DOS Attacks

[geekhosting]

I am relativelly new to the Server Admin world and trying to catch on fast.

I have a customer that is consistently undergoing a DOS attack in which i would assume that more than one person is involved. These people are requesting files, thousands of times per second, that are not located on the server in any way (I.E. modules.php).

From what i can tell, the connections are being made through a proxy server and i can not find any way to counteract it. I have looked through these forums and found mention of APF firewall, and when i tried to install it i locked myself out... go figure

So that brings me to my next situation.

There are a couple of apache mods out that are supposed to assist in this and i would like to get some advice before i do this. They are
Apache DoS Evasive Maneuvers Module [v1.5.1-Stable] located at
http://www.networkdweebs.com/stuff/security.html

and
mod_security
http://www.webkreator.com/mod_security/

has anyone had experience with this on a cpanel server?
will it cause problems?
and it needs the apache src tree i think, and i have not the foggiest idea where it would be located on a cpanel server when logged in as root.

cPanel.net Support Ticket Number:

[sexy_guy]

The mod_security module is only for Apache 2.x and i dont think anybody here is running that on Cpanel here.

cPanel.net Support Ticket Number:

[geekhosting]

ok then, where can i find more information about counteracting thes DOS attacks, or find step by step instructions on installing a decent software driven fireall. And please dont say the readme file.

been there done that

cPanel.net Support Ticket Number:

[Starhawk-cyberpixels]

When this has been a problem for us, the DoS usually is coming from a single IP. Of course, that's visible in the Apache logs.

I just ring up my datacenter and have them block that IP at the firewall. Instant resolution, most times.

cPanel.net Support Ticket Number:

[geekhosting]

thats the thing that concerns me. This is not coming from only one ip, instead it is about 300 different ip addresses (mostly proxy servers). I need to know what i can do to either

Slow the maximum page request per second per user
Find something that automatically locks them out if they violate that rule

Or if it means installing a firewall, i will need step by step instructions on how to do it correctly without locking myself out. Thanks

cPanel.net Support Ticket Number: