Page 1 of 2 12 LastLast
Results 1 to 25 of 28
  1. #1
    Join Date
    Oct 2010
    Posts
    5,079

    AtomiCorp withdraw delayed modsecurity rules

    Effective today, without notice (as far as I have gathered, anyway), AtomiCorp have withdrawn their free delayed ruleset.

    Additions and improvements made to the Atomicorp Realtime Modsecurity rule set have resulted in the Atomicorp Realtime Rule Set and the delayed rule set diverging over time.
    That's a strange statement to make. The realtime and delayed rules have always differed - by 3 months. Any improvements in the realtime rules will surely trickle through to the delayed rules exactly 3 months from the date they are made. So that can't be their reason.

    I'd guess, then, that their reason is commercial. Not enough people are paying for the commercial ruleset, so they're withdrawing the free option.

    The irony is that points in the opposite direction to the statement on their website. Their statement says that the realtime rules are so much better than the delayed ones that it no longer makes sense to offer the delayed ones. If people aren't paying for the realtime rules, that must mean that the realtime rules are not better enough for people to choose to pay for them.

    Anyone know any more?
    Not as active on WHT as I used to be, but still drop in and receive email notifications from here.
    My personal blog site: https://www.oakleys.org.uk/blog

  2. #2
    Join Date
    Sep 2010
    Location
    /usr/bin/fail
    Posts
    859
    Looks like its true.

    From the wiki..

    Free/Delayed Rules: A subset of the realtime rules, which were based on older version. This project was discontinued in October 2013.

    https://www.atomicorp.com/wiki/index...bout_the_rules

  3. #3
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,180
    That's really bad news. The delayed rules were perfect for securing mediocre sensitive web applications.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  4. #4
    Join Date
    Oct 2010
    Posts
    5,079
    It's true alright - I got it from https://www6.atomicorp.com/channels/rules/delayed/
    Not as active on WHT as I used to be, but still drop in and receive email notifications from here.
    My personal blog site: https://www.oakleys.org.uk/blog

  5. #5
    Join Date
    Oct 2010
    Posts
    5,079
    Anyone know how the OWASP rules compare (in effectively blocking malicious traffic without excessive false positives) to the (former) ASL delayed ruleset?
    Not as active on WHT as I used to be, but still drop in and receive email notifications from here.
    My personal blog site: https://www.oakleys.org.uk/blog

  6. #6
    Join Date
    Mar 2006
    Location
    Servers
    Posts
    1,590
    Quote Originally Posted by infinitnet View Post
    That's really bad news. The delayed rules were perfect for securing mediocre sensitive web applications.
    For fresh exploits you need fresh rules 3 months old are not going to safe a lot.
    QHoster.com - Web Hosting with DDoS Protection | Shared & Reseller in Europe/North America
    Linux/Windows RDP VPS 13 Locations : UK, US (5 states), Mexico, Canada, Bulgaria, Lithuania,
    Italy, France, Germany,Netherlands, Switzerland, Rissia, Singapore | OpenVPN/PPTP Enabled
    INSTANT | PayPal, Skrill, Payza, Bitcoin, WebMoney, Perfect Money, Ukash, CashU, paysafecard

  7. #7
    Join Date
    Sep 2013
    Location
    Canada
    Posts
    656
    Yeah would like to know about OWASP rules also. We are running on Atomic paid rules atm.
    Hostabulous 🔗 cPanel (Cloudlinux) & Plesk (Windows DC 2016) Hosting 🔗 R1Soft CDP backups
    No Gimmicks 🍁 Proudly Canadian

  8. #8
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,180
    The OWASP rules are less extensive and I had way more false positives with them. I rather recommend to continue using the delayed ones, even if they're discontinued, and eventually switch to the paid ASL ruleset.

