DoS / DDoS Prevention, Apache modules - mod_security, modevasive - some help needed

[duzap]

Hello everyone,

I have recently started to implement some security on my machine to stop ddos attacks (I know I can't stop them forever but I would like to filter them and minimize their influence on the server).

I would like to hear some information about mod_security, how do I install it with directadmin and how does it help for ddos prevention.

Plus I have heard about modevasive that also helps for ddos prevention, it's also included in my question.

Thanks.

 

[zEitEr]

I would like to hear some information about mod_security

It has been already discussed, and more to say, there should be a How-To on these forums. Please search.

 

[Onepamopa]

All depends on what type of DDoS attack you are getting.
If the attacks are small mod_security, syncookies and a good firewall configuration will keep your webserver alive.

Of course, there are 0-day remote exploits that can result in DDoS aswell, so you have to keep your software and security patches up-to-date.
Unfortunately more complex attacks (or attacks with huge amount of bad traffic) will require a specialised DDoS protection setup.

Of the Proxy shields I have seen, best value-for-money is Vistnet.com. They give you a free test - you're not happy, you don't have to buy.

 

[DirectAdmin Support]

Hello,

As well, for integration with the DirectAdmin Brute Force Monitor, I've written this basic how-to guide on using the block_ip.sh with a sample iptables firewall:
http://help.directadmin.com/item.php?id=380

Note that firewalls are beyond our support, so is beyond our support, but the guide is a handy & functioning proof-of-concept.

Don't forget to do excessive testing before doing step 4 (automation) so you don't block yourself. Once it blocks an IP, it's permanent, even after reboots.

John

 

[BooDaddy]

Hello,

As well, for integration with the DirectAdmin Brute Force Monitor, I've written this basic how-to guide on using the block_ip.sh with a sample iptables firewall:
http://help.directadmin.com/item.php?id=380

Note that firewalls are beyond our support, so is beyond our support, but the guide is a handy & functioning proof-of-concept.

Don't forget to do excessive testing before doing step 4 (automation) so you don't block yourself. Once it blocks an IP, it's permanent, even after reboots.

John

I cant download the iptables and other files from the download links you put in the how-to. It seems files1.directadmin.com isnt resolving anything.

Are the files housed elsewhere?

 

[zEitEr]

Yes,

# cat /usr/local/directadmin/custombuild/servers.txt
files1.directadmin.com
files2.directadmin.com
files5.directadmin.com
files6.directadmin.com
files8.directadmin.com
files10.directadmin.com
files11.directadmin.com
files13.directadmin.com