clear entire shun list
Posted: Wed Feb 25, 2015 7:31 pm
is there an easy way to clear the entire shun list?
Thanks
Thanks
Code: Select all
service ossec-hids restartPage 1 of 1
Re: clear entire shun list
Posted: Thu Feb 26, 2015 9:04 am
Yes, just restart the HIDS.
Re: clear entire shun list
Posted: Thu Feb 26, 2015 10:47 am
Thanks,
how about to clear the entire block list?
how about to clear the entire block list?
Re: clear entire shun list
Posted: Thu Feb 26, 2015 4:23 pm
That would clear the whole list. Unless you're talking about blacklists or geo?
Re: clear entire shun list
Posted: Thu Feb 26, 2015 4:33 pm
I'm talking about the Blocklist, I figured that was the same as the shunlist but after restarting the service you suggested it didn't change anything I still have 8745 sites blocked.
it seemed to do the restart ok.
it seemed to do the restart ok.
Re: clear entire shun list
Posted: Thu Feb 26, 2015 4:36 pm
8700 active responses, wow. 
Are you getting hit by a botnet or something?
Are you getting hit by a botnet or something?Re: clear entire shun list
Posted: Thu Feb 26, 2015 5:47 pm
I had the shun time set too high.
I do see a lot of attempts to hack some of our older websites using joomla. That is what prompted me to purchase your product.
I have to say there hasn't been one site hacked since I have put the ASL setup in place!
I'm taking some time now to learn more about it and tune things up.
I wish you would come up with an addition to the ASL to take care of spam.
Can you think of any reason that the restart wouldn't have cleared out the list?
I do see a lot of attempts to hack some of our older websites using joomla. That is what prompted me to purchase your product.
I have to say there hasn't been one site hacked since I have put the ASL setup in place!
I'm taking some time now to learn more about it and tune things up.
I wish you would come up with an addition to the ASL to take care of spam.
Can you think of any reason that the restart wouldn't have cleared out the list?
Re: clear entire shun list
Posted: Thu Feb 26, 2015 6:41 pm
Were you thinking of email spam, web spam or both?I wish you would come up with an addition to the ASL to take care of spam.
Re: clear entire shun list
Posted: Thu Feb 26, 2015 8:11 pm
Email spam,
I am currently using Mailscanner with spamassassin and clamav and it just doesn't seem to get the job done unless you sit there all day and tinker with it.
I am currently using Mailscanner with spamassassin and clamav and it just doesn't seem to get the job done unless you sit there all day and tinker with it.
Re: clear entire shun list
Posted: Thu Mar 05, 2015 8:48 pm
Even after resetting several times I still have over 9000 ip's on the blocked list.
Is there something else I can do to clear that list?
Is there something else I can do to clear that list?
Re: clear entire shun list
Posted: Thu Mar 05, 2015 9:41 pm
That's odd. You may want to report this to ASL support as that should not be happening!
That said, I have seen it from time to time (and reported it).
Usually the following works for me to clear the "stuck" blocked IP addresses:
If that doesn't work:
That said, I have seen it from time to time (and reported it).
Usually the following works for me to clear the "stuck" blocked IP addresses:
Code: Select all
service asl-firewall restartCode: Select all
sqlite3 /var/ossec/var/execd.sqlite "delete from ar;" && service asl-firewall restart && service ossec-hids restartRe: clear entire shun list
Posted: Thu Mar 05, 2015 9:53 pm
thanks for the reply,
I have tried both of those commands and neither of them cleared the list.
the restarts all came back as ok.
I guess I will put in a ticket.
I have tried both of those commands and neither of them cleared the list.
the restarts all came back as ok.
I guess I will put in a ticket.