Any method to prevent Syn Flood Attack (down the WWW ) ?
- Thread starter hkivan
- Start date
You can donwload mod_dosevassive on the Nuclear Elephant site, I don't have experience on this mod but this guys have the most speedy and most accurate spam detection I have see ever. (DSPAM)
ramon
ramon
Most other apache modules you just compile the modules per the instructions usually in the tar.gz you download. Once its compiled you edit the httpd.conf file to load the module and set any configurations options you might have.
if I'll copy the file to /usr/local/directadmin/customapache/src/modules/dosevasive/mod_dosevasive.c
and I add to configure.apache_ssl
the line --add-module=src/modules/dosevasive/mod_dosevasive.c
and I do ./build apache_mod_ssl
it will del the apache_1.3.31 folder and extract from the .tar.gz
therefore deleting the file any ideas?
Thanks,
David
and I add to configure.apache_ssl
the line --add-module=src/modules/dosevasive/mod_dosevasive.c
and I do ./build apache_mod_ssl
it will del the apache_1.3.31 folder and extract from the .tar.gz
therefore deleting the file any ideas?
Thanks,
David
Found away to install it on RH9 with DA
a) backup your current httpd.conf file
b) use the following CMD to compile the mod ( it will generate a new httpd.conf file and it will add the mode lines in there )
/usr/sbin/apxs -iac mod_dosevasive.c
c) edit your httpd.conf file and add
<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
this does a pretty good job of blocking and unblocking IP's
Hope that helped you,
David
a) backup your current httpd.conf file
b) use the following CMD to compile the mod ( it will generate a new httpd.conf file and it will add the mode lines in there )
/usr/sbin/apxs -iac mod_dosevasive.c
c) edit your httpd.conf file and add
<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
this does a pretty good job of blocking and unblocking IP's
Hope that helped you,
David
Last edited:
BigWil
Verified User
- Joined
- Aug 5, 2004
- Messages
- 313
Any idea why the EmailNotify and DOSSystemCommand parameters will not work? I have tried everything. The DOSSystemCommand I am using runs fine at the command prompt using an IP in substitution of %s but it won't run from apache.
<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSSystemCommand '/usr/local/bin/php /usr/local/etc/blacklist.php %s'
</IfModule>
Thanks for any insight. This could be a really good addition and if I can get it to run that command it would be sweet since it will automatically add the IP of the offender to the IPF rules for any designated period of time.
BigWil
<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSSystemCommand '/usr/local/bin/php /usr/local/etc/blacklist.php %s'
</IfModule>
Thanks for any insight. This could be a really good addition and if I can get it to run that command it would be sweet since it will automatically add the IP of the offender to the IPF rules for any designated period of time.
BigWil
About the mailing Issue
You should edit the original mod_dosevasive.c
and look for the word mail
you will see something like /sbin/sendmail
change it to #define MAILER "/bin/mail %s"
save and recompile via the command I gave before
about the CMD there are sevral ways to make it work
try using " instad of '
You should edit the original mod_dosevasive.c
and look for the word mail
you will see something like /sbin/sendmail
change it to #define MAILER "/bin/mail %s"
save and recompile via the command I gave before
about the CMD there are sevral ways to make it work
try using " instad of '
BigWil
Verified User
- Joined
- Aug 5, 2004
- Messages
- 313
I did just about everything I could on the EmailNotify and gave up. This did include changing the path to /usr/bin/mail -t %s and recompiling. Still didn't work.
That is when I started looking into the DOSSystemCommand option. I created the script from an idea I got from another board. It works perfectly from the command line. I figure the failure of both are probably the same problem. Apache isn't letting anything run that way. I even tried a simple echo to a file and that didn't work and every user should have access to echo so it isn't a simple permissions problem. Maybe a more advanced one though.
Big Wil
That is when I started looking into the DOSSystemCommand option. I created the script from an idea I got from another board. It works perfectly from the command line. I figure the failure of both are probably the same problem. Apache isn't letting anything run that way. I even tried a simple echo to a file and that didn't work and every user should have access to echo so it isn't a simple permissions problem. Maybe a more advanced one though.
Big Wil
BigWil
Verified User
- Joined
- Aug 5, 2004
- Messages
- 313
I am noticing this under the Apache2 configuration in the mod_dosevasive README file:
Optionally you can also add the following directives:
DOSEmailNotify [email protected]
DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
But it isn't under the Apache configuration settings. Does that mean that it is only available with Apache2 or do you have the Email and Command working with regular old Apache?
I installed it with apxs -i -a -c mod_dosevasive.c so I don't see how recompiling apache would help. But I did it anyways and without making any changes and it still doesn't work. Did you install mod_dosevasive static or dynamic?
Big Wil
Optionally you can also add the following directives:
DOSEmailNotify [email protected]
DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
But it isn't under the Apache configuration settings. Does that mean that it is only available with Apache2 or do you have the Email and Command working with regular old Apache?
I installed it with apxs -i -a -c mod_dosevasive.c so I don't see how recompiling apache would help. But I did it anyways and without making any changes and it still doesn't work. Did you install mod_dosevasive static or dynamic?
Big Wil
Last edited: