Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_evasive and Wordpress

Discussion in 'EasyApache' started by gnetwork-cp, Nov 12, 2017.

  1. gnetwork-cp

    gnetwork-cp Member

    Joined:
    Mar 1, 2016
    Messages:
    17
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Just a heads up for anyone thinking of installing mod_evasive (using EasyApache) on a server running Wordpress.

    I saw the news this week that mod_evasive was available to install using EasyApache, so I gave it a try. All seemed good for a day or so, until I needed to do some edits in the backend of Wordpress (wp-admin). Firstly, images stopped appearing, then I got blocked completely with 403 Forbidden. I was locked out of the server. Suspecting the newly installed mod_evasive module as the cause, I then accessed the server using another IP and managed to uninstall it. On checking the logs, I noticed that mod_evasive had indeed locked me out.

    When this happened, I was editing a table with over 1000 rows, so I guess the large number of requests is what triggered the mod_evasive protection. I have searched quite a bit and can't find any decent suggestions for safe config defaults that would suit most Wordpress usage.

    There is discussion online, as to whether mod_evasive is of any real help when under a DOS attack; most say that only a hardware solution can do the job.
     
    linux4me2 likes this.
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. dvk01uk

    dvk01uk Member

    Joined:
    Oct 20, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    51
    I feel at this time it is giving too many false blocks.
    The problem appears to occur when you have the server set to use HTTP2 and mod_mpm_event and use a compatible browser like chrome or FF, which by design use multiple simultaneous connections which Mod_evasive appears to see as DDOS attacks and blocks when they are genuine connections

    I have removed mod_evasive because it is blocking too many genuine connections on my server. I only had it installed for less than 1 hour and monitored carefully
     
  4. gnetwork-cp

    gnetwork-cp Member

    Joined:
    Mar 1, 2016
    Messages:
    17
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Thanks cPanelMichael.
    I too use mod_http2 + mod_mpm_event.
     
  5. Ajdin

    Ajdin Member

    Joined:
    Sep 17, 2015
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Novi Travnik
    cPanel Access Level:
    Root Administrator
    Hello,

    recently we install mod_evasive for Dos protection on our server but we have issue with clients access.
    error_log show client denied by server configuration in most cases when clients access to wordpress admin or opencart app.
    configration that we set for mod_evasive is:
    DOSHashTableSize 3097
    DOSPageCount 50
    DOSSiteCount 150
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 3600

    clients says that they can't post in wordpress and admin part of opencart for example doesn't load completly.

    kind regards.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi @Ajdin,

    I've merged your post with this thread.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice