Getting Protected From DoS Attacks With Apache
May 17, 2007
Firewall settings are great for preventing Denial of Service (DoS) attacks, however it may not always be your only solution. The day has finally arrived when I found this excellent module called mod_dosevasive (DoS Evasive) which keeps track of how many requests each client makes to your server within intervals. If a client is being forceful with your server and making too many requests, then it is more than likely not just a web browser but some automated process unleashed on your site to try and take it down.
This handy Apache module we have found takes care of these issues. Let's get started by setting it up.
View 3 Replies
ADVERTISEMENT
Aug 7, 2014
I have been trying to get password protected directories working on my Linode server. It works / behaves in a desktop browser somewhat but not like I am used to with hostmonster. Also for some reason my phone (windows phone just loads the page in the protected directory without prompting for a password. So I imagine there is some security thing I am missing that none of the info I have found searching talks about. Here is what I have done. I have created a password file and set the permissions correctly on that and it works on the desktop. However when I close the browser or open a private browsing session I am never prompted for a password again. It just feels insecure. Plus my windows phone just loads the page with no prompt. With hostmonster if I closed the browser window it would ask me for the username and password again. I also tested hostmonster directory passwords on my phone and it prompts for a username/password.
Here is what I have added to the apache2.conf file. The rest is pretty much default. There is no .htaccess file for that directory.
<Directory "/var/www/protected">
AllowOverride All
AuthType basic
AuthName "Enter Login"
AuthUserFile /etc/htpasswd/.htpasswd
Require valid-user
Order deny,allow
Allow from user1
</Directory>
It may be worth noting that I have two virtual sites / domain names running on this server at the moment however the one that is being used for this is the primary domain name.
OS: Debian 7.3
Apache 2.2.22
View 6 Replies
View Related
Oct 28, 2009
Hello, I want to buy a dedicate server which support DDOS,ACK,SYN .....
I can provide 500usd most
My friend introduce dragonara.net for me, but they don't support world of warcraft website.
Can you introduce one similar with dragonara ?
You can see details of dragonara provide
dragonara.net/ddos-protection.html
protect from all types of DDoS, which can be
TCP SYN Flood
Tribe Flood Network and Tribe Flood Network 2000
TCP SYN-ACK Reflection Flood (DRDoS)
HTTP Flood Attack
ICMP Echo Request Flood
TCP ACK Flood
UDP Flood Attack
UDP Flood Attack (Trinoo)
Features of Dragonara DDoS Mitigation service* Up to 14 Gbit/s or 10,000,000 PPS ddos attack mitigation* Automatic attacks detection* Full transparency, no <click here to continue> links* Multi-Gigabit protection* SEO friendly* ALL TCP BASED PROTOCOLS SUPPORTED (HTTP, SSL, DNS, UDP protocol support)* Load Balancing to the Customer's Server Farm* Advertise your network block /prefix using BGP
Individual 10gb+ DDoS Protection Suite.Full Managed DDoS Protection with 100% uptime guarantee for Corporate clients.We use 95% burstable billing scheme.SLA agreement;1000 mbit/s included (can be upgraded);Web Caching Service (optional);10+ Gig Protection Available;Money Back Guarantee.
Available for Customers - using Dragonara Colocation services- with own remote DC infrastructure. Clean traffic sent using GRE / OpenVPN / IPSec tunnels.We use 95% burstable billing scheme.SLA agreement; 10+ Gig Protection Available;Money Back Guarantee.ASK / 24 hours setup
View 14 Replies
View Related
Mar 20, 2008
Budget: $120-175. Decent amount of IPs (32+ preferable)
Need it relatively soon.
GodsHost/Awknet is out of stock completely.
Staminus is out of stock except for $700 servers.
Gigeservers has a $150 setup fee that I don't really like, but if desperate, maybe.
Sharktech is **** and there is no way I will even consider them.
DDoS protected meaning nothing too large scale - I just need basic protection against 12 year olds that have pbots.
Any other ideas?
View 10 Replies
View Related
Sep 8, 2008
Are there any places other than Staminus/Gige/Sharktech Awknet that can protect against small/basic bandwidth attacks (not application attacks, http floods, etc), 5-7Gbps+, occasional up to 10?
View 14 Replies
View Related
Apr 21, 2009
Where can I get a DDoS protected shared plan?
View 14 Replies
View Related
Feb 17, 2008
A client wants to FTP some files to my server but I don't want him to see/have access to all the other stuff on the server. Is there a way that I can 'corden-off' an area for him to FTP stuff to? A password protected area perhaps?
