The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Constant http floods taking over CPU

Discussion in 'Security' started by taenkarth, Sep 28, 2010.

  1. taenkarth

    taenkarth Member

    Sep 5, 2008
    Likes Received:
    Trophy Points:
    Ok, let me play this scenario out that has been occurring to us daily for a few months now.

    We have a cPanel server with approximately 60 customers on it. Daily we have to watch the logs and ban IP addresses that are constantly connecting to a couple of our websites every second. No matter how many we ban they just keep coming. The IP blocks are not the same and not even in the same country most of the time.

    This server is on a DMZ behind a Sonicwall firewall running AntiSpyware, Gateway AV, and Intrusion Prevention on the DMZ zone.

    What can we do to make these http connection attacks stop?
  2. GaryT

    GaryT Well-Known Member

    May 19, 2010
    Likes Received:
    Trophy Points:
    Install CSF, Install Mod_Evasive and Dos_Delfate then do some tweeking within the config for basic setup:

    CSF basic's - Install CSF -

    Dos_Delfate Basic's - Install:

    Mod_Evasive Basic's ( shown within http.conf ) "Roughly" - Install Mod_Evasive -

    Now this will prevent most common attacks like the one your having, But you have to remember that BIG attacks such as botnets will not be prevented but its very rare you see this unless you own something like facebook and such..

    Now if your under such heavy attack you may want to try contact your DC for some hardware traffic filtering.
    #2 GaryT, Sep 29, 2010
    Last edited: Sep 29, 2010

Share This Page