store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Wed Jun 19, 2013 11:55 am

View unanswered posts | View active topics


Board index » Customer Support Forums » Atomic Secured Linux Feature Requests

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 7 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
premierhosting
 Post subject: Drupal dblog
Unread postPosted: Tue Apr 19, 2011 2:33 am 
Offline
Forum Regular
Forum Regular

Joined: Wed Aug 04, 2010 2:52 pm
Posts: 257
Monitor drupal's dblog for crawler access patterns. Perhaps it's all happening in log monitoring as it is, but it might help.
Top
 Profile  
 
mikeshinn
 Post subject: Re: Drupal dblog
Unread postPosted: Tue Apr 19, 2011 10:04 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3264
Location: Chantilly, VA
Can you expand on this a little? What you like to monitor for, and what would the action be?

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
premierhosting
 Post subject: Re: Drupal dblog
Unread postPosted: Tue Apr 19, 2011 2:14 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Aug 04, 2010 2:52 pm
Posts: 257
For example, you can watch the dblog and see the accesses from scanners looking for vulnerable scripts. Might be a good way to blacklist evils.
Top
 Profile  
 
mikeshinn
 Post subject: Re: Drupal dblog
Unread postPosted: Tue Apr 19, 2011 3:57 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3264
Location: Chantilly, VA
Quote:
For example, you can watch the dblog and see the accesses from scanners looking for vulnerable scripts. Might be a good way to blacklist evils.


OK, I understand now. There are rules in modsecurity to detect and stop things like that, do you have specific examples that are not being blocked?

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
premierhosting
 Post subject: Re: Drupal dblog
Unread postPosted: Tue Apr 19, 2011 6:00 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Aug 04, 2010 2:52 pm
Posts: 257
Not that I know of. Sound like its being covered.
Top
 Profile  
 
mikeshinn
 Post subject: Re: Drupal dblog
Unread postPosted: Tue Apr 19, 2011 6:03 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3264
Location: Chantilly, VA
Should be, but we're only human so if you find anything we are missing please let us know. We'll get right on it.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
premierhosting
 Post subject: Re: Drupal dblog
Unread postPosted: Tue Apr 19, 2011 6:11 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Aug 04, 2010 2:52 pm
Posts: 257
You're doing great.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 7 posts ] 

Board index » Customer Support Forums » Atomic Secured Linux Feature Requests

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group