Apache DDoS Module
Mar 8, 2007What wil be the best way to protect an Apache server from a DDoS attack? Is there an Apache module for this type of problem?
View 14 RepliesWhat wil be the best way to protect an Apache server from a DDoS attack? Is there an Apache module for this type of problem?
View 14 RepliesWhat are the advantages/disadvantages of running PHP as Apache module vs. running PHP as CGI module on your server?
View 5 Replies View RelatedI would like to know is there any module for Apache which can collect information like who is surfing our website and how many pages they have accessed in last one hour. I know awstats or webalizer can do this but i need some thing realtime on apache level.
View 4 Replies View RelatedI found a script that updated php to 5.5, however it's only enabling me to run it as a CGI script, if I want to run PHP an Apache module, it's still only 5.3. How can I upgrade the Apache version?
View 3 Replies View RelatedI have a server running Apache 2 with PHP as an Apache module. There are a few php scripts that use lots of cpu when they run and have lots of hits, but Apache is still running fine and pages and php scripts load pretty fast. I was just wondering if running PHP as fastcgi would use less cpu or make php scripts load faster.
View 0 Replies View Relatedi have a dedicated server that i use for stream flv files. In this server i have apache. 
Do you know any apache solution for prevent streaming of flv files to others domain name ? I want to stop leeching and permit stream of files only for my domain name. The htaccess solution in my case don't works...
I have recently installed the latest version of apache which is version 2.2.4 and it seems many modules were left out so I decided to add one of my favorite modules myself
I have DirectAdmin install so here is what I did
I edited this file: configure.apache_2
and at the end of the file added --enable-expires 
After adding normally we would recompile apache I was doing that and I got this error 
Code:
/usr/local/directadmin/customapache/configure.apache_2: line 24: --enable-expires: command not found
*** There was an error while trying to configure Apache 2. Check the configure.apache_2 file
Not sure what I'm doing wrong if someone could help me I would be greatful.
I have some questions about the LDAP authentication module.I have a LDAP authentication with this config:
<AuthnProviderAlias ldap ldap-account>
   AuthLDAPBindDN "CN=directory search,OU=Service-User,DC=company,DC=ch"
   AuthLDAPBindPassword "xxxxx"
   AuthLDAPURL "ldap://ldap.company.ch/ou=Users,dc=company,dc=ch?sAMAccountName?sub?(objectClass=*)"
</AuthnProviderAlias>
If a User logs in with username only, all works correct. If a user use the DomainUsername format, the login is rejected with "user not found".Should it not work with both login styles ? Or is there a option to reformat or rewrite the username before authentication without the "Domain part ? 
I am trying to migrate a VPS with:
- Plesk 12 (v12.0.18 Update #40) and 
- Linux CentOS 6.6 (v2.6.32-504.12.2.el6.x86_64) 
to another VPS with:
- Plesk 12 (v12.0.18_build1200140606.15) and 
- Linux CentOS 6.6 (v2.6.32-504.12.2.el6.x86_64)
I tried to do the following:
- Tools & Settings / Tools & Resources / Migration & Transfer Manager / Start New Migration
- Data source: Transfer data from another server
- Transfer the following data / Migrate the whole server
Following error/warrning message is recieved then:The following Apache modules are disabled on the destination server: sysenv. Please enable these modules to prevent possible problems.
I am experiencing this problem right now. None of my website is running. But httpd status says running. What's wrong?
[root@cent cron]# apachectl restart
[Mon Apr 13 20:10:11 2008] [warn] module php5_module is already loaded, skipping
[root@cent cron]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: [Mon Apr 13 20:10:55 2008] [warn] module php5_module is already loaded, skipping
[root@cent cron]# service httpd status
httpd (pid 24100 24099 24098 24097 24096 24094) is running...
I have been a web developer using PHP for years now, and my work laptop runs CentOS with PHP5 as an Apache Module. This suits me just fine for development, but now I want to setup a web server that runs PHP 4.4.8 and PHP 5.2.5 and offer hosting to people. I know PHP4 is very old, but I am looking to offer my users the freedom of choice, as there are still third party applications out there that may need to be run on PHP4.
