is there an easy way to clear the entire shun list?
Thanks
clear entire shun list
Re: clear entire shun list
Yes, just restart the HIDS.
Code: Select all
service ossec-hids restartLemonbit Internet Dedicated Server Management
Re: clear entire shun list
Thanks,
how about to clear the entire block list?
how about to clear the entire block list?
-
scott
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: clear entire shun list
That would clear the whole list. Unless you're talking about blacklists or geo?
Re: clear entire shun list
I'm talking about the Blocklist, I figured that was the same as the shunlist but after restarting the service you suggested it didn't change anything I still have 8745 sites blocked.
it seemed to do the restart ok.
it seemed to do the restart ok.
-
scott
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: clear entire shun list
8700 active responses, wow. 
Are you getting hit by a botnet or something?
Are you getting hit by a botnet or something?Re: clear entire shun list
I had the shun time set too high.
I do see a lot of attempts to hack some of our older websites using joomla. That is what prompted me to purchase your product.
I have to say there hasn't been one site hacked since I have put the ASL setup in place!
I'm taking some time now to learn more about it and tune things up.
I wish you would come up with an addition to the ASL to take care of spam.
Can you think of any reason that the restart wouldn't have cleared out the list?
I do see a lot of attempts to hack some of our older websites using joomla. That is what prompted me to purchase your product.
I have to say there hasn't been one site hacked since I have put the ASL setup in place!
I'm taking some time now to learn more about it and tune things up.
I wish you would come up with an addition to the ASL to take care of spam.
Can you think of any reason that the restart wouldn't have cleared out the list?
-
mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: clear entire shun list
Were you thinking of email spam, web spam or both?I wish you would come up with an addition to the ASL to take care of spam.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: clear entire shun list
Email spam,
I am currently using Mailscanner with spamassassin and clamav and it just doesn't seem to get the job done unless you sit there all day and tinker with it.
I am currently using Mailscanner with spamassassin and clamav and it just doesn't seem to get the job done unless you sit there all day and tinker with it.
Re: clear entire shun list
Even after resetting several times I still have over 9000 ip's on the blocked list.
Is there something else I can do to clear that list?
Is there something else I can do to clear that list?
Re: clear entire shun list
That's odd. You may want to report this to ASL support as that should not be happening!
That said, I have seen it from time to time (and reported it).
Usually the following works for me to clear the "stuck" blocked IP addresses:
If that doesn't work:
That said, I have seen it from time to time (and reported it).
Usually the following works for me to clear the "stuck" blocked IP addresses:
Code: Select all
service asl-firewall restartCode: Select all
sqlite3 /var/ossec/var/execd.sqlite "delete from ar;" && service asl-firewall restart && service ossec-hids restartLemonbit Internet Dedicated Server Management
Re: clear entire shun list
thanks for the reply,
I have tried both of those commands and neither of them cleared the list.
the restarts all came back as ok.
I guess I will put in a ticket.
I have tried both of those commands and neither of them cleared the list.
the restarts all came back as ok.
I guess I will put in a ticket.