GalacNet - Web Server FaQ - Blocking people that try to DDoS the Web Server

Warning: include(../style.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 14

Warning: include() [function.include]: Failed opening '../style.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 14

Warning: include(../body.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 15

Warning: include() [function.include]: Failed opening '../body.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 15

Warning: include(../logo.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 16

Warning: include() [function.include]: Failed opening '../logo.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 16

Warning: include(../top-tool.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 17

Warning: include() [function.include]: Failed opening '../top-tool.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 17

Warning: include(../left-paid.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 18

Warning: include() [function.include]: Failed opening '../left-paid.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 18

Warning: include(../left-free.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 19

Warning: include() [function.include]: Failed opening '../left-free.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 19

Warning: include(../faq-top.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 20

Warning: include() [function.include]: Failed opening '../faq-top.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 20

Server Administration Help - Blocking people that try to DDoS the Web Server

This procedure is for Linux Redhat, Fedora Core or CentOS systems. But should be roughly the same for all Linux or Unix based systems.

Excute the following in italics
wget http://www.nuclearelephant.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
(or if unavailable use "wget http://www.galacnet.com/faq/downloads/mod_evasive_1.10.1.tar.gz")
tar -zxvf mod_evasive_1.10.1.tar.gz
cd mod_evasive_1.10.1

Then for Apache 1.3
/usr/local/apache/bin/apxs -i -a -c mod_dosevasive.c

Or for Apache v2.0
/usr/local/apache/bin/apxs -i -a -c mod_dosevasive20.c
(note that path to apxs could be different and you should try to locate apxs if the command is unavailable)

/etc/init.d/httpd restart

Installation could fail if you do not have the GCC compilers for apache. please refer to our other help files for how to install those.

Configuration of Mod Evasive
edit this file /etc/httpd/conf/httpd.conf and look for the following :

For Apache v1.3:

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10

For Apache v2.0:

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10

Here are what the above does :-

DOSHashTableSize : Size of the hash table. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.

DOSPageCount : Number of requests for the same page within the 'DOSPageInterval' interval that will get an IP address added to the blocking list.

DOSSiteCount : Same as 'DOSPageCount', but corresponds to the number of requests for a given site, and uses the 'DOSSiteInterval' interval.

DOSPageInterval : Interval for the 'DOSPageCount' threshold in second intervals.

DOSSiteInterval : Interval for the 'DOSSiteCount' threshold in second intervals.

DOSBlockingPeriod : Blocking period in seconds if any of the thresholds are met. The user will recieve a 403 (Forbidden) when blocked, and the timer will be reset each time the site gets hit when the user is still blocked.

Back to FaQ Section

Warning: include(../right-top.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 107

Warning: include() [function.include]: Failed opening '../right-top.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 107

Warning: include(../right-mid.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 108

Warning: include() [function.include]: Failed opening '../right-mid.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 108

Warning: include(../right-bottom.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 109

Warning: include() [function.include]: Failed opening '../right-bottom.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 109

Warning: include(../bottom-ad.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 110

Warning: include() [function.include]: Failed opening '../bottom-ad.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 110

Warning: include(../bottom.php) [function.include]: failed to open stream: No such file or directory in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 111

Warning: include() [function.include]: Failed opening '../bottom.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/galacnet/domains/galacnet.com/public_html/faq/faq-server-modevasive.php on line 111