As the title states and out of the blue.
https://www3.atomicorp.com/channels/rules/delayed/
Anyone with alternate ideas on this one?
https://www3.atomicorp.com/channels/rules/delayed/
Anyone with alternate ideas on this one?
Hello 
In addition to the default rules provided by cPanel, the following resource may be helpful to you:
OWASP Core Rules Project
Thank you.
In addition to the default rules provided by cPanel, the following resource may be helpful to you:
OWASP Core Rules Project
Thank you.
The OWASP rules are nice, but several of them cause TONS of false positives with most popular CMS software. By default they are very aggressive. I'd only recommend using the OWASP rules if you have an in-depth knowledge of white-listing, and have the ability and patience to fine-tune your own rule set.
If you're going to pay for ModSecuity rules though, the atomicorp rules are definitely worth it. As are the trustwave live updated rules. As far as good free rulesets go, with atomicorp pulling the plug (so to speak) I'm not aware of any other good options other than implementing the OWASP rules and being prepared to fine-tune them for your applications/users.
If you're going to pay for ModSecuity rules though, the atomicorp rules are definitely worth it. As are the trustwave live updated rules. As far as good free rulesets go, with atomicorp pulling the plug (so to speak) I'm not aware of any other good options other than implementing the OWASP rules and being prepared to fine-tune them for your applications/users.
That's not good news.
I guess there must be so many users of the free rules that Atomic feels they are losing a lot of income.
They should have done some marketing research.
Since they are removing this facility I'm sure it's going to make a lot of people (like me) feel burned. Maybe that's not a rational response, but i think this is human nature.
Right now I feel more inclined to purchase Trustwave's product at the same price.
Since Cpanel already has some relationship with Trustwave (purchase of SSL from within WHM) I'd suggest it would be nice if there was some kind of partnership with Trustwave for WAF rules.
And a partner discount would be extra nice. :D
I guess there must be so many users of the free rules that Atomic feels they are losing a lot of income.
They should have done some marketing research.
Since they are removing this facility I'm sure it's going to make a lot of people (like me) feel burned. Maybe that's not a rational response, but i think this is human nature.
Right now I feel more inclined to purchase Trustwave's product at the same price.
Since Cpanel already has some relationship with Trustwave (purchase of SSL from within WHM) I'd suggest it would be nice if there was some kind of partnership with Trustwave for WAF rules.
And a partner discount would be extra nice. :D
Agree. And without any prior notice at that.
I'm seeing their pricing at $200 per server. Do you have other information?
+1 for that idea
A partnership for the trustwave rules would be amazing. Seeing as they actually maintain ModSecurity itself, their ruleset is quite impressive. They often add patches for things like new wordpress hacks within a day.
Sorry, I was confused by the pricing - I believe the correct information is . . .
Atomic Rules -$100
Atomic Secured Linux - $200
Trustwave Rules - $200
So I guess the value proposition is do Trustwave Rules compete with ASL.
Question for both rulesets:
How are updates delivered?
Last edited:
I don't know how atomic delivers updates. With trustwave they give you an access key, and you can cron an update to download the new rules nightly with curl or wget.
Like I said before, Trustwave actually maintains ModSecurity itself, so I'd think their rules are comparable to the ASL rules. Both are very good rule sets though. I've installed the Trustwave rules for customers before and they looked pretty solid.
Like I said before, Trustwave actually maintains ModSecurity itself, so I'd think their rules are comparable to the ASL rules. Both are very good rule sets though. I've installed the Trustwave rules for customers before and they looked pretty solid.
Infopro
Well-Known Member
The docs might be helpful to you:
ModSecurity Rules and Support Services - Trustwave Documentation
Upgrading ASL - Atomicorp Documentation
ModSecurity Rules and Support Services - Trustwave Documentation
Upgrading ASL - Atomicorp Documentation
Greed is an amazing thing to me. I'm sure these guys were doing fine. I guess they don't really care about the security of the web - why care when you can profit more by not caring? They didn't really consider that there are many small fish out there who might not have the budget to buy a paid ruleset.
Due to the lack of any prior notice by GotRoot, I'd personally rather give my money to Trustwave.
Due to the lack of any prior notice by GotRoot, I'd personally rather give my money to Trustwave.
