Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_evasive and Wordpress

Discussion in 'EasyApache' started by gnetwork-cp, Nov 12, 2017.

  1. gnetwork-cp

    gnetwork-cp Member

    Joined:
    Mar 1, 2016
    Messages:
    8
    Likes Received:
    2
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Just a heads up for anyone thinking of installing mod_evasive (using EasyApache) on a server running Wordpress.

    I saw the news this week that mod_evasive was available to install using EasyApache, so I gave it a try. All seemed good for a day or so, until I needed to do some edits in the backend of Wordpress (wp-admin). Firstly, images stopped appearing, then I got blocked completely with 403 Forbidden. I was locked out of the server. Suspecting the newly installed mod_evasive module as the cause, I then accessed the server using another IP and managed to uninstall it. On checking the logs, I noticed that mod_evasive had indeed locked me out.

    When this happened, I was editing a table with over 1000 rows, so I guess the large number of requests is what triggered the mod_evasive protection. I have searched quite a bit and can't find any decent suggestions for safe config defaults that would suit most Wordpress usage.

    There is discussion online, as to whether mod_evasive is of any real help when under a DOS attack; most say that only a hardware solution can do the job.
     
    linux4me2 likes this.
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,502
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. dvk01uk

    dvk01uk Member

    Joined:
    Oct 20, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    51
    I feel at this time it is giving too many false blocks.
    The problem appears to occur when you have the server set to use HTTP2 and mod_mpm_event and use a compatible browser like chrome or FF, which by design use multiple simultaneous connections which Mod_evasive appears to see as DDOS attacks and blocks when they are genuine connections

    I have removed mod_evasive because it is blocking too many genuine connections on my server. I only had it installed for less than 1 hour and monitored carefully
     
  4. gnetwork-cp

    gnetwork-cp Member

    Joined:
    Mar 1, 2016
    Messages:
    8
    Likes Received:
    2
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Thanks cPanelMichael.
    I too use mod_http2 + mod_mpm_event.
     
  5. Ajdin

    Ajdin Member

    Joined:
    Sep 17, 2015
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Novi Travnik
    cPanel Access Level:
    Root Administrator
    Hello,

    recently we install mod_evasive for Dos protection on our server but we have issue with clients access.
    error_log show client denied by server configuration in most cases when clients access to wordpress admin or opencart app.
    configration that we set for mod_evasive is:
    DOSHashTableSize 3097
    DOSPageCount 50
    DOSSiteCount 150
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 3600

    clients says that they can't post in wordpress and admin part of opencart for example doesn't load completly.

    kind regards.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,502
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi @Ajdin,

    I've merged your post with this thread.

    Thank you.
     
Loading...

Share This Page