I am relativelly new to the Server Admin world and trying to catch on fast.

I have a customer that is consistently undergoing a DOS attack in which i would assume that more than one person is involved. These people are requesting files, thousands of times per second, that are not located on the server in any way (I.E. modules.php).

From what i can tell, the connections are being made through a proxy server and i can not find any way to counteract it. I have looked through these forums and found mention of APF firewall, and when i tried to install it i locked myself out... go figure

So that brings me to my next situation.

There are a couple of apache mods out that are supposed to assist in this and i would like to get some advice before i do this. They are
Apache DoS Evasive Maneuvers Module [v1.5.1-Stable] located at
http://www.networkdweebs.com/stuff/security.html

and
mod_security
http://www.webkreator.com/mod_security/

has anyone had experience with this on a cpanel server?
will it cause problems?
and it needs the apache src tree i think, and i have not the foggiest idea where it would be located on a cpanel server when logged in as root.

Any and all advice will be greatly appreciated.

Which version of APF did you use, last two have DEV option where firewall is shutdown 'automatically' after 5 min and you can set it to 0 (DEV mode) when you are sure that everything is working fine.

I was using the latest and i did see where devm=1.

Every few minutes the server would become unavailable, which i believe it was just resetting itself.

I put everything in, and did everything i found in the forums. It appeared to be working, so i set it to 0 and blam... locked out.

it said read the readme for install help, but all i found were settings information. But once i locked myself out after reading as much documentation i could find. I quickly removed it.

does anyone know where the Apache source tree is?

HOW TO INSTALL

1. Extract this archive into src/modules in the Apache source tree

2. Run ./configure --add-module=src/modules/dosevasive/mod_dosevasive.c

3. make, install

i'm lost there.

Thanks

This is the DOS ATTACK thread!

Talking about DOS attacks, how do I know if I am/was Dossed?:eek:

That is a valid question, that line is in the install instructions for DoS Evasive Maneuvers Module. All I can find is a dyn shortcut to that dir in /etc/httpd? where would we find the real path to it?

That is a valid question, that line is in the install instructions for DoS Evasive Maneuvers Module. All I can find is a dyn shortcut to that dir in /etc/httpd? where would we find the real path to it?