gnetwork-cp

Member
Mar 1, 2016
23
6
3
Australia
cPanel Access Level
Root Administrator
Just a heads up for anyone thinking of installing mod_evasive (using EasyApache) on a server running Wordpress.

I saw the news this week that mod_evasive was available to install using EasyApache, so I gave it a try. All seemed good for a day or so, until I needed to do some edits in the backend of Wordpress (wp-admin). Firstly, images stopped appearing, then I got blocked completely with 403 Forbidden. I was locked out of the server. Suspecting the newly installed mod_evasive module as the cause, I then accessed the server using another IP and managed to uninstall it. On checking the logs, I noticed that mod_evasive had indeed locked me out.

When this happened, I was editing a table with over 1000 rows, so I guess the large number of requests is what triggered the mod_evasive protection. I have searched quite a bit and can't find any decent suggestions for safe config defaults that would suit most Wordpress usage.

There is discussion online, as to whether mod_evasive is of any real help when under a DOS attack; most say that only a hardware solution can do the job.
 
  • Like
Reactions: linux4me2

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463

dvk01uk

Member
Oct 20, 2007
13
0
51
I feel at this time it is giving too many false blocks.
The problem appears to occur when you have the server set to use HTTP2 and mod_mpm_event and use a compatible browser like chrome or FF, which by design use multiple simultaneous connections which Mod_evasive appears to see as DDOS attacks and blocks when they are genuine connections

I have removed mod_evasive because it is blocking too many genuine connections on my server. I only had it installed for less than 1 hour and monitored carefully
 

Ajdin

Member
Sep 17, 2015
17
0
51
Novi Travnik
cPanel Access Level
Root Administrator
Hello,

recently we install mod_evasive for Dos protection on our server but we have issue with clients access.
error_log show client denied by server configuration in most cases when clients access to wordpress admin or opencart app.
configration that we set for mod_evasive is:
DOSHashTableSize 3097
DOSPageCount 50
DOSSiteCount 150
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 3600

clients says that they can't post in wordpress and admin part of opencart for example doesn't load completly.

kind regards.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hi @Ajdin,

I've merged your post with this thread.

Thank you.