DeepBlue
Dec 15 2003, 11:40 AM
If my IPs are protected by floodguard, why dosevasive logs these messages:
Dec 11 11:27:16 tornado mod_dosevasive[31934]: Blacklisting address 200.195.53.175: possible DoS attack.
Dec 11 11:32:26 tornado mod_dosevasive[1436]: Blacklisting address 200.154.108.130: possible DoS attack.
-----------------------------------------------
Edit:
Additional Info:
I am in the "training" period.
crodenberg
Dec 15 2003, 02:36 PM
Because either you have your dosevasive process mis-configured, or you are seeing a DoS attack designed to run your server out of resources with very few connections.
Try setting your dosevasive configuration to allow a greater number of simultaneous connections, and make sure you have the latest detection files.
Dosevasive mods are notorious for false positives. I run a few myself.