The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod_Evasive

Discussion in 'Security' started by hostnex, May 29, 2012.

  1. hostnex

    hostnex Well-Known Member

    Joined:
    May 2, 2008
    Messages:
    77
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Islamabad, Pakistan, Pakistan
    cPanel Access Level:
    Root Administrator
    we installed Mod evasive on our testing server and followed the article

    /http://systembash.com/content/how-to-stop-an-apache-ddos-attack-with-mod_evasive/

    Can anyone tell us how we can test Mod_Evaisve with CSF firewall. when we try to refresh pages again and again CSF does not seem to block the IP.
     
  2. hostnex

    hostnex Well-Known Member

    Joined:
    May 2, 2008
    Messages:
    77
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Islamabad, Pakistan, Pakistan
    cPanel Access Level:
    Root Administrator
    is there anyone who can comment on it please.
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sure thing. This old post should still be accurate, AFAIK:

    csf+lfd and mod_evasive - ConfigServer Forums
     
  4. voshka

    voshka Active Member

    Joined:
    Apr 4, 2010
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Mod_evasive is an old outdated apache module
    it does not any real protection against dos attacks
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    It would be better to install mod_qos, which is in EasyApache. Here are details on it:

    mod_qos
     
  6. voshka

    voshka Active Member

    Joined:
    Apr 4, 2010
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    trying to use fcgi and getting use to it is much better
    as it cache every compiled php into memory with a period and serve every thing from the memory will more usefull
    try compiling apache with fcgi Ea-accelerator mem-cache mpm_worker

    and change apache handler after the compilation to the fcgi

    that would do much better in case of bot net or usual dos attacks
    in the case of a dos flood it wouldn't be any thing you could do with the server level nore you could do on the firewall just need additional port to handle

    Thanks
     
  7. NetMantis

    NetMantis BANNED

    Joined:
    Apr 22, 2012
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Utah
    cPanel Access Level:
    DataCenter Provider
    It would be extremely difficult to trip mod_evasive via page refreshes unless you set the limits
    on your mod_evasive configuration ridiculously low.

    You did remember to actually configure mod_evasive, right? :)

    mod_evasive is more for higher massive automated requests and is old but still has some practical use but is of no value whatsoever if you fail to configure the module.

    A better rate throttle control for Apache however would be the newer mod_qos module which does a lot more.

    If you want to look into a bit lower level control, it is possible to rate limit control access at the TCP/IP level using iptables though this gets into a little bit more advanced firewall rules and configurations.

    CSF/LFD also has a great many features built in for controlling excessive or abusive traffic. However, just like mod_evasive these features are not working by default and you need to actually configure them in /etc/csf/csf.conf.
     
  8. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    386
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    mod_qos + CSF can work together based on the rate of DDOS attack. I know a DDOS victim on which I had configure mod_qos and configured CSF to work with it. But it cannot generate any firewall rules due to the apache logs ( for qos ) was generated faster than CSF could read...so CSF couldn't help me during that situation.
     
  9. NetMantis

    NetMantis BANNED

    Joined:
    Apr 22, 2012
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Utah
    cPanel Access Level:
    DataCenter Provider
    DDoS attack? Yes, those generally suck for lack of a better word! :)

    Packet analysis should help you identify the unique characteristics of the attack and once you have that, you can just simply drop those packets regardless of IP originating source. I've killed more than a few DDoS attacks that way and the cool thing is there is no option for adding on new attack servers or changing IPs for the attacker.

    The added SPI layer does slow the server a bit but no where near as much as letting the DDoS attack through.
     
Loading...
Similar Threads - Mod_Evasive
  1. Mugoma
    Replies:
    1
    Views:
    166

Share This Page