Search found 13 matches

by webjive
Mon Oct 13, 2014 2:05 pm
Forum: Firewall Help and Discussion
Topic: New CMS attack report. File inclusion attacks up 62%
Replies: 0
Views: 4909

New CMS attack report. File inclusion attacks up 62%

For those interested in seeing whats up in the CMS landscape on attacks. BF logins seem to be the same but, RFI is on the rise. http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed5.pdf Atomic, may want to keep beefing up your WAF for file inclusion detection. The question becomes, will ...
by webjive
Thu Apr 10, 2014 9:45 am
Forum: Security Alerts
Topic: CVE-2014-0160 Heartbleed bug in OpenSSL
Replies: 21
Views: 16346

Re: CVE-2014-0160 Heartbleed bug in OpenSSL

For those running cPanel WHM 11.42 (release), just restart the mail and apache services and you should be good to go.

Test your servers here: http://filippo.io/Heartbleed/

Update: This is only true if you allow nightly updates to pull down from cPanel
by webjive
Fri Apr 04, 2014 1:52 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: 12_aslbrute not banning IP's
Replies: 16
Views: 12886

Re: 12_aslbrute not banning IP's

Email sent
by webjive
Fri Apr 04, 2014 1:31 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: 12_aslbrute not banning IP's
Replies: 16
Views: 12886

Re: 12_aslbrute not banning IP's

Thanks! Once I pay that, will I get access to the support ticket system? Right now, I can't login to that.
by webjive
Thu Apr 03, 2014 6:26 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: 12_aslbrute not banning IP's
Replies: 16
Views: 12886

Re: 12_aslbrute not banning IP's

Well, it's time to to the deed then! I need a pro to install and get this rolling. My only fear is for our large Joomla install base and what might get caught in the ASL rules. Good news is I'm sure there will be a way to exclude some domains from those rules like CSF mod_sec control? That's our env...
by webjive
Thu Apr 03, 2014 11:17 am
Forum: Atomicorp Modsecurity Rules Support
Topic: 12_aslbrute not banning IP's
Replies: 16
Views: 12886

Re: 12_aslbrute not banning IP's

Getting close to a decision here on the full ASL suite. The attacks are coming in waves with peaks and valleys. Looks like its a low level DDOS on WP and Joomla for admin and some scraping to check for vulnerable files. Would the full ASL help with this? See attached image.
by webjive
Tue Apr 01, 2014 10:30 am
Forum: Atomicorp Modsecurity Rules Support
Topic: ASL mod_sec rules install question
Replies: 3
Views: 5420

Re: ASL mod_sec rules install question

Maybe, I put this rule in since the Joomla rule you have wasn't stopping the brute force attempts. Thought it might be related to ASL. <Location /administrator/index.php> # Setup brute force detection. # React if block flag has been set. SecRule user:bf_block "@gt 0" "deny,status:401,...
by webjive
Tue Apr 01, 2014 10:28 am
Forum: Atomicorp Modsecurity Rules Support
Topic: 12_aslbrute not banning IP's
Replies: 16
Views: 12886

Re: 12_aslbrute not banning IP's

Thanks! What has kept us from going full ASL is when we tried to install it in the past, it made our production machine un-bootable and we had to perform an OS reload so, we're VERY skiddish on attempting to install ASL ourselves.
by webjive
Tue Apr 01, 2014 10:07 am
Forum: Atomicorp Modsecurity Rules Support
Topic: ASL mod_sec rules install question
Replies: 3
Views: 5420

ASL mod_sec rules install question

Was digging through the WIKI to figure out how to stop this errors: collections_remove_stale: Failed to access DBM file "/usr/local/apache/conf/modsec/data/msa/user": Permission denied collection_store: Failed to access DBM file "/usr/local/apache/conf/modsec/data/msa/ip": Permis...
by webjive
Tue Apr 01, 2014 12:07 am
Forum: Atomicorp Modsecurity Rules Support
Topic: 12_aslbrute not banning IP's
Replies: 16
Views: 12886

Re: 12_aslbrute not banning IP's

Got it. The mod sec rules are limited without the full ASL?
by webjive
Mon Mar 31, 2014 5:55 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: 12_aslbrute not banning IP's
Replies: 16
Views: 12886

Re: 12_aslbrute not banning IP's

OK, where are these settings for SHUN time? We're running the rules only with mod security. Thx
by webjive
Mon Mar 31, 2014 5:42 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: 12_aslbrute not banning IP's
Replies: 16
Views: 12886

Re: 12_aslbrute not banning IP's

OK where do you do that?
by webjive
Sun Mar 30, 2014 7:27 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: 12_aslbrute not banning IP's
Replies: 16
Views: 12886

12_aslbrute not banning IP's

We purchased a yearly subscription for the ASL rules and our system is being hit hard daily by bots trying to brute force the Joomla admin. What's bothersome is that your rules aren't banning those ip's and they just keep pounding away.

Is there a way to tweak that rule to ban IP's for 30 days?