The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache HTTP DoS tool released

Discussion in 'EasyApache' started by headout, Jun 19, 2009.

  1. headout

    headout Well-Known Member

    Joined:
    Aug 20, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Apache HTTP DoS tool released
    Great news :rolleyes:

    Anyway, how to prevent this from happening at cPanel servers?
     
  2. serversignature

    serversignature Well-Known Member

    Joined:
    Nov 26, 2007
    Messages:
    107
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bangalore
    place your website behind ProxyShield mitigation system.
     
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I think CSF will protect against this; but I'm not sure, not having tested it ...
     
  4. zigzam

    zigzam Well-Known Member

    Joined:
    May 9, 2005
    Messages:
    206
    Likes Received:
    0
    Trophy Points:
    16
    No way to prevent against that. Only hope would be a hardware firewall.
     
  5. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    True, except that if it's all from one IP then CSF or mod_limitip will work.
     
  6. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    This is the thread from WHT - some good info there, some senior people posting with what can be used to defend against it (CSF, Apache KLM, haproxy, httpready sort-of) and discussing some of the issues.

    Are we all in risk?? Apache DoS global attack - Web Hosting Talk

    And yes, CSF will work if it's all from one IP.

    The point to make here is that this is an old attack, that works against many web server types, and is hard to defend against. There's nothing particularly exciting about that, there are lots of attack types that are hard or even impossible to defend against!

    Compared against a physical level, that's always going to be the case. If someone drives a truck into my office front door, I don't have defences against that. I could buy some concrete poles which would stop small trucks going slowly, but if I want to stop all trucks, I'd need solid buttresses and I'd need them further away. Then I wouldn't be protected against an angry mafia member wanting to tickle my staff's feet with pink feather dusters, so I'd have to set up a defence against that, or boy scouts with large water pistols, etc etc.

    In my mind what we need to be looking at is whether this is a credible immediate threat, and I think the answer for that is no, it's not (credible yes, probably not immediate for most of us). And with any threat, we need to look at:
    • is a simple defence possible?
    • and/or, what is our strategy if the attack happens?
     
  7. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    269
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bakersfield, California
    CSF will protect against this. Check out CSF's readme, section 16, that option will help against this.

    If you're using FreeBSD, load the accf_http and accf_data kernel modules, which should mitigate the attacks.
     
    #7 Voltar, Jun 21, 2009
    Last edited: Jun 21, 2009
Loading...

Share This Page