Page 1 of 1
Fake bot alert level 14?
Posted: Fri Nov 01, 2013 2:23 pm
by faris
I was wondering why the various fake bot rules (e.g. fake Baidu, fake Googlebot) are set to level 14? Surely that's a "real and present danger" level, when I'd have thought this kind of bot is just an annoyance in terms of security.
Re: Fake bot alert level 14?
Posted: Fri Nov 01, 2013 2:36 pm
by mikeshinn
It typically is a method used to bypass WAFs and IDS systems. So it can be an indicator of a more serious type of attacker. You can always changes the levels if you disagree and prefer to treat these as less important.
Re: Fake bot alert level 14?
Posted: Sat Nov 02, 2013 8:58 am
by faris
Unfortunately changing alert levels on these doesn't work. Someone else mentioned a similar problem recently.
But with ASL 4 out any moment now, I guess it isn't worth the hassle of trying to figure out what's going on.
Re: Fake bot alert level 14?
Posted: Sat Nov 02, 2013 3:09 pm
by biggles
Not sure it's the same problem but I'm having a big trouble with rules sending email even if email is turned off and level lowered. In the support ticket I was told to update to ASL 4 which I have been running for two weeks now. The problem is still there and the support ticket isn't updated anymore. So don't be to sure this problem is solved in ASL 4...
Right now I'm receiving email notifications more or less 24 times a day which kind off makes them useless.
Re: Fake bot alert level 14?
Posted: Sat Nov 02, 2013 11:32 pm
by mikeshinn
The problem is still there and the support ticket isn't updated anymore.
Which case number are you referring to?
Re: Fake bot alert level 14?
Posted: Sun Nov 03, 2013 2:20 am
by biggles
Sorry, should of course included the case number, 29079
Re: Fake bot alert level 14?
Posted: Sun Nov 03, 2013 12:51 pm
by mikeshinn
Thank you. So that cases status is
Pending - Internal Input. That means the case is still being worked on, but there is nothing to share with you at this time. That does not mean the case is no longer being updated.
Case status explanations are included in the status change emails that are sent automatically and are also documented here:
https://www.atomicorp.com/wiki/index.ph ... ort_Status
Pending Internal Input: The customer support representative is consulting with a colleague for the next step in resolving your case. When additional information is available to share with you the status of the case will change, and information will be added to your case at that time.
I've added a note to your case to explain the status of the case as well:
There is no update to share at this time. The case is still open, and being worked on.
If you aren't sure of the status of a case, just check the label and that should inform you of its current disposition.
In this case, the status is: Pending Internal Input
that means there is no update to share with you this time, but the case is still being worked on. If you see that status it means the support team and developers are waiting on the results of something from each other or need additional information or test results from each other. In this case our developers are working on this issue. When there is an update to share with you, the status of the case will change and information will be added to the case.
Thank you for your query. You will find an explanation for what the status levels mean for any cases in the automatic email that is sent when you open a case, or online at the URL below:
https://www.atomicorp.com/wiki/index.ph ... ort_Status
So I can assure you, that when a case says Pending Internal Input that means the case is being worked on and it will be updated when there is new information to share with you. We apologize that we can not resolve all issues immediately, but please know we are working hard on this issue and will have it resolved soon.
Re: Fake bot alert level 14?
Posted: Mon Nov 04, 2013 10:50 am
by biggles
Thanks a lot for the explanation. The reason I though nothing was happening was that I had not seen any update for two weeks and even asked for the current status without any reply. When you get an email every hour you tend to loose patience quicker and actually thought it had been forgotten. I'm really sorry about that.