On Wed, Jun 24, 2009 at 12:46 PM, Neelesh Gurjar neel.hjs@gmail.com wrote:

Neelesh Gurjar neel.hjs@gmail.com

...

wrote:

...

Hi, I have a web server which has CentOS Linux 2.6.18-028stab059.6-ent

kernel

...

and Apache 1.3.37 running on it.

2 days back I got one script to test DoS attack on website. It is called slowloris.pl from http://ha.ckers.org/slowloris/

I run that script against my server and it worked. It stopped my website for some time. That time all other services like SSH were working fine.

Can anybody suggests any configuration changes at Apache and OS/Kernel level to prevent from this type of attack ?

Currently I am using following settings:

Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 MinSpareServers 5 MaxSpareServers 10 StartServers 5 MaxClients 150 MaxRequestsPerChild 0

Then Kernel settings are like : tcp_keepalive_time 7200 tcp_keepalive_time 9 tcp_keepalive_intvl 75 tcp_syn_retries 5 tcp_synack_retries 5 tcp_fin_timeout 60

mod_evasive, formerly known as mod_dosevasive is a Apache module that provides evasive maneuvers action in the event of an HTTP DoS or DDoS (Denial of Service) attack or brute force attack at the web server. When possible attacks are detected, mod_evasive will block the traffic from the source for a specific duration of time, while reports abuses via email and syslog facilities. Or administrators can configure mod_evasive to talk to iptables, ipchains, firewalls, routers, and etc. to build a comprehensive DDOS prevention system for the high traffic busy web server. Else, for Apache 1.3.x,

....

I got one more suggetion from suggetion from ISP people to use http://www.configserver.com/cp/csf.html as it is intigrated with Cpanel.

Have anybody used this tool before ? Any idea regarding this tool please...

Regards Neelesh