View 2 Replies
View Related
Dec 16, 2007
I was wondering if it would be advisable to use the Password Protected Directory option in cPanels to limit part of my website to no more than 1,000 paying customers (yearly subsciption). Can cPanels handle this? Would accessing .htaccess and .htpassword to authenticate be too slow? Would management become too much? Has anyone attempted this? Are there any good alternatives such as open source programs? I've looked and found a few that are expensive and do way more than what I need.
View 2 Replies
View Related
May 25, 2009
Datacenter in California USA will be better,
View 8 Replies
View Related
Feb 22, 2008
After being hit by a DDoS (managed to evade it for a while, but it's still painful due to downtimes) I'm looking for a DDoS-protected server somewhere in Europe. I don't care about the exact location, it just has to be outside Canada and the USA. I do not require a lot of traffic - using just about 1.5GBs per day, diskspace also is not an issue, so the main things is the DDoS protection, connection availability and the general level of service.
Searching through this forum, I've found the only possible option for a DDoS-protected being DataPipe (contacted and awaiting for a quote already). Have I missed something else? Are there any alternative good hosters with reliable networks and protection in the EU?
View 7 Replies
View Related
Oct 13, 2008
1. towards blocking a very large upscale DDoS attack coming from a large botnet. Physical firewall will not help, due to the attack still entering the network, thus causing trouble for the companies other clients.
2. Or dedicated server companies in Europe that can provide protection against this.
View 5 Replies
View Related
Mar 22, 2007
I have 2 domains on 1 account. My main website is www.aviationcafe.net and i added on www.modelcuir.com thats what it looks like to the public. But with my host it will be www.modelcuir.aviationcafe.net.
I noticed in the files area that modelcuir is it's own file, i can password protect that but it will stop people getting onto the website completly and i only want to stop them getting into the members area.
I can't create a members area either unless i can add a new folder which i can't i dont think.
View 2 Replies
View Related
Nov 19, 2007
I've got a file I want to access via cURL that is within a password protected directory.
I've tried sending:
Code:
$headers = array(
"HTTP_AUTH_LOGIN: admin3e",
"HTTP_AUTH_PASSWD: opensesame",
"Content-Type: text/html"
);
curl_setopt($curl, CUROPT_HTTPHEADER, &$headers);
(insecure)
and:
Code:
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, '[user]:[pass]');
but I can't figure out how to get past the login:
Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Apache/2.0.52 (CentOS) Server at ****** Port 80
View 3 Replies
View Related
Nov 7, 2009
I am looking for a DDOS protected server ( IRC ).
What are your recommendations?
I already contacted Gige, but they are not answering.
At this moment server is with Theplanet, but their Cisco guard is not doing good job at all.
Server also used to be @ Softlayer, but they nullroute IP as soon as that specific IP is attacked.
I also looked @ Staminus, see that they offer up to 500mbps protection for $200 a month, which is okay, but i would like to see other options as well.
View 14 Replies
View Related
Feb 5, 2009
have built quite a library of music now. It would be great if I could upload music to my hosting account, and then just access it from my phone. Would that be allowed so long as I did not share this music with others? Where might I be able to set this up? I checked with hostgator and they said it was not okay.
View 9 Replies
View Related
Apr 23, 2009
im hosted on futurehosting and truly they rock with gr8 support and instant services, 3-4 small sites but today whole day it was down due to apparently DDOS attack - as per my hosts response. read history here [url]
When i took FH i had done some research and thought its 100% managed VPS - i never knew its not proactive managed service etc! frankly i did ask on WHT and FH was the most recommended and truly they have lived up to it and i have no complains but just that maybe my requirement is a more proactive support service:-)
seems i need to move on - to som1 who can handle DDOS attacks + offer proactive monitoring which FH says it doesn't offer
1. LiquidWeb.com promises DDOS protections under their [url]
2. another option seems [url]
3. am told wiredtree would work well too for a complete newbie like me ?
View 14 Replies
View Related
May 24, 2014
On Plesk 11.5 / Centos 6.5 / Linux
I normally protect a given directory in the Plesk Contral Panel with a Username / Password. I would like to bypass the username and password for visitors from one IP.
View 3 Replies
View Related
Nov 2, 2014
I have several customers with wordpress domains. I want to protect these directory's with Nginx on a plesk 12 machine.
