Mod_evasive – Prevent DDOS Attack

Posted: December 27th, 2011 | Author: | Filed under: apache, centos | redhat | fedora, config | No Comments »

Installing Modevasive
mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera.

-> Execute the following commands to install it:

#wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
#tar -xzvf mod_evasive_1.10.1.tar.gz
#cd mod_evasive
#/usr/sbin/apxs -cia mod_evasive20.c
#rm -rf /root/mod_evasive*

-> Test to make sure it was loaded:
#grep -i evasive /etc/httpd/conf/httpd.conf

Next, edit /etc/httpd/conf/httpd.conf and uncomment (remove the # in front of each line) the following:

<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
</IfModule>

 

-> Restart Apache by executing the command

#/etc/init.d/httpd restart

Info
—-

  • DOSHashTableSize: is the size of the table of URL and IP combined
  • DOSPageCount: is the number of same page requests from the same IP during an interval that will cause that IP to be added to the block list.
  • DOSSiteCount: is the number of pages requested of a site by the same IP during an interval which will cause the IP to be added to the block list.
  • DOSPageInterval: is the interval that the hash table for IPs and URLs is erased (in seconds)
  • DOSSiteInterval: is the intervale that the hash table of IPs is erased (in seconds)
  • DOSBlockingPeriod: is the time the IP is blacked (in seconds)
  • DOSEmailNotify: can be used to notify by sending an email everytime an IP is blocked
  • DOSSystemCommand: is the command used to execute a command when an IP is blocked. It can be used to add a block the user from a firewall or router.
  • DOSWhiteList: can be used to whitelist IPs such as 127.0.0.1

Although mod_dosevasive can be quite effective in some cases, in others it can cause more problems by blocking non-offending IPs. It is suggested you take a look at hardware solution if you.

 

Source : http://www.zdziarski.com/blog/?page_id=442

Source : http://sabarish4u.wordpress.com/2008/11/21/157/

FreeRadius + MySQL + Ubuntu

Posted: August 1st, 2011 | Author: | Filed under: config, mysql, ubuntu | No Comments »

START

Install MySQL Server:
#sudo apt-get install mysql-server

Install Freeradius Server:

#sudo apt-get install freeradius freeradius-mysql

Install Apache Server:

#sudo apt-get install apache2

Install needed support for Apache Server:

#sudo apt-get install php5-mysql debhelper  libltdl3-dev libpam0g-dev libmysqlclient15-dev build-essential libgdbm-dev libldap2-dev libsasl2-dev libiodbc2-dev libkrb5-dev snmp autotools-dev dpatch  libperl-dev libtool dpkg-dev libpq-dev libsnmp-dev libssl-dev php-pear php5-gd php-db php5-mcrypt

Read the rest of this entry »

Cacti Issue

Posted: May 16th, 2011 | Author: | Filed under: config, tips and tricks | Tags: | No Comments »

Q: I just installed Cacti and all of my graphs appear as broken images.

A: If all of your settings appear correct, try running poller.php manually by cd’ing to Cacti’s directory and typing:

# php poller.php

Refer : http://www.cacti.net/downloads/docs/html/faq.html#AEN2409

Blog Widget by LinkWithin
« Older Entries