Atomicorp

Also, I couldnt block the evil ( 1 , 2 , 3 ) coming from dozens of different IPs to scrape a magento site, which threw it for an endless loop. The offending netblocks were 172.255.0.0/16 NOBIS-TECHNOLOGY-GROUP-15 23.80.0.0/14 NOBIS-TECHNOLOGY-GROUP-17 23.104.0.0/13 NOBIS-TECHNOLOGY-GROUP-18 and an e...

mod_qos is what we're replacing evasive with. Its like the waf where we need to develop rules and policy configuration in ASL Web to really take full advantage of. Definitely run it now if you can, its got some great functionality now for wordpress sites. For mod_evasive, it can be a little counter...

You should read this topic before migration http://www.webhostingtalk.com/showthread.php?p=9399137 Thanks. I've long trusted the RACK911 crew. I wonder if placing the entire CP behind http auth would be secure enough. I am the only one accessing it anyways. Regardless, I would rather use a differen...

These are my DoS settings: http://i.imgur.com/sVrtYuN.png They are pretty lax, as there are some times when several clients are coming from the same public IP and are accessing 2 AJAX resources every 10 seconds long periods (120 requests per client/minute). Is it possible to have different threshold...

I'm considering migrating from Virtualmin to Ajenti or maybe Sentora. Could any shared any words or experience related to those two CPs working with ASL?

Thanks

Just got a very draining bot coming from bzq-82-80-249-168.dcenter.bezeqint.net. I added dcenter.bezeqint.net to the MODSEC_01_DOMAIN_BLOCKS list (I was able to get rid of 007AC9.net this way). But dcenter.bezeqint.net didnt work for bzq-82-80-249-168.dcenter.bezeqint.net. Why? I can't block the ent...

mikeshinn wrote:Per port ACLs documentation is available here:

https://www.atomicorp.com/wiki/index.ph ... _Port_ACLs

thanks, but the referenced "Per Port ACLs" section does not mention the syntax for multiple ports.

additionally, i was looking to do this via the GUI, IF possible.

scott wrote:Right, an "insert" means put on the top of a list, and "add" means add to the bottom. Just like you're in a spreadsheet. You want your rule to appear ahead of the drop rule.

how do i add more than one port per rule? tried space, comma without spaces and dashes.

So one firewall rule in INPUT before geoblock allowing access to those two ports?

scott wrote:Is it for just one service, or multiple ones?

only for port 443 and 22.

Ukraine is geoblocked, but I would like to allow a single IP thru, without whitelisting it. Is this possible?

Thanks in advance.

Yes, you can do this with this ruleset: https://www.atomicorp.com/wiki/index.php/ASL_WAF#MODSEC_01_DOMAIN_BLOCKS Thanks Mike. I placed "007ac9.net" in the file. Will it satisfy the filter to effectively block, for example, crawl07.lp.007ac9.net (91.121.79.180)? AFAIU it should work: http:...

Got a hungry bot on our server this morning. It is spread across a wide range of networks , so blocking it by IP would be at least impractical and at most ineffective. Assuming the people who run it will keep using the same third level domain for all rDNS addresses where this bot comes from, is ther...

I think he was asking if he deleted the a whole diff tree that wasnt ignored. The next cycle (<frequency>XXXX) it would make copies of the files again. In my case it wouldn't. the diff scan and the backup run roughly at the same time, and i am changing that. but the temporary files created by the b...

official word was: A) Ignores are configured in ASL Web->File Integrity->Ignore Rules B) You can, but it can increase disk IO when it scans again it will add back the most recent copies. C is a better way to do it C) Retention is configured from ASL Web->Settings->ASL Configuration->Host Intrusion D...