Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 24th May 2007, 10:14
ISPConfigFan ISPConfigFan is offline
Junior Member
 
Join Date: May 2007
Posts: 6
Thanks: 1
Thanked 1 Time in 1 Post
Default mod_evasive & SYN attacks/flood

Good day,

Since a few days we experience SYN-attacks on our servers. Look like:
Code:
tcp        0      0 ***:80            ***:1466         SYN_RECV    
tcp        0      0 ***:80            ***:1460         SYN_RECV    
tcp        0      0 ***:80            ***:1468         SYN_RECV    
...
We have tried to install mod_evasive and succeeded, but it is not functioning...

test.pl only gives 403 codes, but no 200 at the start...

apache conf:
Code:
####################################
# MOD EVASIVE
####################################

<IfModule mod_evasive20.c>
DOSHashTableSize    4000
DOSPageCount        2
DOSSiteCount        30
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   10
DOSEmailNotify ***
#DOSSystemCommand
#DOSLogDir "/var/log/mod_evasive"
DOSWhitelist 127.0.0.*
DOSWhitelist ***
DOSWhitelist ***
DOSWhitelist ***
DOSWhitelist ***
</IfModule>

#AddModule mod_evasive.c
Now the mod_evasive module is commented out, because if it is not, apache wont start because:
Code:
 Apache 1.3 configuration directives found
 please read /usr/share/doc/httpd-2.2.4/migration.html
                                                           [FAILED]
Can't find any useful (to me) information in that file though.

IP is manually dropped by iptables now, but that's clearly not the best solution.

Any advice on how to fix this and protect against syn-flood?
Reply With Quote
Sponsored Links
  #2  
Old 24th May 2007, 18:14
ISPConfigFan ISPConfigFan is offline
Junior Member
 
Join Date: May 2007
Posts: 6
Thanks: 1
Thanked 1 Time in 1 Post
 
Talking

Got it working. Just for others curious:

Put this:
Code:
<IfModule mod_evasive20.c>
DOSHashTableSize    4000
DOSPageCount        2
DOSSiteCount        30
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   10
DOSEmailNotify xxx@xxx.com
#DOSSystemCommand
#DOSLogDir "/var/log/mod_evasive"
DOSWhitelist 127.0.0.*
DOSWhitelist ......
</IfModule>
BELOW the line:
Code:
LoadModule evasive20_module   /usr/lib/httpd/modules/mod_evasive20.so
in your httpd.conf. The addmodule command is not te be used.


Installation:
Code:
yum install httpd-devel
cd /usr/local/src
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz 
tar -zxf mod_evasive_1.10.1.tar.gz
cd mod_evasive 
/usr/sbin/apxs -cia mod_evasive20.c
Excuse me for the lame question
Reply With Quote
The Following User Says Thank You to ISPConfigFan For This Useful Post:
falko (25th May 2007)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Enable TCP SYN Cookie Protection sysconfig Tips/Tricks/Mods 5 8th November 2006 18:25
SuseFirewall expert pls help zacch Installation/Configuration 11 17th March 2006 04:24


All times are GMT +2. The time now is 13:37.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.