How to defend from post attacks

X

xoox

Verified User
Joined
Oct 24, 2008
Messages
52
Hi all,

I have huge problems with my hosting server, I am using Direct Admin and users using this program:
OWASP HTTP Post Tool to attack the my website, another thing that happening to me lately on phpbb forum in my site: user go to any post and clicks a lot on F5 and the server not responding anymore, anyone knows how to protect from this kinds of attacks ?
 
Hello,

I hope you don't try to advertise for the software for such of attacks here.
Anyway attacks you are referring might be called as HTTP Flood, and there are different ways of protection against them:

1. Use firewall to set up a limit rate of connections per sec from a single IP to *:80 (CSF/LFD might be used here for CentOS and Debian/Ubuntu).

2. Set up additional modules for Apache smth like limitipconn, dosevasive

3. Install NGINX as a front-end to Apache.

I personally would recommend #3 and #1.
 
Thank you very much for your help !
I will try to do google it to find a guide if you have any guide that you recommend I will very happy
Thanks again!
 
Well, regarding CSF/LFD there is already a guide on these forums: http://forum.directadmin.com/showthread.php?t=27315

Regarding Apache, I don't use Apache modules for protecting it from this kind of attacks. I'm sure we should protect apache without involving it into this protection. Saying it in another words, all "bad" requests should be dropped before they come to apache. So, if you choose #2 way from those mentioned above, I'm not that one who can guide you through this.

Regarding NGINX, there are already some guides on this forums and other part of Internet. More to say a replacement of Apache with NGINX is now in active development and testing stage by Directadmin.

The way I'd suggest to use nginx, you have both nginx+apache. And there are also guides on how to achieve that, as well as some commercial plugins.

Using Nginx as the primary frontend webserver can increase performance regardless if you choose to keep Apache running on the system. One of Nginx’s greatest advantage is how well it serves static content. It does so much more efficiently than Apache, and with very little cost to memory or processing. So placing Nginx in front will remove that burden off Apache, leaving it to concentrate on dynamic request or special scenarios.
 
is there any stable version of nginx+apache+direct admin?
is it hard to install and configure all together ?

as I understood this solution can decrease the attacks right ?

I found this in the start of the guide:
"Warning: The Latest version of CSF does not work properly with DirectAdmin on CentOS 5 machines with Apache 2+"

on which version I can use?

Sorry for my question I am not familiar with this stuff
 
Last edited:
xoox said:
is there any stable version of nginx+apache+direct admin?
Click to expand...

Directadmin officially does not support Apache+NGINX, it supports only Apache replacement by NGINX.

So, if to use Apache+NGINX, it does not matter what version of Directadmin you're running. The most stable combination (if it's possible to say so), I'd call Apache 2.2 + NGINX 1.x (The latest stable version is nginx-1.2.7, www.nginx.org)

xoox said:
is it hard to install and configure all together ?
Click to expand...

I'd rather say no, if you know what exactly to do. No longer than 1 hour of work if to do manually and carefully (at least for me). And probably several days on reading docs and forums if you aren't familiar with the subject.

xoox said:
as I understood this solution can decrease the attacks right ?
Click to expand...

I'd say that not, it won't decrease the attacks. But it can increase resistance to such attacks, and protect your server from simple HTTP Flood and DoS attacks.

xoox said:
I found this in the start of the guide:
"Warning: The Latest version of CSF does not work properly with DirectAdmin on CentOS 5 machines with Apache 2+"
Click to expand...

Wow, it seems I've never seen this warning. Honestly I don't even know what do they base their warning on.

xoox said:
on which version I can use?
Click to expand...

I've been using CSF not so long (1 year not more), and since that time I've only one issue with it. But the issue happened on not a Directadmin powered server, which has no apache at all. In my experience it runs well with apache 2.2, apache 2.3 on both CentOS 5 and CentOS 6.

xoox said:
Sorry for my question I am not familiar with this stuff
Click to expand...

That's OK.
 
I will try to start with CSF, I saw that the guide is from 2008 so I believe the warning message is not valid anymore.

than I will try to get my hands on a test machine to install Apache+NGINX to see if I can handle it.

Thanks a lot Alex!
 
You're welcome. Feel free to PM me (if you need a private assistance) as well as post here any further questions regarding the subject.
 
zEitEr said:
I hope you don't try to advertise for the software for such of attacks here.
Click to expand...
I've removed the link to the software; we don't want to help Google search rank of software used to attack DirectAdmin servers.

Let anyone who needs to know about it look it up.

Jeff
 
I don't use Nginx, so I don't know how to use it, nor do I know the link, nor is it in my bookmarks.

You can always google for it:

nginx site:forum.directadmin.com

Jeff
 
You must log in or register to reply here.
Back
Top