Search found 112 matches
- Thu Jan 29, 2015 4:17 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: High mysql load on a high traffic server
- Replies: 7
- Views: 8221
Re: High mysql load on a high traffic server
I couldn't run the tests on the main server so i moved the db to a vps with nothing else on it, but on the main server the load usually is at 40-50%. I've changed ASL's dbhost IP to this VPS to troubleshoot. Here's the config on the vps: [mysqld] bind-address=127.0.0.1 local-infile=0 datadir=/var/li...
- Thu Jan 29, 2015 8:47 am
- Forum: Atomic Protector (formerly ASL)
- Topic: High mysql load on a high traffic server
- Replies: 7
- Views: 8221
High mysql load on a high traffic server
Hey, I've recently noticed that ASL took 15 minutes to load on a high traffic server. Htop shows multiple threads of mysql running at 100%. I ran show full processlist in mysql and this is what is constantly running. Note: The IP keeps changing everytime I run the command mysql> show full processlis...
- Wed Jan 28, 2015 4:21 am
- Forum: Atomic Protector (formerly ASL)
- Topic: tortix db has hard coded referrences
- Replies: 0
- Views: 3591
tortix db has hard coded referrences
Hey, I'd like to have the option to consolidate all the ASL db's for my servers on to one server. I just tried it with the latest build and it has hard coded referrences to tables. I tried going through the dump of the database but could't make out, found two instances while it was creating triggers...
- Mon Jan 19, 2015 3:24 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Wordpress compromised
- Replies: 6
- Views: 9866
Re: Wordpress compromised
This is weird, clamscan now reads all the files as malicious after running aum -u. I distinctly remember that the first thing I did after receiving the email from my DC was to update ASL via the GUI. But my virus definition DB still contains fewer definitions than your post: ----------- SCAN SUMMARY...
- Fri Jan 16, 2015 7:18 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Wordpress compromised
- Replies: 6
- Views: 9866
Re: Wordpress compromised
Here's a zip of the all the directories I could find: http://128.199.79.58/hacked.tar
edit:It appears my clamav definition database contains fewer signatures than yours, I'm off by 266039 signatures.
edit:It appears my clamav definition database contains fewer signatures than yours, I'm off by 266039 signatures.
- Wed Jan 14, 2015 5:44 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Wordpress compromised
- Replies: 6
- Views: 9866
Re: Wordpress compromised
I'm running the ASL kernel. I just checked, it seems that I had the real time scanner disabled. I run a WHM / cPanel server so all the web directories are located inside /home/. Shall I add this path to the real time scanner? edit: I ran the malware scanner manually on the directory where I quaranti...
- Wed Jan 14, 2015 4:24 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Wordpress compromised
- Replies: 6
- Views: 9866
Wordpress compromised
Hello, I received an email from my DC recently saying that a website I host was compromised. The wordpress site wasn't defaced but I found that the attacker had created various directories at the root with php scripts inside redirecting users elsewhere. The following is the content of one of the ind...
- Tue Oct 28, 2014 2:10 am
- Forum: Atomic Protector (formerly ASL)
- Topic: trigger error on new install
- Replies: 0
- Views: 3837
trigger error on new install
Hey all, Just installed ASL on a brand new server and was welcome by these, any ideas? 2 63 c_web::_init_tables CREATE TRIGGER tortix.before_alert_insert BEFORE INSERT ON alert FOR EACH ROW BEGIN IF (((SELECT code FROM aslw_geo_range WHERE NEW.src_ip BETWEEN ip_start AND ip_end ORDER BY ip_start DES...
- Fri Aug 08, 2014 8:52 am
- Forum: Atomic Protector (formerly ASL)
- Topic: local ISP DNS server's being blocked
- Replies: 1
- Views: 4633
local ISP DNS server's being blocked
Hey, After bashing my head on several walls I've somewhat been able to find the problem. My clients keep complaining that they have trouble accessing services hosted with me, I was troubleshooting a client where I noticed that the ISP provided DNS servers were not resolving any domain on my server a...
- Thu Jul 24, 2014 7:34 am
- Forum: Atomic Protector (formerly ASL)
- Topic: my.cnf issue - mysql load exceeding 200%
- Replies: 6
- Views: 8516
Re: my.cnf issue - mysql load exceeding 200%
The thing is, once i put in the modified config the issue persists even if I revert to the original config. Is percona really restarting when you restart after changing the config? It might be worth checking. And the line that stands out to me is the 10Gb key buffer size. That's massive unless you ...
- Thu Jul 17, 2014 2:25 am
- Forum: Atomic Protector (formerly ASL)
- Topic: my.cnf issue - mysql load exceeding 200%
- Replies: 6
- Views: 8516
Re: my.cnf issue - mysql load exceeding 200%
The thing is, once i put in the modified config the issue persists even if I revert to the original config.
- Tue Jul 15, 2014 2:47 am
- Forum: Atomic Protector (formerly ASL)
- Topic: my.cnf issue - mysql load exceeding 200%
- Replies: 6
- Views: 8516
my.cnf issue - mysql load exceeding 200%
Hey, A couple of weeks ago I made a thread about running ASL on a server with Percona 5.6 and then I experienced problems with ASL being unresponsive and support identified that mysql was hitting ~200%. Turns out it was a problem with the my.cnf I was using. ASL works fine with the following, defaul...
- Tue Jul 15, 2014 2:41 am
- Forum: Atomic Protector (formerly ASL)
- Topic: IP's from one particular ISP being shunned
- Replies: 1
- Views: 3974
IP's from one particular ISP being shunned
Hey, I've been experiencing an issue for the past couple of months, at first I was the only one with the issue so I resorted to using VPN's to get around it. But this time a client is experiencing the issue. The problem is that random IP's from one of our local ISP's keep getting shunned by ASL, I'v...
- Wed Jul 02, 2014 1:32 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Security Events logging stops after update
- Replies: 3
- Views: 6000
Re: Security Events logging stops after update
I tried posting the output from the log but ASL on the forum kicked me out I've removed parts from the error log which I thought may get blocked again Output from /var/ossec/logs/ossec.log says: ERROR: Queue '/queue/alerts/ar' not accessible: 'Connection refused'. ossec-analysisd(1301): ERROR: Unabl...
- Wed Jul 02, 2014 4:08 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Security Events logging stops after update
- Replies: 3
- Views: 6000
Security Events logging stops after update
I've noticed that events stop being logged every time I update ASL, I usually need to reboot to get it to work again.