| Author |
|
tdonovan
Moderator
Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
|
 Posted: Wed 28 May '08 2:24 Post subject: |
 |
|
re: "tdonovan, can you please share your compiled for 2.2.8 version of dosevasive?"This build is completely untested (I don't use it), so please test it carefully!
It would be helpful if you could post your testing results here for anyone else who might want to use it.
re: "I tryed to use old dosevasive for apache 2.2.4-6, but it`s a bit laggy."This is pretty much the exact same code, just compiled with VC8 - so I'm not sure it will be a lot different.
Do you mean it was slow, or was something else wrong with the 2.2.4 version? -tom- |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Wed 28 May '08 22:49 Post subject: |
|
|
My findings with this module (VC6) with what little time I tested it was:
I hammered three consecutive requests and I get a 403 on third, and continue getting 403 till I give it 10 seconds rest ... seems like that is exactly what it claims to do so it seems to work. One would have to disable it before running ab.exe on it, that is for sure. In my opinion it seems to not go far enough however, I think one would want it to deny access and simply drop connection with no response after so many hits over the first 3, sending back large amounts of 403 responses I think could still drown someones outbound connection, especially those of us who do not have 1Mb+ outbound bandwidth.
I am curious why logging to mod_dosevasive was disabled. One logging node however it seems was kept and output sent to /tmp, then it seems never used again.
Tom, thanks for the compile instructions.
Steffen, thanks for porting it. |
|
| Back to top |
|
grag
Joined: 29 Jan 2010
Posts: 2
|
| Posted: Fri 29 Jan '10 15:51 Post subject: |
|
|
Hi guys!
Can you help me to compiled mod_dosevasive2.2 for apache 2.2.14?
so or dll was a great-full
thanks |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 02 Feb '10 3:00 Post subject: |
|
|
| why not just use the one in Tom's post. The file is still there behind the link. |
|
| Back to top |
|
grag
Joined: 29 Jan 2010
Posts: 2
|
| Posted: Tue 02 Feb '10 13:08 Post subject: |
|
|
glsmith, because this version haven't stable work with apache 2.2.14.
I'm don't know 'why'?
I've a stable work with compile .dll version above apache 2.2.6, but i'm need 2.2.14 version to use |
|
| Back to top |
|
Jura
Joined: 08 Jun 2006
Posts: 12
|
| Posted: Tue 09 Mar '10 11:38 Post subject: |
|
|
| It works fine for me under 2.2.14 version... |
|
| Back to top |
|
uberduck
Joined: 16 Oct 2010
Posts: 1
|
| Posted: Sat 16 Oct '10 19:32 Post subject: |
|
|
| Jura wrote: | | It works fine for me under 2.2.14 version... |
Would you mind telling me the procedures you have taken to install this mod?
I've tried copying the .so and .c file into apache module folder, and adding the LoadModule and IfModule directives, the apache starts up fine, but I no 403 were shown even when I was refreshing the page like crazy!
BTW I am seeing a bunch of logs in the error.log, saying an ip has been denied by server configuration (Possible DOS Attack) but i have no idea if it's restricted by mod_security or mod_evasive  |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Sat 16 Oct '10 21:34 Post subject: |
|
|
| Code: | /* END DoS Evasive Maneuvers Code */
if (ret == HTTP_FORBIDDEN
&& (ap_satisfies(r) != SATISFY_ANY || !ap_some_auth_required(r))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"client denied by server configuration: %s (Possible DOS Attack)",
r->filename);
}
|
I'd say that is mod_dosevasive making the noise as shown in the code above, taken from the source.
That your browser is still showing you something is strange, unless it is pulling up a copy from it's cache. However, if it is maybe graphics on the page that are 403ing, you may still see most of the page but certain graphics may be missing.
I won't use this module, a million 403 returns from the server to a million bogus requests DDOSing me is still going to clog the pipe, so why bother, ride it out or change IPs which for me is rather easy. If it's just a few sources trying to DDOS me, I kill them at the firewall. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Sat 16 Oct '10 22:05 Post subject: |
|
|
Oh, but to answer your actual question, I guess I can't since I cannot find my config from way back when, took me forever to find but I did find this which explains the config options.
INSTALL
Copy mod_dosevasive.so to your Apache 2.2.x modules folder
.../apache22/modules/mod_dosevasive.so
# Add to your httpd.conf:
LoadModule dosevasive22_module modules/mod_dosevasive22.so
EXAMPLE CONFIGURATION:
This section is intended for people that want to modify some of the default settings. There is no requirement to do this. The below example is using the default settings built into the module.
<IfModule dosevasive22_module>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
The following is a description of all the settings/variables:
DOSHashTableSize
Size of the hash table. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.
DOSPageCount
Number of requests for the same page within the 'DOSPageInterval' interval that will get an IP address added to the blocking list.
DOSSiteCount
Same as 'DOSPageCount', but corresponds to the number of requests for a given site, and uses the 'DOSSiteInterval' interval.
DOSPageInterval
Interval for the 'DOSPageCount' threshold in second intervals.
DOSSiteInterval
Interval for the 'DOSSiteCount' threshold in second intervals.
DOSBlockingPeriod
Blocking period in seconds if any of the thresholds are met. The user will recieve a 403 (Forbidden) when blocked, and the timer will be reset each time the site gets hit when the user is still blocked.
Have fun! |
|
| Back to top |
|
Schnielz
Joined: 21 Nov 2010
Posts: 1
|
| Posted: Sun 21 Nov '10 16:12 Post subject: |
|
|
| You guys made my day! |
|
| Back to top |
|
powergo
Joined: 04 Jan 2011
Posts: 1
|
|
| Back to top |
|
prophet.six
Joined: 27 May 2011
Posts: 1
|
| Posted: Fri 27 May '11 22:21 Post subject: mod_dosevasive22 & Apache 2.2.19 |
|
|
Using the compiled module from tdonovan in this post, I was able to setup mod_dosevasive22 on my new installation of Apache 2.2.19 runing on an XP box and it works without any problems.
This seems like a decent tool for brute force password protection but not so much for DoS attacks, unless the 403 response is less burdensome on the server which it very well may be.
New user and first time poster here, I'm happy to have found this site as it is a treasure trove of information. Good work. |
|
| Back to top |
|
ZoHaN
Joined: 11 Dec 2011
Posts: 1
Location: ROMANIA
|
| Posted: Sun 11 Dec '11 4:26 Post subject: |
|
|
i have try to use this but is not working so well for me i have W2003 server , and i have wat i have read to be a Ddos Atack 5200 TCP connects /s flood my website and because of it is down
please advice i have Apache 2.2 from Xampp , and from this attack i have my CPU load 100% , and even my firewall cant take the load of bloking all the conections becasue then he will load the CPU 100% so i need somting that will deny acces i was full of hope wen i read of this mod_evasive , but i have seen only linux part i need for Win2003 serv |
|
| Back to top |
|