Re: ModSecurity Auto Updater
ASL Free rules, good bye!
ASL has decided to get rid of the delayed free rules, you can read the info at:
http://updates.atomicorp.com/channels/rules/delayed/
We will miss this contribution to the community.
Just want to say thank you, as I have used them and they will be missed.
ASL Free rules, good bye!
ASL has decided to get rid of the delayed free rules, you can read the info at:
http://updates.atomicorp.com/channels/rules/delayed/
We will miss this contribution to the community.
Just want to say thank you, as I have used them and they will be missed.
I understand it may be difficult for a lot of admins to move on to a non-free ruleset (Atomicorp or other) or simply use what is currently available from the delayed rules knowing that it will no longer be updated. But your attitude really sucks.
Why in the world is it Atomicorp's job to provide a free service to the community? It isn't, plain and simple -- and it never has been. They've been very gracious. There are some other companies out there who are equally gracious, providing something for free that we really all should be paying for.
I have no idea what Atomicorp's current motivation is, and I have no clue what their original motivation was to provide free rules in the first place. The bottom line is that I'm grateful to them for providing such a comprehensive ruleset. Sure, many of the rules are specific to outdated applications that shouldn't exist on a server in this day and age, but the fact is those outdated applications do still exist in large quantities. I'm quite confident in saying that their rulesets (free or subscription based) have saved the asses of countless admins / companies over the years, including mine I'm sure.
I currently use the subscription-based rules on any servers that I manage for clients. $99 a pop isn't cheap by any stretch, but it's an absolute bargain when one considers the alternative. For each and every mess I didn't have to clean up because the rules blocked something, I've saved more than that in time and sanity.
I'm glad they are going remain in business providing subscription-based rulesets, and I wish them well with whatever plans they have in the future.
Mike
I am facing a similar problem and decided to revert towards the Trustwave Paid Ruleset. I am also working on a free cPanel/WHM plugin to download, install and manage the Trustwave ruleset. If anyone is using them and is interested to try this plugin just send me a DM.
The paid Atomicorp rules work quite well. The main issue I'm having is that they won't provide a download script, they would much rather have you purchase the complete ASL product, which includes automatic downloads. So you need to write your own download script (or install by hand).
I'm doing a free and independent plugin for the Trustwave Rules (see screenshot) that manages this for you and more. I get great support from Trustwave on this as well. I hope to have this out in a week or so. If anyone is using cPanel and Trustwave, feel free to contact me and i'll send you the install instructions
Attachments
Tom,
Check into / ask them about the 'asl-lite'. I update all of my clients hosting servers manually. However, I have a couple [non shared hosting, single site] machines that I run asl-lite on. Once it is installed I simply run:
asl-lite -ck (to check for updates)
asl-lite -u (to update)
The asl-lite utility can update more than just modsec rules, but modsec rules are the only thing I purchase from Atomicorp and thus that's the only thing that gets updated when I run asl-lite.
Why haven't I used asl-lite on hosting servers? I'm sure. Laziness maybe. Or perhaps I didn't want to find out that there would be some issue that I would have to troubleshoot on cPanel hosting servers. So I didn't bother to install it.
I'm not even sure if asl-lite is still available. the version I have references old URLs when it tries to update, and I had to work around that by adding manual entries in my /etc/hosts file so that the URL that asl-lite called for updates actually pulled content from the correct Atomicorp servers.
At any rate, you might want to ask them about asl-lite if you already have a paid subscription.
Mike
Has anyone here used the Comodo rules successfully? I have heard that they have some issues. Someone else also mentioned that they only seem to be the core rules, not actually Comodo's own creation.
Sounded like there had to be a catch. Sounds to me like they want to get you using their plug-in and then sell you additional services.
Has anybody tried the plug-in yet?
Has anybody tried the plug-in yet?
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| F | AUTOSSL No longer renewing SSL Certificates | Security | 1 | |
| D | AutoSSL no longer working with Cloudflare | Security | 12 | |
| I | ConfigServer or Atomicorp? | Security | 2 | |
| J | Migrate from Atomicorp Rules (AUM) to OWASP | Security | 5 | |
| O | ModSec AtomiCorp | Security | 7 |