Versions Compared

Old Version 3

changes.mady.by.user Krishna Waidande

Saved on

compared with

New Version Current

changes.mady.by.user Prayuja Teli

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This attack does not result in theft or loss of information, but it can cost a victim a lot of time and money to handle.

How to Prevent from DoS attack?

The The mod_evasive module  module from the Apache web services modules helps your server stay running in such DoS or Brut force attack.

How does the mod_evasive module work?

This utility works by monitoring incoming server requests. Also, it watches suspicious requests like:

  • Multiple requests for the same page in one second.

  • More than 50-100 simultaneous requests per second

  • If the request is made while IP is temporarily blacklisted.

The module sends a 400 (Bad Request) error if any of these things happen. By default, this also includes a 10-second waiting period on the blacklist. If the IP address making the request tries to request again in that 10-second window, the waitlist is extended.

Steps to Installing mod_evasive Apache Utility

Step 1: Install mod_evasive

Ubuntu: sudo apt-get install libapache2-mod-evasive

CentOS / RedHat: sudo yum install mod_evasive

Step 2: Configure mod_evasive Options.

Open the configuration file.

Ubuntu: sudo vi /etc/apache2/mods-enabled/evasive.conf

CentOS / RedHat: sudo vi /etc/httpd/conf.d/mod_evasive.conf

Remove the comment sign (#) from each line, replace replace mail@yourdomain.com with  with the actual email address. Use an email that you check regularly – this is where the tool will send alerts.

...

Parameters and Settings

DOSHashTableSize: The value here specifies the size of the table that tracks activities of users based on their past IP addresses visits. Increasing the size improves the speed at the cost of memory.

DOSPageCount: This is the threshold for the number of requests for the same page (or URI) per page interval. Once the threshold limit for that interval has been exceeded, the IP address of the client will be added to the blocking list.

DOSSiteCount: The total number of requests can be made for the same site by the same IP address over the period of time specified by the DOSSiteInterval directive. By default, this is set to 50.

DOSPageInterval: Number of seconds for DOSPageCount. By default, this is set to 1 second. That means that if you don’t change it, requesting 2 two pages in 1 second will temporarily blacklist an IP address.

DOSSiteInterval: Like DOSPageInterval, this specifies the number of seconds that DOSSiteCount that DOSSiteCount monitors. By default, this is set to 1 second. That means that if a single IP address requests 50 resources on the same website in a single second, it will be temporarily blacklisted.

...

DOSSystemCommand: This command allows you to specify a system command to be run when an IP address is added to the blacklist. You can use this to launch a command to add an IP address to a firewall or IP filter.

DOSEmailNotify: If this value is set, an email will be sent to the address specified whenever an IP address becomes blacklisted.

...

This option isn’t included in the evasive.conf file by default. Open the file for editing as before, then add the following line:

...