I will want PHP 5 to be the default, and allow PHP 4 to be used if either the file extension is .php4, or they have a line in their .htaccess file. I have seen various tutorials in search engine results saying to run both, I can either do one of the following:
1. Install PHP5 as a module, and run PHP4 using FastCGI
2. Install PHP5 and PHP4 and run both using FastCGI
3. Install PHP4 as a module, and run PHP5 using FastCGI
In the future I will also be looking to support PHP6 once a stable version has been released, though that will probably be optional to begin with and require a line in the .htaccess file too - like PHP4. I will be using Apache 2.2.8 on CentOS 5.1. I am also looking to install Ruby on Rails and Django too, which I think use FastCGI.
What's the difference between running as an Apache Module, or using FastCGI? This will be for a shared hosting environment so performance over lots of connections, stability and security are my concerns. Should I run everything using FastCGI, if not, would the default PHP version be better off installed as an Apache Module?
How to be able to fix my problem that is related to the https using apache2 (enabling https in apache2) at opensuse:
By the way, my opensuse version is:
openSUSE 12.1 (x86_64)
VERSION = 12.1
CODENAME = Asparagus
1) At the /etc/apache2/vhosts.d/vhost-ssl.conf, and if I do not have a name (as the server will be accessed using its IP address), can I place in the ServerName 192.168.0.5? Do I have to place it 192.168.0.5:443 or it is enough to be 192.168.0.5?
2) Is there a relation between the SSLCipherSuite values and the used method to generate the certificate? 
3) I am afraid from the way that I am using to generate the certificate and the ssl module that is coming with apache2 at my machine which has opensuse. How can I select the right way?
Actually I used following commands to generate the .crt, .key and the .csr:
openssl genrsa -des3 
openssl req -new -x509
openssl x509 -req
And that was from this link: [URL] .... But did not work with me !
Meanwhile I am placing:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
4) Do I have to configure the virualhost? Do I have to create files under the directory /etc/apache2/vhosts.d? Because I will have one application to be browsed .. nothing more. 
Is there a possibility to enable php-fpm serverwide and to disable running php as apache on the server? 
This for both existing subscriptions as for new subscriptions ?
to install mod_evasive module on our Apache2 that runs on Fedora server. However, for that we need Apache's apxs to compile it. We found out that we can do that by running the
yum install httpd-devel
However, when we run that, we get the following:
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 httpd-devel             i386       2.2.8-1.fc7      updates           144 k
Updating:
 httpd                   i386       2.2.8-1.fc7      updates           1.0 M
 openldap                i386       2.3.34-7.fc7     updates           291 k
Installing for dependencies:
 apr-devel               i386       1.2.8-6          fedora            170 k
 apr-util-devel          i386       1.2.10-1.fc7     updates            54 k
 cyrus-sasl-devel        i386       2.1.22-8.fc7     updates           351 k
 db4-devel               i386       4.5.20-5.fc7     fedora            2.3 M
 expat-devel             i386       1.95.8-9         fedora            129 k
 openldap-devel          i386       2.3.34-7.fc7     updates           1.5 M
Updating for dependencies:
 httpd-manual            i386       2.2.8-1.fc7      updates           821 k
 mod_ssl                 i386       1:2.2.8-1.fc7    updates            85 k
 openldap-clients        i386       2.3.34-7.fc7     updates           179 k
Transaction Summary
==========================================
Install      7 Package(s)
Update       5 Package(s)
Remove       0 Package(s)
Total download size: 7.0 M
We're kind of cautios, because we have never updated Apache on our live server. We'd prefer if we could download and install just the httpd-devel module. Is this possible?
If not, would this mess up any of our existing configuration? Could we expect any problems? And do we need to shut Apache down, then run the updates and only then restart it?
Hosting Settings
There is no php support - so i can“t change or choose running as apache module or cgi application (s. screenshot)...
OS Ubuntu 12.04.5 LTS
Panel version 11.5.30 Update #50, last updated at July 17, 2015 03:46 AM
how to defend from this attack type?
CSF firewall installed, Dos-deflate installed,  and again lot of apache processes
------------------
88.233.53.100 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.235.13.14 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.229.215.146 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
85.106.189.35 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.252.155.246 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
85.108.124.1 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.233.53.100 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.226.149.225 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
78.166.58.95 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
78.167.193.154 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.241.234.16 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.252.156.36 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.228.71.122 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.240.205.51 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.231.168.63 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
78.167.71.2 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.231.32.190 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.228.30.110 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.240.205.51 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
78.167.71.2 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.235.13.14 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
81.215.152.40 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
85.104.35.67 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
81.215.152.40 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
78.165.159.246 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.252.155.246 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
78.166.58.95 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.242.244.121 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
85.104.35.67 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
88.240.205.51 - - [25/Feb/2008:10:15:53 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
78.166.30.163 - - [25/Feb/2008:10:15:48 -0600] "GET / HTTP/1.1" 200 10792 "-" "-"
Anybody have good experiences with some software based Apache 2.2 ddos protection. Im trying to find something similar then mod_evasive.