    Quote Originally Posted by WebHostDog View Post
    For fresh exploits you need fresh rules 3 months old are not going to safe a lot.
    That's why I said only to protect mediocre sensitive information. And besides not every exploits needs a specific rule - there are a lot of generic rules/patterns, which can block all kinds of MySQL injections for instance. For example the delayed rules blocked every single one of the latest WHMCS exploits and therefore your statement isn't completely correct.
    Last edited by Infinitnet; 10-23-2013 at 06:10 PM.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  9. #9
    Join Date
    Jun 2006
    Location
    Calgary, Alberta
    Posts
    688
    Good thing I subscribed to the daily rules from ASL last week!

    Never really had any issues with the delayed rules, just figured id play it safe and get the daily's for the "oh my they did what" moments.

    Small price to pay for another added layer of peace of mind!

  10. #10
    Join Date
    Apr 2002
    Posts
    1,789
    This is unfortunate. I wonder what someone with a lot of servers is suppose to do. Say you have 100 servers, that's $1495/mo extra expense for those servers.

    Wondering if there is another entity that will come out and provide a free or considerably less expensive option.

  11. #11
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    Quote Originally Posted by SPaReK View Post
    This is unfortunate. I wonder what someone with a lot of servers is suppose to do. Say you have 100 servers, that's $1495/mo extra expense for those servers.
    If you have that many servers, I'd be talking to them about a discount; surely they can manage something...

    If this comes with a drop in the pricing of the paid rules, I'd understand it.

    (Personally I subscribe to the paid rules, think it's worth, but then I don't have 100 servers!)

  12. #12
    Join Date
    Oct 2010
    Posts
    5,079
    The announcement I linked to (see post #4 above) says

    For users of the delayed rule set, to ease the transition to the real time rule set or ASL, we do offer bulk quantity discounts.
    Not as active on WHT as I used to be, but still drop in and receive email notifications from here.
    My personal blog site: https://www.oakleys.org.uk/blog

  13. #13
    Join Date
    Jun 2008
    Location
    Canada
    Posts
    50
    Only issue I have with AtomiCorp, is the sign up process.

    Their password requirements isn't secure... Not allowed to have any special characters in the password field... Sure, it has to be 10 chars long. But really? No special characters! Disappointed with that.
    24hrs Server Support || 30 Days Money Back || 99.99% Uptime
    Web hosting for the advanced client!
    www.TheWebHosters.Net - PayPal accepted!!

  14. #14
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Quote Originally Posted by sh33pz View Post
    Only issue I have with AtomiCorp, is the sign up process.

    Their password requirements isn't secure... Not allowed to have any special characters in the password field... Sure, it has to be 10 chars long. But really? No special characters! Disappointed with that.
    I see you're in Canada. One of my bank accounts, with TD, used to have a maximum of 8 characters and only allowed letters and numbers in the password. I kid you not. Hopefully that has changed, but this was only a year or two ago.
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

  15. #15
    Join Date
    Jun 2008
    Location
    Canada
    Posts
    50
    Yes. There is another bank here, that has poor password requirements CIBC. Only comfort I have with them is, when you login from another device or a location that you haven't logged in before. They ask you, one of your secret questions.

    But still, every one should be allowing special questions and a very very long passwords. Of course, two factor auth be nice as well. Living a dream I guess haha
    24hrs Server Support || 30 Days Money Back || 99.99% Uptime
    Web hosting for the advanced client!
    www.TheWebHosters.Net - PayPal accepted!!

  16. #16
    Join Date
    Jun 2009
    Location
    /
    Posts
    370
    We will become more Vulnerable
    BD Web Services Since 2009
    cPanel and Plesk | CloudLinux | Node.JS | SSD Server | Daily Remote Backup | North America and Europe | Money Back Guarantee
    USA | Canada | Germany

  17. #17
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Quote Originally Posted by bdwebservices View Post
    We will become more Vulnerable
    Not necessarily.

