Infopro

Well-Known Member
May 20, 2003
17,090
518
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter

voshka

Active Member
Apr 4, 2010
30
0
56
Mod_evasive is an old outdated apache module
it does not any real protection against dos attacks
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
It would be better to install mod_qos, which is in EasyApache. Here are details on it:

mod_qos
 

voshka

Active Member
Apr 4, 2010
30
0
56
trying to use fcgi and getting use to it is much better
as it cache every compiled php into memory with a period and serve every thing from the memory will more usefull
try compiling apache with fcgi Ea-accelerator mem-cache mpm_worker

and change apache handler after the compilation to the fcgi

that would do much better in case of bot net or usual dos attacks
in the case of a dos flood it wouldn't be any thing you could do with the server level nore you could do on the firewall just need additional port to handle

Thanks
 

NetMantis

BANNED
Apr 22, 2012
116
1
66
Utah
cPanel Access Level
DataCenter Provider
It would be extremely difficult to trip mod_evasive via page refreshes unless you set the limits
on your mod_evasive configuration ridiculously low.

You did remember to actually configure mod_evasive, right? :)

mod_evasive is more for higher massive automated requests and is old but still has some practical use but is of no value whatsoever if you fail to configure the module.

A better rate throttle control for Apache however would be the newer mod_qos module which does a lot more.

If you want to look into a bit lower level control, it is possible to rate limit control access at the TCP/IP level using iptables though this gets into a little bit more advanced firewall rules and configurations.

CSF/LFD also has a great many features built in for controlling excessive or abusive traffic. However, just like mod_evasive these features are not working by default and you need to actually configure them in /etc/csf/csf.conf.
 

NixTree

Well-Known Member
Aug 19, 2010
413
5
143
Gods Own Country
cPanel Access Level
Root Administrator
Twitter
mod_qos + CSF can work together based on the rate of DDOS attack. I know a DDOS victim on which I had configure mod_qos and configured CSF to work with it. But it cannot generate any firewall rules due to the apache logs ( for qos ) was generated faster than CSF could read...so CSF couldn't help me during that situation.
 

NetMantis

BANNED
Apr 22, 2012
116
1
66
Utah
cPanel Access Level
DataCenter Provider
DDoS attack? Yes, those generally suck for lack of a better word! :)

Packet analysis should help you identify the unique characteristics of the attack and once you have that, you can just simply drop those packets regardless of IP originating source. I've killed more than a few DDoS attacks that way and the cool thing is there is no option for adding on new attack servers or changing IPs for the attacker.

The added SPI layer does slow the server a bit but no where near as much as letting the DDoS attack through.