I thought:
location /wp-admin/ {
allow 123.123.123.123;
deny all;
satisfy all;
}
would do the trick, but no go, nginx isnt passing it to apache by the looks of it. I tried all kinds of possible solutions but cant get it to work. It works with files though. The logfile says directory index of "/var/www/vhosts/testdomain.eu/httpdocs/wp-admin/" is forbidden. This makes sense, since its turned off.
How to get this to work with plesk 12 and nginx ?
View 2 Replies
View Related
May 26, 2008
We are looking for dedicated server which ddos protection for IRC Hosting. Our budget is $170 USD/month with expect 128+ Ips.
View 8 Replies
View Related
Jul 4, 2014
I have this big problem, when I try to create a new signature, it returns me this error (ProtDir_IIS :: update () failed: Add Protected Directory failed: columns SiteId, path are not unique (Error code 1)).
View 3 Replies
View Related
Aug 29, 2014
I have a problem with users that want to download files that are in a protected folder. They don't get the login popup when the click on a link, if they use a direct url then they get the login but the download doesn't begin.
iPhone OS 7.12
Plesk Control Panel version: psa v8.4.0_build20080505.00 os_Windows 2003/2008
Operating systemMicrosoft: Windows 5.2;build-3790;sp2.0;suite272;product3
View 2 Replies
View Related
Oct 16, 2014
Plesk 11.5.30 Update #47
When I look in a directory password protected by the Plesk Panel, I don't see an .htaccess file...
So, how does Plesk password protect directories?
And, is it possible to add functionality that would limit number of login attempts, and block an offending IP for a period of time?
View 2 Replies
View Related
Oct 26, 2007
I'm getting DoS attacks on my new dedicated server and I've had about 600 emails from my server about IP bannings. I can't even access my server via WHM at all at the moment! The sites are still online and the server is up but I can't log into WHM. What can I do to remedy this?
Also I can't quite understand why anyone would conduct a DoS attack in the first place...
View 7 Replies
View Related
Mar 9, 2008
I have a VPS that's on the awknet network and I'm receiving DNS DDoS and I don't think they have anything to stop these attacks, how can I prevent these?
View 4 Replies
View Related
May 9, 2007
I seem to be getting a lot of mail attacks to accounts located on the server. However, most of the email addresses do not exist and therefore the emails are bouncing back and getting stuck in my mail queue manager. There are something like 20 emails per minute getting stacked up in there and it is causing a massive load on the server.
How can I stop these attacks?
View 5 Replies
View Related
May 22, 2007
my webserver defaced with this persons name all over my site.
I was reading and it said JaMaYcKa does this things through a cPanel bug.
Apparently our entire host has been hacked too. I'm very dissapointed as I was on the verge of starting one of my most biggest projects and now it's gone. :'(
View 14 Replies
View Related
Jun 25, 2008
one of my costumers server is getting ddos attacks. I solved syn and get attacks with litespeed web server but I have another problem. They started to do udp flood. I m losing connection to my server. I bought new server with 1 gbit port for solving it.
View 3 Replies
View Related
Mar 31, 2009
This is a quote from an unrelated thread in the Dedicated Server Forum, I didnt want to hijack the thread so thought I would bring my question over here:
Quote:
Originally Posted by HRDev Hady
I believe they use BurstNet, which isn't really a good choice for DDoS-prone sites as their Top Layer devices don't seem to handle attacks very well in my opinion. If you're running a DDoS prone site, you'd likely be better off with a DDoS-specialized provider such as Awknet, Staminus, or Black Lotus. But as mentioned, a lot of attacks can be stopped simply by proper tuning of your IP stack and some simple firewall rules.
My question is as a new Dedicated Server Owner what tuning and rules do I need to implement in order to protect me from these "small scale DDoS Attacks"?
I do not run a DDoS prone site(i hope not lol) but I want to secure myself as much as possible and have a headache free run other than the headaches I cause myself of course.
View 5 Replies
View Related
Oct 31, 2009
Recently, i hosted my domain with two different servers. but both of them were attacked by malwares and viruses. Google also started showing warning like "This site may harm your computer".
Now i can't open my site on firefox (it gives security warning)... when i open in explorer , my index page is totally changed.
Is there a solution for that? Which linux server will be best to protect my site from malware attacks.
View 7 Replies
View Related
Oct 11, 2009
I can see lot of MSSQL Server attacks. In event viewer "Login failed for user 'sa'. [CLIENT: Some IP]"
Most of the attack coming from Chaina. Tipically what I'm doing manually is get that entire IP range and block from Windows Firewall level.
Now I have plenty of blocked IP ranges all over the world.
What would be the best way to avoid from those kind of attacks ?
View 6 Replies
View Related