    A lot of the older (delayed) rules contain plenty of generic protection for most vulnerabilities - especially SQLi and LFI/RFI type attacks. Like 90% of the Atomic rules were application specific for all kinds of random stuff that most people don't even use.
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

  18. #18
    Join Date
    Jun 2009
    Location
    /
    Posts
    370
    I think cPanel Inc. can make a partnership with AtomiCorp; and cPanel Inc can charge extra ($1/$2) for this and this is WIN/WIN situation.
    BD Web Services Since 2009
    cPanel and Plesk | CloudLinux | Node.JS | SSD Server | Daily Remote Backup | North America and Europe | Money Back Guarantee
    USA | Canada | Germany

  19. #19
    Join Date
    Oct 2010
    Posts
    5,079
    Really? If cPanel charged an extra $1 for Atomicorp's live ruleset, they'd pass on some of that (retaining a profit / brokerage fee) first. So Atomicorp get $0.50 because someone subscribed, instead of the $15 they charge directly.

    It's not going to happen.
    Not as active on WHT as I used to be, but still drop in and receive email notifications from here.
    My personal blog site: https://www.oakleys.org.uk/blog

  20. #20
    Join Date
    Sep 2000
    Location
    New York/USA
    Posts
    1,691
    Can't you technically pay for the rules for 1 server, then copy over the conf's to the other server (or even shared with others)? I don't condone this but it sounds possible for those who are balking at the sunsetting of the free rules.

  21. #21
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,180
    Quote Originally Posted by Patrick View Post
    Not necessarily.

    A lot of the older (delayed) rules contain plenty of generic protection for most vulnerabilities - especially SQLi and LFI/RFI type attacks. Like 90% of the Atomic rules were application specific for all kinds of random stuff that most people don't even use.
    Thanks for backing up what I said earlier in this thread. Some people don't seem to be aware of that.

    Quote Originally Posted by teck View Post
    Can't you technically pay for the rules for 1 server, then copy over the conf's to the other server (or even shared with others)? I don't condone this but it sounds possible for those who are balking at the sunsetting of the free rules.
    Yes, you could do that in theory, although I'm unsure if AtomiCorp would be happy about it.
    Last edited by Infinitnet; 10-24-2013 at 03:18 PM.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  22. #22
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Quote Originally Posted by infinitnet View Post
    Thanks for backing up what I said earlier in this thread. Some people don't seem to be aware of that.
    It wouldn't be WHT if it weren't for people skipping over important points in a thread.
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

  23. #23
    Hello,

    Does anyone have the latest modsec rules zip file? It will be useful until i decide about an alternative.

  24. #24
    Join Date
    Oct 2010
    Posts
    5,079
    Did the license to download the free (delayed) rules include permission to mirror / redistribute them, or did others who want them have to obtain them directly from AtomiCorp?
    Not as active on WHT as I used to be, but still drop in and receive email notifications from here.
    My personal blog site: https://www.oakleys.org.uk/blog

  25. #25
    Join Date
    Sep 2010
    Location
    /usr/bin/fail
    Posts
    859
    I looked all over the site and could not find anything...

    Then I looked in the file...

    # Distribution of this work or derivative of this work in any form is
    # prohibited unless prior written permission is obtained from the
    # copyright holder.

    So I took the file down.

Page 1 of 2 12 LastLast

Similar Threads

  1. Too many false positives with Atomicorp mod_security rules
    By CoolMike in forum Hosting Security and Technology
    Replies: 6
    Last Post: 11-07-2012, 07:17 PM
  2. Need help with updating Atomicorp mod_security rules
    By Oplactric in forum Hosting Security and Technology
    Replies: 2
    Last Post: 09-30-2012, 05:37 PM
  3. WHM with Atomicorp Mod Secure Rules
    By ukhost4u in forum Hosting Software and Control Panels
    Replies: 2
    Last Post: 06-30-2012, 11:33 AM
  4. modsecurity 2 - Negative rules and exception rules
    By hostinginsiders in forum Hosting Security and Technology
    Replies: 1
    Last Post: 07-20-2010, 08:38 AM
  5. Overactive modsecurity rules help
    By WestBend in forum Hosting Security and Technology
    Replies: 8
    Last Post: 03-28-2005, 03:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •