Atomicorp

I am trying to set a remote domain for my block page so that if users are blocked for something they get redirected to another domain name on a server outside my hosting network and I grab all the variables over there. However, in ASL 4.0, if I try and put the following format into the field for WAF...

When someone triggers a rule or gets blocked I want to redirect them to another server url with a custom page giving them details of the block. I can se in the ASL GGUI there is a setting for https://%{server_name}:30000/blocked.php?eventid=%{unique_id} whcih I have replaced with my own url. How do ...

Unfortunately like I mentioned the web console doesnt work - it never loads and virtually anything we open in there doesnt work either except for the ASL config page, thats the only item that seems to come up right away. On some servers it takes about half hour to load the opening page and the item...

last night I opedned the GUi on all my machines and there was an update so I updated all of them.

After that it was green across the board.

Whats the output of this command: asl -s -f quote a bit of stuff. [root@maggie ~]# asl -s -f Starting Atomic Secured Linux scan, please be patient... Checking Kernel security settings ASL kernel: detected [OK] KERNEXEC protections: detected [OK] UDEREF protections: detected [OK] Runtime module load...

This ASL software is driving me around the bend. I am seeing in the logs today the following entries: [Thu Sep 26 12:51:30 2013] [error] [client 212.89.9.133] ModSecurity: [file "/usr/local/apache/modsecurity.d/12_asl_brute.conf"] [line "61"] [id "377360"] [rev "2&...

I have found some companies like codeguard.com use two factor auth with SMS, the problem is sometimes the sms can take over 10 minutes + to arrive especially to international numbers.

Google AUTH would be my preferred option as I can open the app on my phone and get my code right away.

Is there a way to see a list of ip's that have been blacklisted?

I would like to run a ssh command to see which ip's are blocked rather than having to go into the gui each time.

I am a bit concurred about the ease of access of being able to login to the ASL GUI. Apart from blocking port 30000 to certain fixed ip's, is there any plan for example to implement two factor auth say with google auth? Seems alot of companies are implementing this. There is even a free google wordp...

Is there a way to configure the rule so that if there is more than 3 failed login attempts to the wordpress admin that the ip gets grey listed for 30 minutes? When you say greylisting, do you mean shunning or something else? I am not sure what "shunning" means but if they could be blocked...

In cpanel servers there is a function to manage Host Access Control settings inside Home »Security Center »Host Access Control In order to restrict access to my ssh port to my fixed ip for example I have been using function and has worked pretty well. Now that ASL is installed can I still use it? Sh...

Is there a way to configure the rule so that if there is more than 3 failed login attempts to the wordpress admin that the ip gets grey listed for 30 minutes? One of the big issues is that there are ALOT amateur web designers out there posing as "professional" wordpress developers without ...

I can see that PHP_CHECKS is OFF by default. Is it recommended to be on? If so, I used to use CSF firewall which gave me a nice clear list of recommended security actions to apply in order to make the server a little "safer". In ASL configuration there is a section for PHP configuration an...

Hi, I have followed the steps and now in my Security Events log its triggering event 4151 even though I do have FW_DROP_INVALID set to yes. Is this something I need to address or can I set the rule to not log these entries? montague kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:c9:...