The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod_dosevasive dont banned

Discussion in 'General Discussion' started by dreamguitar, Jun 17, 2005.

  1. dreamguitar

    dreamguitar Registered

    Joined:
    Feb 8, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I have setup Mod_dosevasive on my server. I can see possible ddos blocking ip in /var/log/messages but it dont working no email and no ip ban in deny.host.rules


    Here my following configuration. Please help to correct this .

    in httpd.conf

    <IfModule mod_dosevasive.c>
    DOSHashTableSize 3097
    DOSPageCount 5
    DOSSiteCount 100
    DOSPageInterval 2
    DOSSiteInterval 2
    DOSBlockingPeriod 600
    DOSEmailNotify blabla@gmail.com
    DOSSystemCommand "sudo /usr/local/sbin/apf -d %s"
    </IfModule>


    and in visudo : ( my server name root.blabla.com )

    nobody root. = NOPASSWD: /usr/local/sbin/apf -d *
     
  2. nosfin

    nosfin Registered

    Joined:
    Dec 7, 2003
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    the same.

    i'm having the same problem..

    nobody ALL = NOPASSWD: /usr/local/sbin/apf -d *
    or
    nobody sense. = NOPASSWD: /usr/local/sbin/apf -d *

    root@foo [/etc]# sudo -u nobody -s /usr/local/sbin/apf -d 11.11.11.11
    /usr/local/sbin/apf: /usr/local/sbin/apf: Permission denied
    root@foo [/etc]#

    is there anyone knows howto solve this problem ?
     
  3. dropby23

    dropby23 Well-Known Member

    Joined:
    Jan 16, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    use this command
    Code:
    cat /var/log/messages | grep Blacklisting | awk {'print "ALL:" $8 "\n"'} >> /etc/hosts.deny 
    or

    find this
    DOSSystemCommand "sudo /usr/local/sbin/apf -d %s"
    and change with this

    DOSSystemCommand "sudo -u nobody-s /usr/local/sbin/apf -d %s"

    and the visudo will be like that

    nobody ROOT. = NOPASSWD: /usr/local/sbin/apf -d *
    the last thing you will do
    chmod 2755 /usr/local/sbin/apf
     
Loading...

Share This Page