Atomic ModSecurity Rules FAQ
Help! I need help!
See the Atomic ModSecurity Rules Support page for instructions on contacting support, opening a case and other tools you can use to get assistance.
What is included with the support , what is your approx response time?
Email based support, within 4 hours of the request during normal business hours which are monday-friday from 9am - 5pm EST except on US Federal Holidays.
For extended support customers, the response time is dictated in the support contract and includes after hours support, and may include 24/7 support depending on the support contract.
What are your normal support hours?
Support business hours are 09:00 AM to 05:00 PM, US Eastern Time, Monday through Friday, excluding US holidays.
Our holiday schedule:
2010
- Friday, January 1 New Year’s Day
- Monday, January 18 Birthday of Martin Luther King, Jr.
- Monday, February 15 Washington’s Birthday
- Monday, May 31 Memorial Day
- Monday, July 5 Independence Day
- Monday, September 6 Labor Day
- Monday, October 11 Columbus Day
- Thursday, November 11 Veterans Day
- Thursday, November 25 Thanksgiving Holiday
- Thursday, November 26 Thanksgiving Holiday
- Friday, December 24 Christmas Eve Day
Support requests received after hours will be addressed during the next business day.
Do you offer support outside of your normal support coverage?
Yes, for customers with extended support contracts. Please contact sales@atomicorp.com for more information.
Do you offer phone support?
Yes, for customers with existing extended support contracts. Please contact sales@atomicorp.com for more information about extended support contracts.
Phone support is not available without an existing extended support contract.
Are these the gotroot.com rules?
Yes they are, the one and same (and that website is being merged into this website). We are the oldest and most experienced mod_security rule authors out there. We were putting out rules long before mod_security was acquired and then acquired again. More sites use our rules and have been using then longer than everyone else combined. If you use our rules, you're in good company.
Does a real time subscription include both the modsecurity and clamav rules?
Yes, realtime subscribers get instant access to the latest modsecurity and clamav signatures. We release updates daily based on new attacks we detect from our honeypots, new methods our labs develop, as well as fixes and improvements.
Can I setup a cronjob to automatically update the rules?
Absolutely. We recommend you do that as we put out updates to the rules daily that include new protections and fixes.
I have unpatched web applications, will your modsecurity rules protect me?
In nearly every case the answer is yes. Thats exactly why we created the rules, and why we include Just In Time Patches in our rules to patch old applications such as Joomla. Unpatched vulnerabilities and zero day attacks are what we specialize in.
Do I need to install mod_security to use your rules?
You must install mod_security to use our rules.
What about MODevasive and Suhosin, do i need also those for full protection?
No, our rules do not require these modules to protect you. We do include mod_evasive in ASL, to provide DOS protection for web applications. mod_security is not the right tool for DOS protection. If you are concerned about DOS attacks then you should upgrade to ASL.
Suhosin is also not necessary to use our rules, nor do we depend on it to protect against web attacks. With that said, suhosin is a great module, but does require tuning. We do recommend you install it, but understand that it needs to be tuned for your system. Most of our customers do not use it nor is it necessary to be protected against web attacks, its just another line of protection.
asl-lite -u says "package asl is not installed".
asl-lite is a subset of ASL, so it has the same update code used in ASL. This is expected, in future releases the plan is to have it check for asl-lite updates.
I used to use your Free rules, with the new rules the dates on some of my rule files appear to have changed
That is expected. ASL-Lite is a rule updater, and we release updates daily. Sometimes even multiple times a day depending on attack trends.
I'm getting this error "Rule execution error - PCRE limits exceeded (-8): (null)."
This is a limitation of your implementation of mod_security, atomic mod_security builds do not produce this either. You can either download our builds from here:
Or you will need to build it like we do with our RPM (http://www4.atomicorp.com/channels/source/mod_security/mod_security.spec see the %build section).
Or check the atomic forums to see what luck other users have had if you choose to use a third parties mod_security build.
Your best choice is to use our builds.
Why should I change my CPanel mod_Security config file?
Its incomplete and will not scan all types of attacks. We are security experts, all we do is think about ways of stopping the bad guys.
/usr/bin/modsec-clamscan.pl is not installed on the server.
Malware scanning is not included in the rules only subscription. ASL comes with malware upload scanning for HTTP, SSH, FTP and other protocols, including real time malware protection and much more. If you want malware upload protection, upgrade to ASL.
We also don't include that file or use the methods demonstrated in it because it doesn't scale very well.