Atomicorp no longer provides a free delayed version of its ModSecurity Rule set

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
The OWASP rules are nice, but several of them cause TONS of false positives with most popular CMS software. By default they are very aggressive. I'd only recommend using the OWASP rules if you have an in-depth knowledge of white-listing, and have the ability and patience to fine-tune your own rule set.

If you're going to pay for ModSecuity rules though, the atomicorp rules are definitely worth it. As are the trustwave live updated rules. As far as good free rulesets go, with atomicorp pulling the plug (so to speak) I'm not aware of any other good options other than implementing the OWASP rules and being prepared to fine-tune them for your applications/users.
 
  • Like
Reactions: MaraBlue

jimlongo

Well-Known Member
Mar 20, 2008
242
20
68
That's not good news.

I guess there must be so many users of the free rules that Atomic feels they are losing a lot of income.

They should have done some marketing research.
Since they are removing this facility I'm sure it's going to make a lot of people (like me) feel burned. Maybe that's not a rational response, but i think this is human nature.

Right now I feel more inclined to purchase Trustwave's product at the same price.

Since Cpanel already has some relationship with Trustwave (purchase of SSL from within WHM) I'd suggest it would be nice if there was some kind of partnership with Trustwave for WAF rules.

And a partner discount would be extra nice. :D
 

sawbuck

Well-Known Member
Jan 18, 2004
1,365
8
168
cPanel Access Level
Root Administrator
Since they are removing this facility I'm sure it's going to make a lot of people (like me) feel burned. Maybe that's not a rational response, but i think this is human nature.
Agree. And without any prior notice at that.

Right now I feel more inclined to purchase Trustwave's product at the same price.
I'm seeing their pricing at $200 per server. Do you have other information?

Since Cpanel already has some relationship with Trustwave (purchase of SSL from within WHM) I'd suggest it would be nice if there was some kind of partnership with Trustwave for WAF rules.
+1 for that idea
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
A partnership for the trustwave rules would be amazing. Seeing as they actually maintain ModSecurity itself, their ruleset is quite impressive. They often add patches for things like new wordpress hacks within a day.
 

jimlongo

Well-Known Member
Mar 20, 2008
242
20
68
I'm seeing their pricing at $200 per server. Do you have other information?
Sorry, I was confused by the pricing - I believe the correct information is . . .
Atomic Rules -$100
Atomic Secured Linux - $200
Trustwave Rules - $200

So I guess the value proposition is do Trustwave Rules compete with ASL.



Question for both rulesets:
How are updates delivered?
 
Last edited:

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
I don't know how atomic delivers updates. With trustwave they give you an access key, and you can cron an update to download the new rules nightly with curl or wget.

Like I said before, Trustwave actually maintains ModSecurity itself, so I'd think their rules are comparable to the ASL rules. Both are very good rule sets though. I've installed the Trustwave rules for customers before and they looked pretty solid.
 

lbeachmike

Well-Known Member
Dec 27, 2001
306
1
316
Long Beach, NY
cPanel Access Level
Root Administrator
Greed is an amazing thing to me. I'm sure these guys were doing fine. I guess they don't really care about the security of the web - why care when you can profit more by not caring? They didn't really consider that there are many small fish out there who might not have the budget to buy a paid ruleset.

Due to the lack of any prior notice by GotRoot, I'd personally rather give my money to Trustwave.
 

mtindor

Well-Known Member
Sep 14, 2004
1,363
65
178
inside a catfish
cPanel Access Level
Root Administrator
Greed is an amazing thing to me. I'm sure these guys were doing fine. I guess they don't really care about the security of the web - why care when you can profit more by not caring? They didn't really consider that there are many small fish out there who might not have the budget to buy a paid ruleset.
I understand it may be difficult for a lot of admins to move on to a non-free ruleset (Atomicorp or other) or simply use what is currently available from the delayed rules knowing that it will no longer be updated. But your attitude really sucks.

Why in the world is it Atomicorp's job to provide a free service to the community? It isn't, plain and simple -- and it never has been. They've been very gracious. There are some other companies out there who are equally gracious, providing something for free that we really all should be paying for.

I have no idea what Atomicorp's current motivation is, and I have no clue what their original motivation was to provide free rules in the first place. The bottom line is that I'm grateful to them for providing such a comprehensive ruleset. Sure, many of the rules are specific to outdated applications that shouldn't exist on a server in this day and age, but the fact is those outdated applications do still exist in large quantities. I'm quite confident in saying that their rulesets (free or subscription based) have saved the asses of countless admins / companies over the years, including mine I'm sure.

I currently use the subscription-based rules on any servers that I manage for clients. $99 a pop isn't cheap by any stretch, but it's an absolute bargain when one considers the alternative. For each and every mess I didn't have to clean up because the rules blocked something, I've saved more than that in time and sanity.

I'm glad they are going remain in business providing subscription-based rulesets, and I wish them well with whatever plans they have in the future.

Mike
 

WhiteDog

Well-Known Member
Feb 19, 2008
142
6
68
I am facing a similar problem and decided to revert towards the Trustwave Paid Ruleset. I am also working on a free cPanel/WHM plugin to download, install and manage the Trustwave ruleset. If anyone is using them and is interested to try this plugin just send me a DM.
 

Tom Risager

Well-Known Member
Jul 10, 2012
116
6
18
Copenhagen, Denmark
cPanel Access Level
Root Administrator
The paid Atomicorp rules work quite well. The main issue I'm having is that they won't provide a download script, they would much rather have you purchase the complete ASL product, which includes automatic downloads. So you need to write your own download script (or install by hand).
 

WhiteDog

Well-Known Member
Feb 19, 2008
142
6
68
The paid Atomicorp rules work quite well. The main issue I'm having is that they won't provide a download script, they would much rather have you purchase the complete ASL product, which includes automatic downloads. So you need to write your own download script (or install by hand).
I'm doing a free and independent plugin for the Trustwave Rules (see screenshot) that manages this for you and more. I get great support from Trustwave on this as well. I hope to have this out in a week or so. If anyone is using cPanel and Trustwave, feel free to contact me and i'll send you the install instructions :)
 

Attachments

mtindor

Well-Known Member
Sep 14, 2004
1,363
65
178
inside a catfish
cPanel Access Level
Root Administrator
The paid Atomicorp rules work quite well. The main issue I'm having is that they won't provide a download script, they would much rather have you purchase the complete ASL product, which includes automatic downloads. So you need to write your own download script (or install by hand).
Tom,

Check into / ask them about the 'asl-lite'. I update all of my clients hosting servers manually. However, I have a couple [non shared hosting, single site] machines that I run asl-lite on. Once it is installed I simply run:

asl-lite -ck (to check for updates)
asl-lite -u (to update)

The asl-lite utility can update more than just modsec rules, but modsec rules are the only thing I purchase from Atomicorp and thus that's the only thing that gets updated when I run asl-lite.

Why haven't I used asl-lite on hosting servers? I'm sure. Laziness maybe. Or perhaps I didn't want to find out that there would be some issue that I would have to troubleshoot on cPanel hosting servers. So I didn't bother to install it.

I'm not even sure if asl-lite is still available. the version I have references old URLs when it tries to update, and I had to work around that by adding manual entries in my /etc/hosts file so that the URL that asl-lite called for updates actually pulled content from the correct Atomicorp servers.

At any rate, you might want to ask them about asl-lite if you already have a paid subscription.

Mike
 

markb14391

Well-Known Member
Jun 9, 2008
305
2
68
Has anyone here used the Comodo rules successfully? I have heard that they have some issues. Someone else also mentioned that they only seem to be the core rules, not actually Comodo's own creation.