Mod_dosevasive dont banned

dreamguitar · Jun 17, 2005

I have setup Mod_dosevasive on my server. I can see possible ddos blocking ip in /var/log/messages but it dont working no email and no ip ban in deny.host.rules

Here my following configuration. Please help to correct this .

in httpd.conf

<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
DOSEmailNotify [email protected]
DOSSystemCommand "sudo /usr/local/sbin/apf -d %s"
</IfModule>

and in visudo : ( my server name root.blabla.com )

nobody root. = NOPASSWD: /usr/local/sbin/apf -d *

nosfin · Sep 30, 2005

the same.

i'm having the same problem..

nobody ALL = NOPASSWD: /usr/local/sbin/apf -d *
or
nobody sense. = NOPASSWD: /usr/local/sbin/apf -d *

[email protected] [/etc]# sudo -u nobody -s /usr/local/sbin/apf -d 11.11.11.11
/usr/local/sbin/apf: /usr/local/sbin/apf: Permission denied
[email protected] [/etc]#

is there anyone knows howto solve this problem ?

dropby23 · Oct 1, 2005

use this command

Code:

cat /var/log/messages | grep Blacklisting | awk {'print "ALL:" $8 "\n"'} >> /etc/hosts.deny

or

find this
DOSSystemCommand "sudo /usr/local/sbin/apf -d %s"
and change with this

DOSSystemCommand "sudo -u nobody-s /usr/local/sbin/apf -d %s"

and the visudo will be like that

nobody ROOT. = NOPASSWD: /usr/local/sbin/apf -d *
the last thing you will do
chmod 2755 /usr/local/sbin/apf

Thread starter	Similar threads	Forum	Replies	Date
	Mod_dosevasive, ¿?¿?	Web Servers and Applications	5	Oct 10, 2005
	mod_dosevasive whitelisting	Web Servers and Applications	2	Feb 10, 2005
A	mod_dosevasive vulnerability	Web Servers and Applications	0	Feb 4, 2005
K	mod_dosevasive for cPanel/Apache - comments?	Web Servers and Applications	6	Aug 2, 2004
B	mod_dosevasive	Web Servers and Applications	8	May 12, 2004

Search

Search

Mod_dosevasive dont banned

dreamguitar

Registered

nosfin

Registered

dropby23

Well-Known Member