Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_evasive too aggressive

Discussion in 'General Discussion' started by Erel, Dec 1, 2017.

Tags:
  1. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    I've installed mod_evasive on my server.

    I'm trying to increase the limits to allow users to open multiple links at once without being blocked.

    No matter how high I set the limits they are still blocked after a few links.
    I've set 300-mod_evasive.conf to:

    LoadModule evasive24_module modules/mod_evasive24.so

    DOSPageCount 10000
    DOSSiteCount 20000

    The result is still the same. I think that I'm updating the correct file as it did start sending emails after I've added DOSEmailNotify.

    Any clues?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know the specific output to the corresponding log file in the /var/log/apache2/mod_evasive/ directory regarding the blocked access attempt?

    Thank you.
     
  3. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    Sorry, I missed your post.

    There are many dos-<ip address> files in that directory. I don't see any log file there.
    The dos file content is a number (pid maybe).
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    My apologies, it looks like the /var/log/apache2/mod_evasive/ directory is for temporary files related to blocked IP addresses as opposed to logs of blocked access attempts. Could you open a support ticket using the link in my signature so we can take a closer look and see why the limits are not working as expected?

    Thank you.
     
  5. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    Done. I received this error while creating the ticket:

    WHM Authorization failed with the following error: The server detected that an SSH key for user “xxx” in Ticket ID “9091211” and Server “1” already exists. Run the following cPanel script and refresh your browser: /scripts/updatesupportauthorizations. You may skip this server or correct the problem and try again.

    I haven't ran this script as I don't know where to find it.
     
  6. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    Issue has been resolved with the help of cPanel support.

    I was updating the wrong configuration file.

    The correct one is:
    /etc/apache2/conf.d/300-mod_evasive.conf

    The incorrect one is:
    /etc/apache2/conf.modules.d/300-mod_evasive.conf

    It was confusing as changes to the incorrect one were partially applied. Probably because the correct configuration file overrides the settings.
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,066
    Likes Received:
    348
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  8. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    I guess that the docs should be updated...
     
    Infopro likes this.
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,066
    Likes Received:
    348
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Could I have the ticket ID for your ticket about this?
     
  10. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    Sure: 9091211
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,066
    Likes Received:
    348
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thank you!
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I've opened a case with our Documentation Team (DOC-9944) to have the correct path reflected in our documentation.

    Thanks!

    Update: The change was implemented and should be published in the near future.
     
Loading...

Share This Page