Atomicorp no longer provides a free delayed version of its ModSecurity Rule set
-
Hello :) In addition to the default rules provided by cPanel, the following resource may be helpful to you: OWASP Core Rules Project Thank you. 0 -
The OWASP rules are nice, but several of them cause TONS of false positives with most popular CMS software. By default they are very aggressive. I'd only recommend using the OWASP rules if you have an in-depth knowledge of white-listing, and have the ability and patience to fine-tune your own rule set. If you're going to pay for ModSecuity rules though, the atomicorp rules are definitely worth it. As are the trustwave live updated rules. As far as good free rulesets go, with atomicorp pulling the plug (so to speak) I'm not aware of any other good options other than implementing the OWASP rules and being prepared to fine-tune them for your applications/users. 0 -
That's not good news. I guess there must be so many users of the free rules that Atomic feels they are losing a lot of income. They should have done some marketing research. Since they are removing this facility I'm sure it's going to make a lot of people (like me) feel burned. Maybe that's not a rational response, but i think this is human nature. Right now I feel more inclined to purchase Trustwave's product at the same price. Since Cpanel already has some relationship with Trustwave (purchase of SSL from within WHM) I'd suggest it would be nice if there was some kind of partnership with Trustwave for WAF rules. And a partner discount would be extra nice. :D 0 -
[quote="jimlongo, post: 1490561">Since they are removing this facility I'm sure it's going to make a lot of people (like me) feel burned. Maybe that's not a rational response, but i think this is human nature.
Agree. And without any prior notice at that. [QUOTE]Right now I feel more inclined to purchase Trustwave's product at the same price.
I'm seeing their pricing at $200 per server. Do you have other information? [QUOTE]Since Cpanel already has some relationship with Trustwave (purchase of SSL from within WHM) I'd suggest it would be nice if there was some kind of partnership with Trustwave for WAF rules.
+1 for that idea0 -
A partnership for the trustwave rules would be amazing. Seeing as they actually maintain ModSecurity itself, their ruleset is quite impressive. They often add patches for things like new wordpress hacks within a day. 0 -
[quote="sawbuck, post: 1490672">I'm seeing their pricing at $200 per server. Do you have other information?
Sorry, I was confused by the pricing - I believe the correct information is . . . Atomic Rules -$100 Atomic Secured Linux - $200 Trustwave Rules - $200 So I guess the value proposition is do Trustwave Rules compete with ASL. Question for both rulesets: How are updates delivered?0 -
I don't know how atomic delivers updates. With trustwave they give you an access key, and you can cron an update to download the new rules nightly with curl or wget. Like I said before, Trustwave actually maintains ModSecurity itself, so I'd think their rules are comparable to the ASL rules. Both are very good rule sets though. I've installed the Trustwave rules for customers before and they looked pretty solid. 0 -
The docs might be helpful to you: ModSecurity Rules and Support Services - Trustwave Documentation Upgrading ASL - Atomicorp Documentation 0 -
Greed is an amazing thing to me. I'm sure these guys were doing fine. I guess they don't really care about the security of the web - why care when you can profit more by not caring? They didn't really consider that there are many small fish out there who might not have the budget to buy a paid ruleset. Due to the lack of any prior notice by GotRoot, I'd personally rather give my money to Trustwave. 0 -
[quote="lbeachmike, post: 1491272">Greed is an amazing thing to me. I'm sure these guys were doing fine. I guess they don't really care about the security of the web - why care when you can profit more by not caring? They didn't really consider that there are many small fish out there who might not have the budget to buy a paid ruleset.
I understand it may be difficult for a lot of admins to move on to a non-free ruleset (Atomicorp or other) or simply use what is currently available from the delayed rules knowing that it will no longer be updated. But your attitude really sucks. Why in the world is it Atomicorp's job to provide a free service to the community? It isn't, plain and simple -- and it never has been. They've been very gracious. There are some other companies out there who are equally gracious, providing something for free that we really all should be paying for. I have no idea what Atomicorp's current motivation is, and I have no clue what their original motivation was to provide free rules in the first place. The bottom line is that I'm grateful to them for providing such a comprehensive ruleset. Sure, many of the rules are specific to outdated applications that shouldn't exist on a server in this day and age, but the fact is those outdated applications do still exist in large quantities. I'm quite confident in saying that their rulesets (free or subscription based) have saved the asses of countless admins / companies over the years, including mine I'm sure. I currently use the subscription-based rules on any servers that I manage for clients. $99 a pop isn't cheap by any stretch, but it's an absolute bargain when one considers the alternative. For each and every mess I didn't have to clean up because the rules blocked something, I've saved more than that in time and sanity. I'm glad they are going remain in business providing subscription-based rulesets, and I wish them well with whatever plans they have in the future. Mike0 -
I am facing a similar problem and decided to revert towards the Trustwave Paid Ruleset. I am also working on a free cPanel/WHM plugin to download, install and manage the Trustwave ruleset. If anyone is using them and is interested to try this plugin just send me a DM. 0 -
The paid Atomicorp rules work quite well. The main issue I'm having is that they won't provide a download script, they would much rather have you purchase the complete ASL product, which includes automatic downloads. So you need to write your own download script (or install by hand). 0 -
[quote="Tom Risager, post: 1501341">The paid Atomicorp rules work quite well. The main issue I'm having is that they won't provide a download script, they would much rather have you purchase the complete ASL product, which includes automatic downloads. So you need to write your own download script (or install by hand).
