[ILUG-BOM] How can I secure my server from DoS attack ?

Neelesh Gurjar neel.hjs at gmail.com
Wed Jun 24 20:50:01 IST 2009


On Wed, Jun 24, 2009 at 12:46 PM, Neelesh Gurjar <neel.hjs at gmail.com> wrote:

> Neelesh Gurjar <neel.hjs at gmail.com>
>> wrote:
>> > Hi,
>> > I have a web server which has CentOS Linux 2.6.18-028stab059.6-ent
>> kernel
>> > and Apache 1.3.37 running on it.
>> >
>> > 2 days back I got one script to test DoS attack on website. It is called
>> > slowloris.pl  from http://ha.ckers.org/slowloris/
>> >
>> > I run that script against my server and it worked. It stopped my website
>> > for
>> > some time. That time all other services like SSH were working fine.
>> >
>> > Can anybody suggests any configuration changes at Apache and OS/Kernel
>> > level
>> > to prevent from this type of attack ?
>> >
>> > Currently I am using following settings:
>> >
>> > Timeout 300
>> > KeepAlive On
>> > MaxKeepAliveRequests 100
>> > KeepAliveTimeout 5
>> > MinSpareServers 5
>> > MaxSpareServers 10
>> > StartServers 5
>> > MaxClients 150
>> > MaxRequestsPerChild 0
>> >
>> > Then Kernel settings are like :
>> > tcp_keepalive_time 7200
>> > tcp_keepalive_time 9
>> > tcp_keepalive_intvl 75
>> > tcp_syn_retries 5
>> > tcp_synack_retries 5
>> > tcp_fin_timeout 60
>> >
>>
>>  mod_evasive, formerly known as mod_dosevasive is a Apache module that
>> provides evasive maneuvers action in the event of an HTTP DoS or DDoS
>> (Denial of Service) attack or brute force attack at the web server. When
>> possible attacks are detected, mod_evasive will block the traffic from the
>> source for a specific duration of time, while reports abuses via email and
>> syslog facilities. Or administrators can configure mod_evasive to talk to
>> iptables, ipchains, firewalls, routers, and etc. to build a comprehensive
>> DDOS prevention system for the high traffic busy web server.
>> Else, for Apache 1.3.x,
>
>
>
> ....
>
>
I got one more suggetion from suggetion from ISP people to use
http://www.configserver.com/cp/csf.html as it is intigrated with Cpanel.

Have anybody used this tool before ? Any idea regarding this tool please...

Regards
Neelesh


More information about the Linuxers mailing list