It's just that evasive won't work with Apache 2.2. It actually works, but it does not do what it is supposed to do.
Have tryed many different configuration, but it just won't do it.
After Googling i found out that many have suffered same kind of experiences with mod_Evasive and Apache2.2
I guess it is not working cos we got Peruser there. http://www.telana.com/peruser.php
Means that there is many differend child processes and evasive don't share data between childs.
So suggest me something. This is coming on prodution server with hundreds of domains so it has to be stable, fast and rock solid.
way to secure apache from ddos attack's on centos 5.3.
View 7 Replies View RelatedI have a question related DDOS attack. My hosting provider told me that my Server was DDos attacked few days ago. But in those days my server worked fine only apache server was down. The strange fact is that in the same day with this "DDOS attack" one of theyr admins worked something on SSL section of my server and during this operation the SSL hosts were down and httpd worked slow. 
Inthe passed 3 months httpd worked very slow and after 2-3 restarts of httpd service the load droped down below 3.00 . I believe theyr httpd service was already with problems and that SSL configuration cause that apache failure in that day with "ddos attack"
I repeat in that day ONLY ssl hosts worked fine and non SSL hosts were down.
It's possibile on DDOS attack that load to be unde 0.5 , SSL hosts to work fine, FTP, Mail and other stuf to work like there is nobody on server (VERY FAST)?
it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229
What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.
I am looking for some good ddos protection providers, via protected dns. I've searched on internet, but most of them are really expensive.
Please tell me some ddos protection providers what could help me.(gige is too expensive btw).
And I found some ddos protection scripts. How can a script protected a server from ddos? A sript like CSF or DDoS deflate?
I didn't know if it should go in here on in Web Hosting.
One of the prospective hosts I'm looking at for shared hosting uses a phrase I'm not sure about what it means and the sales person I spoke to didn't know, either (and he tried to fudge it, which is worse than admitting you don't know.)
Anyway, one of the phrases used that I haven't seen anywhere else is that they have php5 "as a module" and I'm not sure what is meant by that. Each account is running a stand-alone instance of php? php5 is a module that's installed upon customer request?
how can i chek that my iptables firewall have this module?
ipt_recent
and if it is not installed... 
Trying to troubleshoot an exploit where the code redirecting people to exploit sites is not in the website. I think a module is being loaded dynamically, but I am not seeing the entry point in the access logs. I restart httpd and the problem goes away temporarily.
Anyone see anything fishy? 
==================
HTTPD  MODULES
==================
[root@xxx ~]# httpd -L
<Directory (core.c)
        Container for directives affecting resources located in the specified directories
        Allowed in *.conf only outside <Directory>, <Files> or <Location>
<Location (core.c)
        Container for directives affecting resources accessed through the specified URL paths
        Allowed in *.conf only outside <Directory>, <Files> or <Location>
<VirtualHost (core.c)
        Container to map directives to a particular virtual host, takes one or more host addresses
        Allowed in *.conf only outside <Directory>, <Files> or <Location>
<Files (core.c)
        Container for directives affecting files matching specified patterns
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
<Limit (core.c)
        Container for authentication directives when accessed using specified HTTP methods
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
<LimitExcept (core.c)
        Container for authentication directives to be applied when any HTTP method other than those specified is used to access the resource
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
<IfModule (core.c)
        Container for directives based on existance of specified modules
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
<IfDefine (core.c)
        Container for directives based on existance of command line defines
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
<DirectoryMatch (core.c)
        Container for directives affecting resources located in the specified directories
        Allowed in *.conf only outside <Directory>, <Files> or <Location>
<LocationMatch (core.c)
        Container for directives affecting resources accessed through the specified URL paths
        Allowed in *.conf only outside <Directory>, <Files> or <Location>
<FilesMatch (core.c)
        Container for directives affecting files matching specified patterns
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
AuthType (core.c)
        An HTTP authorization type (e.g., "Basic")
        Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess
