Search found 112 matches
- Tue Jan 12, 2016 7:58 am
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Installation did not install kernel
- Replies: 2
- Views: 3961
ASL Installation did not install kernel
I just noticed that the ASL installer didn't install the ASL kernel, I completely removed and re-installed it and found the following error message: kernel-2.6.32-573.12.1.el6.x86_64 grep: /boot/grub2/grub.cfg: No such file or directory DEBUG 0 Running kernel was not detected in /boot/grub2/grub.cfg...
- Wed Nov 25, 2015 11:33 am
- Forum: Atomic Protector (formerly ASL)
- Topic: IP removed from Blocklist is not flagged again
- Replies: 0
- Views: 3048
IP removed from Blocklist is not flagged again
I've been testing a new server and just noticed that if I manually remove an IP from the Blacklist after having intentionally triggered the WAF, it won't flag the incident from the same IP when I try it again. So far I've tried this from two different hosts. Once manually removed from Blacklist, ASL...
- Mon Nov 02, 2015 3:45 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: wordpress sites compromised
- Replies: 1
- Views: 3472
wordpress sites compromised
I've recently had a number of wordpress sites on my server compromised. I am pretty sure the sites weren't running the latest version of wordpress though. All of them seemed to have one thing in common, various integral files at encrypted code injected at the top of them. While ASL blocked the infec...
- Fri Sep 11, 2015 3:14 am
- Forum: Atomic Protector (formerly ASL)
- Topic: not getting 403 forbidden when WAF is tripped
- Replies: 5
- Views: 4898
Re: not getting 403 forbidden when WAF is tripped
Could you tell me where this is configured inside the apache configuration?
- Thu Sep 10, 2015 3:39 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: not getting 403 forbidden when WAF is tripped
- Replies: 5
- Views: 4898
Re: not getting 403 forbidden when WAF is tripped
Code: Select all
340162 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
Another thing, I tried uninstalling ASL recently but it didn't go well. I couldn't even reinstall ASL, instead had to format the server
- Thu Sep 10, 2015 11:34 am
- Forum: Atomic Protector (formerly ASL)
- Topic: not getting 403 forbidden when WAF is tripped
- Replies: 5
- Views: 4898
not getting 403 forbidden when WAF is tripped
Hey,
I'm experimenting with a vanilla LAMP server (no control panel). Tripping the WAF is throwing the Apache default page instead of the 403 Forbidden.
I can see the event being logged inside ASL and the IP being block just fine.
Any ideas?
I'm experimenting with a vanilla LAMP server (no control panel). Tripping the WAF is throwing the Apache default page instead of the 403 Forbidden.
I can see the event being logged inside ASL and the IP being block just fine.
Any ideas?
- Fri Sep 04, 2015 8:16 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Major TWAF performance hit when under load
- Replies: 3
- Views: 5051
Re: Major TWAF performance hit when under load
Hey,
That is one nice looking set you just penned down.
I can't believe I didn't take into account Varnish vs. Apache, It never hit me.
I just tried placing TWAF behind varnish (put TWAF on the same port as NGINX) but varnish is bypassing TWAF and going to nginx instead.
That is one nice looking set you just penned down.
I can't believe I didn't take into account Varnish vs. Apache, It never hit me.
I just tried placing TWAF behind varnish (put TWAF on the same port as NGINX) but varnish is bypassing TWAF and going to nginx instead.
- Tue Sep 01, 2015 9:36 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Major TWAF performance hit when under load
- Replies: 3
- Views: 5051
Major TWAF performance hit when under load
Hey, I need help tuning the TWAF instance for heavy load. I'm load testing a new server with the following configuration Nginx Varnish PHP-FPM (PHP v5.4) Percona 5.6 ASL Test Application: Wordpress Server config: 1 x Intel Xeon E5450 32 GB RAM 1 x 1TB 7200RPM HDD I'm using Loader.io for load testing...
- Sun Aug 16, 2015 7:47 am
- Forum: Atomic Protector (formerly ASL)
- Topic: xmlrpc.php Wordpress abuse
- Replies: 3
- Views: 5557
Re: xmlrpc.php Wordpress abuse
I just experienced the same on one of our shared servers running ASL. ASL isn't blocking the attacks, server load average was hitting 4 (which isn't much but it was effecting dns for some reason) For the time being I've disabled access to xmlrpc.php by adding the following to the global apache conf....
- Mon Jul 27, 2015 3:29 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Blank configuration - all IP's shunned
- Replies: 2
- Views: 3892
Re: Blank configuration - all IP's shunned
Ive seen that happen when the filesystem runs out of space unless the server ran out of inodes, space can't be an issue [root@server1 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/md1 1.8T 310G 1.4T 18% / tmpfs 16G 12K 16G 1% /dev/shm /dev/md0 496M 107M 364M 23% /boot
- Fri Jul 24, 2015 3:24 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Blank configuration - all IP's shunned
- Replies: 2
- Views: 3892
Blank configuration - all IP's shunned
One of my servers stopped responding out of the blue, after a little troubleshooting it turned out that the server was blocking all IP's, couldnt even ping google from the server. When i tried to open ASL's panel it showed the following errors: Notice: Use of undefined constant EXIT_FATAL - assumed ...
- Wed Jul 01, 2015 4:11 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: TWAF tweaking
- Replies: 7
- Views: 6684
Re: TWAF tweaking
Apologies for the late reply.
TWAF and Varnish were running side by side on port 80.
Edit: Would changing settings in the tortixd.conf file at /var/asl/etc/httpd/conf help?
TWAF and Varnish were running side by side on port 80.
Edit: Would changing settings in the tortixd.conf file at /var/asl/etc/httpd/conf help?
- Thu Jun 25, 2015 1:36 am
- Forum: Atomic Protector (formerly ASL)
- Topic: TWAF tweaking
- Replies: 7
- Views: 6684
Re: TWAF tweaking
I don't follow.
The original setup had Nginx / PHP-FPM on port 8888 and Varnish & TWAF on port 80
The original setup had Nginx / PHP-FPM on port 8888 and Varnish & TWAF on port 80
- Wed Jun 24, 2015 1:15 am
- Forum: Atomic Protector (formerly ASL)
- Topic: TWAF tweaking
- Replies: 7
- Views: 6684
Re: TWAF tweaking
Initially I had it set up on port 80
- Tue Jun 23, 2015 3:03 am
- Forum: Atomic Protector (formerly ASL)
- Topic: TWAF tweaking
- Replies: 7
- Views: 6684
TWAF tweaking
I just setup TWAF along side Varnish on port 80 for a server, when I tested it myself things went fine but everything went haywire as soon as I redirected traffic to it. The pages took forever to load, when they loaded other times just an endless wait. So I removed TWAF from port 80 and everything g...