How to prevent DDos attacks

April 22, 2008 on 2:48 pm | In Apache, Cpanel, DDos | No Comments

Hello everyone…
Here I present some steps to prevent DDos attacks.

>>>>>>>>>Install/Configure APF firewall
>>>>>>>>>Install/Configure mod_evasive
>>>>>>>>>Install mod_security
>>>>>>>>>Blocking IPs maintaining more connections
>>>>>>>>>Optimizing the httpd.conf file

Install/Configure APF firewall

===========================
cd /usr/local/src/
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
tar -zxvf apf-current.tar.gz; cd apf-*

Step 2: Installation
Code:

sh ./install.sh
===========================

Install/Configure mod_evasive

===========================
Download the source

======================
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar -xzvf mod_evasive_1.10.1.tar.gz
cd mod_evasive
======================

Compile in the mod_evasive apache module using apxs

======================
For Apache 2
/usr/local/apache/bin/apxs -i -a -c mod_evasive20.c

For Apache 1.3
/usr/local/apache/bin/apxs -i -a -c mod_evasive.c
======================

If the apxs path is not /usr/local/apache/bin/apxs replace it with the appropriate path

Edit your httpd.conf /usr/local/apache/conf/httpd.conf

Add the lines below.

======================
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify user@yourdomain.com
======================

/etc/init.d/httpd restart

You can try another values for the above and obtain the best setting.
In some cases mod_evasive also blocks legitimate user IPs.
===========================

Install mod_security

Install this module via WHM

WHM >> cPanel >> Addon Modules >> Select “modsecurity ” >>save

Blocking IPs maintaining more connections

===========================
You can check out the number of http requests coming to your server and the
ip’s from where it is coming by executing the command :

============================================
netstat -plan | grep :80 | awk ‘{print $5}’ | cut -d: -f 1 | sort | uniq -c | sort -n
============================================

If you feel like there are inordinate amount of requests from a single ip, you
can block it in your APF using this command :

=====
apf -d IP
=====

Using iptables, you can block the ip with :
====================
iptables -A INPUT -s -j DROP
====================

You can check out the ip to which maximum number of http requests are coming
with the following command :

==================
[root@server ~]# netstat -plan|grep :80|awk {‘print $4′}|cut -d: -f 1|sort|uniq -c|sort -n
==================
===========================

Optimizing the httpd.conf file

vi /usr/local/apache/conf/httpd.conf

Change the values as follows.

MaxKeepAliveRequests 50
KeepAliveTimeout 60

Also edit the following options.

Timeout
KeepAliv
MinSpareServers
MaxSpareServers
MaxClients

Reduce the timeout, Maxclients etc.

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment