ticket system? Right now, I can't login to that.
- Thu Apr 03, 2014 6:26 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: 12_aslbrute not banning IP's
- Replies: 16
- Views: 17158
Re: 12_aslbrute not banning IP's
Well, it's time to to the deed then! I need a pro to install and get this rolling. My only fear is for our large Joomla install base and what might get caught in the ASL rules. Good news is I'm sure there will be a way to exclude some domains from those rules like CSF mod_sec control? That's our env...
- Thu Apr 03, 2014 11:17 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: 12_aslbrute not banning IP's
- Replies: 16
- Views: 17158
Re: 12_aslbrute not banning IP's
Getting close to a decision here on the full ASL suite. The attacks are coming in waves with peaks and valleys. Looks like its a low level DDOS on WP and Joomla for admin and some scraping to check for vulnerable files. Would the full ASL help with this? See attached image.
- Tue Apr 01, 2014 10:30 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: ASL mod_sec rules install question
- Replies: 3
- Views: 6908
Re: ASL mod_sec rules install question
Maybe, I put this rule in since the Joomla rule you have wasn't stopping the brute force attempts. Thought it might be related to ASL. <Location /administrator/index.php> # Setup brute force detection. # React if block flag has been set. SecRule user:bf_block "@gt 0" "deny,status:401,...
- Tue Apr 01, 2014 10:28 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: 12_aslbrute not banning IP's
- Replies: 16
- Views: 17158
Re: 12_aslbrute not banning IP's
Thanks! What has kept us from going full ASL is when we tried to install it in the past, it made our production machine un-bootable and we had to perform an OS reload so, we're VERY skiddish on attempting to install ASL ourselves.
- Tue Apr 01, 2014 10:07 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: ASL mod_sec rules install question
- Replies: 3
- Views: 6908
ASL mod_sec rules install question
Was digging through the WIKI to figure out how to stop this errors: collections_remove_stale: Failed to access DBM file "/usr/local/apache/conf/modsec/data/msa/user": Permission denied collection_store: Failed to access DBM file "/usr/local/apache/conf/modsec/data/msa/ip": Permis...
- Tue Apr 01, 2014 12:07 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: 12_aslbrute not banning IP's
- Replies: 16
- Views: 17158
Re: 12_aslbrute not banning IP's
Got it. The mod sec rules are limited without the full ASL?
- Mon Mar 31, 2014 5:55 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: 12_aslbrute not banning IP's
- Replies: 16
- Views: 17158
Re: 12_aslbrute not banning IP's
OK, where are these settings for SHUN time? We're running the rules only with mod security. Thx
- Mon Mar 31, 2014 5:42 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: 12_aslbrute not banning IP's
- Replies: 16
- Views: 17158
Re: 12_aslbrute not banning IP's
OK where do you do that?
- Sun Mar 30, 2014 7:27 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: 12_aslbrute not banning IP's
- Replies: 16
- Views: 17158
12_aslbrute not banning IP's
We purchased a yearly subscription for the ASL rules and our system is being hit hard daily by bots trying to brute force the Joomla admin. What's bothersome is that your rules aren't banning those ip's and they just keep pounding away.
Is there a way to tweak that rule to ban IP's for 30 days?
Is there a way to tweak that rule to ban IP's for 30 days?