The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is mod_evasive still reliable to prevent DDOS ?

Discussion in 'General Discussion' started by isputra, Sep 3, 2009.

  1. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar
    I asked this question because some reason that i read on several article i found when search on google :

    1. This is an old module and not maintained anymore
    2. This module will block search engine's spider and will lower pagerank
    3. This module blocking system can't use to colaborate with CSF
    4. By default “/tmp” will be used for locking mechanism, which opens some
    security issues if your system is open to shell users
    5. DOSEmailNotify will not work if "Prevent the user "nobody" from sending out mail to remote addresses" turn on

    So what do you think about that ?
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    True, they have not updated mod_evassive in a long while but it
    presently does all it really needs to do and with the source available,
    it is very easy to modify if you want to create custom features.

    No, it won't have any effect on search engine spiders that follow
    proper protocol and if you have mod_evassive configured correctly.

    Where in the world did you get that idea from? It has a trigger hook
    built in that can be used to call any system command including block
    commands to CSF --- in fact, that's how we got ours setup!

    If you allow shell for users, you got other problems to worry about! ;)

    However, you can configure mod_evassive to store its trigger and
    temporary watch files anywhere you like. It need not be /tmp if you
    don't want it to be. Give it it's own folder tree elsewhere!

    Wrong ... go into Exim config and enable "-f" flag (see config options)

    Our servers have SMTP block from CSF enabled, SuExec, and SuPHP and
    have restricted all mail to mail server processes only and blocked user
    "nobody" from sending mail in Cpanel settings and we have no problems
    whatsoever receiving notify messages from mod_evassive.

    Sounds like whoever told you all those things about mod_evassive above didn't have a single clue about using mod_evassive properly! ;)
     
  3. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar
    Spiral, thank you for your explanation.

    How i can do that ? Is it just use DOSSystemCommand "csf -d %s" ?

    Yes, i have done that but the email still rejected because from nobody :

    -------------------------------
    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    demo@demo.com
    Mail sent by user nobody being discarded due to sender restrictions in WHM->Tweak Settings

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <nobody@demo.com>
    Received: from nobody by demo.com with local (Exim 4.69)
    (envelope-from <nobody@demo.com>)
    id 1MjHBa-0000Dr-SS
    for demo@demo.com; Fri, 04 Sep 2009 01:37:30 +0700
    To: demo@demo.com
    Message-Id: <E1MjHBa-0000Dr-SS@demo.com>
    From: Nobody <nobody@demo.com>
    Date: Fri, 04 Sep 2009 01:37:30 +0700

    To: demo@demo.com
    Subject: HTTP BLACKLIST 66.90.104.20

    mod_evasive HTTP Blacklisted 66.90.104.20
    ---------------------------------

    That's why i asked here to have right explanation :)
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    As far as I recall, mod_evasive (only the one 's' I think, unless we're talking about something different?) has never been particularly useful and has become less so as time has moved on.

    Also as far as I recall, it doesn't block DDOS as the attacks come from multiple IPs.

    Having said that, it could still be of some use. I'd prefer CSF over it, and be careful to tune the mod_evasive settings if you are getting it to ask CSF to block IPs permanently or you could be opening yourself up for a world of pain from users.
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Sorry for the late posting, been very busy this week and d have not been on here much.

    Anyway, if you need assistance installing and or properly configuring mod_evasive, I'd be glad to give you a hand with that.

    I do try to keep an eye on my private message here and always have
    my MSN on using the support address for the company in my signature.
     
Loading...

Share This Page