mod_qos is a very useful tool to protect Apache from attacks. It gives some fine-grained opportunities to scale the number of used connections and to defend an attack according to bandwidth limits. Even though CSF has some of those features it isn't really effective. Its good to have mod_sec in EasyApache; however it lacks an interface to configure the settings, so not many are able to use this feature. Please add an interface in WHM to to limit the number of simultaneous connections per IP, and/or set it to lower bandwidth when you've come close to your maximum client count.