Skip to main content

immunify360 only 1 "incident" in hours of time

rscalover
Hello, I was using comodo CWAF worked fine for me for months i even fixed there broken cPanel plugin (see Comodo CWAF cPanel plugin broken howto fix it ? - Free Modsecurity rules - Comodo Web Application Firewall) but after being unable to login to my CWAF account i was pissed i told them they didn't even reply no problem after all CWAF was a free product but it annoyed me they didn't even tell me why i couldn't login so to make a long story short i threw comodo out and purchased immunify360 but i'm skeptical it is running for hours already and it detected only 1 "incident" unusual with commodo i had several hits of bad guys trying todo bad things (but failed) that bad guys cannot be "magically disappaered" no security software is that good i do not believe in that so what is happening here ? .I want to see when people are trying bad things on my server only normal.

Comments

5 comments

Date Votes
  • cPDavidL
    Hello @rscalover ! That certainly does seem suspect. Is there a particular attack vector that you were seeing previously thwarted, which is not being logged? i.e., what rules were you seeing triggered under Comodo?
    0
  • rscalover
    Hello, Yes when comodo was still active i got quite a few remote file includes and remote code execution (bug in PHPunit) attempts .The detected accidents have gone up from 1 to 3 but what worries me is i tryed this absolutely not normal behavior.
    0
  • cPDavidL
    Thank you for your update, @rscalover . I'm sure the support crew will get it sorted for you.
    0
  • rscalover
    Hello, Turns out proactive defense does work it just wasn't enabled i feel like an idiot for blaming the product while it was my error .... The mod_security thing is still not working imunify requested SSH access so i gave them friendlly dudes over there .
    0
  • ankeshanand
    Imunify360 is a perfect solution for Server Defense from Attacks. By Default, It blocks around 31000 IP Addresses to their Greylist which had been suspicious before. Maybe, the person who attacked your server already got into the Blacklist. Don't forget to enable the Proactive Defense in Kill Mode so that Internal Files can be montiored real-time
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post