I'm doing a free and independent plugin for the Trustwave Rules (see screenshot) that manages this for you and more. I get great support from Trustwave on this as well. I hope to have this out in a week or so. If anyone is using cPanel and Trustwave, feel free to contact me and i'll send you the install instructions :)0 -
[quote="Tom Risager, post: 1501341">The paid Atomicorp rules work quite well. The main issue I'm having is that they won't provide a download script, they would much rather have you purchase the complete ASL product, which includes automatic downloads. So you need to write your own download script (or install by hand).
Tom, Check into / ask them about the 'asl-lite'. I update all of my clients hosting servers manually. However, I have a couple [non shared hosting, single site] machines that I run asl-lite on. Once it is installed I simply run: asl-lite -ck (to check for updates) asl-lite -u (to update) The asl-lite utility can update more than just modsec rules, but modsec rules are the only thing I purchase from Atomicorp and thus that's the only thing that gets updated when I run asl-lite. Why haven't I used asl-lite on hosting servers? I'm sure. Laziness maybe. Or perhaps I didn't want to find out that there would be some issue that I would have to troubleshoot on cPanel hosting servers. So I didn't bother to install it. I'm not even sure if asl-lite is still available. the version I have references old URLs when it tries to update, and I had to work around that by adding manual entries in my /etc/hosts file so that the URL that asl-lite called for updates actually pulled content from the correct Atomicorp servers. At any rate, you might want to ask them about asl-lite if you already have a paid subscription. Mike0 -
Has anyone here used the Comodo rules successfully? I have heard that they have some issues. Someone else also mentioned that they only seem to be the core rules, not actually Comodo's own creation. 0 -
Sounded like there had to be a catch. Sounds to me like they want to get you using their plug-in and then sell you additional services. Has anybody tried the plug-in yet? 0 -
[quote="lbeachmike, post: 1675821">Sounded like there had to be a catch. Sounds to me like they want to get you using their plug-in and then sell you additional services. Has anybody tried the plug-in yet?
I downloaded the rules, the comments basically say they're "modified or changed from the CRS." Take that as you will; the rule ID numbers are still in the 200,000 to 299,999 range which is reserved for the CRS / Modsecurity.org rules. I didn't try the plug-in since I wasn't impressed with the content of the rule set. I agree they're probably just trying to get their name out more to sell people additional services.0 -
From Comdo staff: [QUOTE]Comodo has own rules, at this phase they are contains reprocessed core rules with reduced False Positives as CWAF rules part. 0 -
If they're their own rules why do the files state they are just modified from the CRS? And why are the rule ID's in the reserved ID range for modsecurity.org? I'm not "buying" it. 0 -
We have been working with Comodo for a long time and I am pretty hesitant to use them with anything marked "free". There is always a catch. This looks intriguing but I am wondering what happens after the first free year? Can the license be used on more than one server? [quote="lostinspace, post: 1674802">Try 0 -
[quote="WhiteDog, post: 1501401">I'm doing a free and independent plugin for the Trustwave Rules (see screenshot) that manages this for you and more. I get great support from Trustwave on this as well. I hope to have this out in a week or so. If anyone is using cPanel and Trustwave, feel free to contact me and i'll send you the install instructions :)
whitedog, we're curious about your cpanel/trustwave tech. are you still working on it? we'd like to install it and test trustwave's waf ruleset. thx, complexi0 -
I would be on board with getting a new plugin going that actually works with RUID2 and its rising usage. 0 -
There are a lot of nice changes for modsecurity management via WHM in 11.46 with more to come in 11.48. I can't say much more than that, but 3rd party plugins for managing modsec will probably become a thing of the past for most people. 0
Please sign in to leave a comment.
Comments
29 comments