        when AllowOverride includes AuthConfig
AuthName (core.c)
        The authentication realm (e.g. "Members Only")
        Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess
        when AllowOverride includes AuthConfig
Require (core.c)
        Selects which authenticated users or groups may access a protected space
        Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess
        when AllowOverride includes AuthConfig
Satisfy (core.c)
        access policy if both allow and require used ('all' or 'any')
        Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess
        when AllowOverride includes AuthConfig
AddDefaultCharset (core.c)
        The name of the default charset to add to any Content-Type without one or 'Off' to disable
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
AcceptPathInfo (core.c)
        Set to on or off for PATH_INFO to be accepted by handlers, or default for the per-handler preference
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
AccessFileName (core.c)
        Name(s) of per-directory config files (default: .htaccess)
        Allowed in *.conf only outside <Directory>, <Files> or <Location>
DocumentRoot (core.c)
        Root directory of the document tree
        Allowed in *.conf only outside <Directory>, <Files> or <Location>
ErrorDocument (core.c)
        Change responses for HTTP errors
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
AllowOverride (core.c)
        Controls what groups of directives can be configured by per-directory config files
        Allowed in *.conf only inside <Directory>, <Files> or <Location>
Options (core.c)
        Set a number of attributes for a given directory
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Options
DefaultType (core.c)
        the default MIME type for untypable files
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo...
while am installing some programs there is some problem in my php
PHP GD Module Not Found
how could i install it in SSH root?
I am trying to configure a 2.6.18 kernel and I cannot get it to read the raid5 module since my system is utilizing a software RAID5.
Whenever I build I receive the following error:
[root@localhost linux-2.6.18.8]# make install
sh /root/kernel/linux-2.6.18.8/arch/x86_64/boot/install.sh 2.6.18 arch/x86_64/boot/bzImage System.map "/boot"
WARNING: No module raid5 found for kernel 2.6.18, continuing anyway
I have tried versions 2.6.18 and 2.6.18.8 and both give me the same issue.
I have CONFIG_MD_RAID456=m in my .config so the module should be getting configured.
I tried ignoring the warning but when I boot up my system in 2.6.18 I get a kernel panic error, could not sync.  (I'm guessing because it doesn't have the RAID module).  Everything works fine when I boot up in the 2.6.9 CentOS kernel.
I've bought a basic unmanaged VPS, purely to learn things from it. The best way to learn imo is to hammer the hell out of things, break it, then try to fix it. Anyway, I think I'm part way there, pretty sure I've broken something 
When I start the consoleSSH I get this at the top:
Warning: Unknown iptable module: xt_NFQUEUE, skipped
Warning: Unknown iptable module: xt_mark"IPTABLES="ipt_REJECT, skipped
Warning: Unknown iptable module: xt_NFQUEUE, skipped
Warning: Unknown iptable module: xt_mark"IPTABLES="ipt_REJECT, skipped
Warning: Unknown iptable module: xt_NFQUEUE, skipped
Warning: Unknown iptable module: xt_mark, skipped
Any ideas what's causing it and how I can fix it? ..............
how I can get rid of this?
Code:
[28-Oct-2009 16:01:08] PHP Warning:  Module 'eAccelerator' already loaded in Unknown on line 0
Check it out:
[url]
I have nothing to do with it. Just passing it along. 
What is veportal?
vePortal is a VPS                              Commanding total system control Web-Based system                              that utilizes PHP Hyper-Threading resulting in major                              acceleration over competing products, As long as                              your server can meet the recommended system                              requirements our control panel and your users will                              never wait for a page to load for longer than the                              average website.
I have 5 servers spread out in different locations running Fedora Core, Webmin, and OpenVPN.
My most recent one I signed up with on here and for 2 weeks I have been doing various things to speed it up such as remove ipv6, change the dns servers, etc. and rebooting after making such changes.
Things were working properly and the server was rebooted last about 3 days ago after installing OpenVPN and Webmin. Yesterday afternoon the server suddenly stopped responding and dropped its VPN connections. I created a ticket with my hosts support center and they told me that the network module was uninstalled.
Is this possible? I have NEVER heard of any software uninstalling a network module and even more so suddenly stopping the service to uninstall it without a reboot?
Did my host just try to screw me to get a reimage fee on their cheap server?