The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DOS Attacks

Discussion in 'General Discussion' started by geekhosting, May 20, 2003.

  1. geekhosting

    geekhosting Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    I am relativelly new to the Server Admin world and trying to catch on fast.

    I have a customer that is consistently undergoing a DOS attack in which i would assume that more than one person is involved. These people are requesting files, thousands of times per second, that are not located on the server in any way (I.E. modules.php).

    From what i can tell, the connections are being made through a proxy server and i can not find any way to counteract it. I have looked through these forums and found mention of APF firewall, and when i tried to install it i locked myself out... go figure

    So that brings me to my next situation.

    There are a couple of apache mods out that are supposed to assist in this and i would like to get some advice before i do this. They are
    Apache DoS Evasive Maneuvers Module [v1.5.1-Stable] located at
    http://www.networkdweebs.com/stuff/security.html

    and
    mod_security
    http://www.webkreator.com/mod_security/

    has anyone had experience with this on a cpanel server?
    will it cause problems?
    and it needs the apache src tree i think, and i have not the foggiest idea where it would be located on a cpanel server when logged in as root.

    cPanel.net Support Ticket Number:
     
  2. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    The mod_security module is only for Apache 2.x and i dont think anybody here is running that on Cpanel here.

    cPanel.net Support Ticket Number:
     
  3. geekhosting

    geekhosting Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    ok then, where can i find more information about counteracting thes DOS attacks, or find step by step instructions on installing a decent software driven fireall. And please dont say the readme file.

    been there done that

    cPanel.net Support Ticket Number:
     
  4. Starhawk-cyberpixels

    Joined:
    Jan 1, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    When this has been a problem for us, the DoS usually is coming from a single IP. Of course, that's visible in the Apache logs.

    I just ring up my datacenter and have them block that IP at the firewall. Instant resolution, most times.

    cPanel.net Support Ticket Number:
     
  5. geekhosting

    geekhosting Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    thats the thing that concerns me. This is not coming from only one ip, instead it is about 300 different ip addresses (mostly proxy servers). I need to know what i can do to either

    Slow the maximum page request per second per user
    Find something that automatically locks them out if they violate that rule

    Or if it means installing a firewall, i will need step by step instructions on how to do it correctly without locking myself out. Thanks

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page