Mod_Evasive - Testing Remotely
Apr 11, 2007
I have 2 questions here.
1. I have installed mod_evasive version 1.10.1 on a Cent OS 4.4 server.
I'm using the test.pl script that comes with mod_evasive to test the configuration and when running the script from the same server mod_Evasive is installed. The mod_evasive is able to detect the intrusion and block the IP of the server.
If I use the same test.pl script from an external server the requests come in and are viewable in the access log but mod_evasive doesnt block the IP of the external server. Probably is not blocing the ip of the external server because of latency.
Is there a way to modify the test.pl script to make it more agressive and get results when testing from an external server?
Here I'm pasting the code of the test.pl script:
Quote:
#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness
use IO:Socket;
use strict;
for(0..100) {
my($response);
my($SOCKET) = new IO:Socket::INET( Proto => "tcp",
PeerAddr=> "test.domain.tld:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0
";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}
2. Also, I have sendmail installed and on the mod_evasive config I have email address specified on DOSEmailNotify. When testing from the internal server with the test.pl script the server is able to block the ip, put in the hash table but it never sends an email to my email address.
View 0 Replies
ADVERTISEMENT
Apr 10, 2007
I have 2 questions here.
1. I have installed mod_evasive version 1.10.1 on a Cent OS 4.4 server.
I'm using the test.pl script that comes with mod_evasive to test the configuration and when running the script from the same server mod_Evasive is installed. The mod_evasive is able to detect the intrusion and block the IP of the server.
If I use the same test.pl script from an external server the requests come in and are viewable in the access log but mod_evasive doesnt block the IP of the external server.
Probably is not blocing the ip of the external server because of latency.
Is there a way to modify the test.pl script to make it more agressive and get results when testing from an external server?
Here I'm pasting the code of the test.pl script:
Quote:
#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness
use IO:ocket;
use strict;
for(0..100) {
my($response);
my($SOCKET) = new IO:ocket::INET( Proto => "tcp",
PeerAddr=> "test.domain.tld:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0
";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}
2. Also, I have sendmail installed and on the mod_evasive config I have email address specified on DOSEmailNotify. When testing from the internal server with the test.pl script the server is able to block the ip, put in the hash table but it never sends an email to my email address.
View 0 Replies
View Related
Apr 2, 2007
I have 2 questions here.
1. I have installed mod_evasive version 1.10.1 on a Cent OS 4.4 server.
I'm using the test.pl script that comes with mod_evasive to test the configuration and when running the script from the same server mod_Evasive is installed. The mod_evasive is able to detect the intrusion and block the IP of the server.
If I use the same test.pl script from an external server the requests come in and are viewable in the access log but mod_evasive doesnt block the IP of the external server. Probably is not blocing the ip of the external server because of latency.
Is there a way to modify the test.pl script to make it more agressive and get results when testing from an external server?
Here I'm pasting the code of the test.pl script:
Code:
#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness
use IO::Socket;
use strict;
for(0..100) {
my($response);
my($SOCKET) = new IO::Socket::INET( Proto => "tcp",
PeerAddr=> "test.domain.tld:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0
";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}
2. Also, I have sendmail installed and on the mod_evasive config I have email address specified on DOSEmailNotify. When testing from the internal server with the test.pl script the server is able to block the ip, put in the hash table but it never sends an email to my email address.
View 0 Replies
View Related
Mar 31, 2007
id like to set up apache on a spare pc i have lying around, for local dev. id like to stick it in the back of a closet (no screen, kb or mouse) but im wondering how i can best access it from my main computers. is there some kind of decent and preferably free remote desktop application that can be used for this?
i know i can access the xampp installation via the ip address, but inevitably ill also have to access whatever OS i decide to install on it (xp or ubuntu)
View 3 Replies
View Related
Jun 21, 2007
I know this can be the most foolishly question on WHT but I'm looking for mod_evasive's download link, I tried googling and searching all forums but all links was dead
anybody can give me a link to get mod_evasive ? Ofcourse If you have a better idea than using of mod_evasive I'll be glad to hear
View 2 Replies
View Related
Oct 14, 2007
We installed mod_evasive and ever since we are getting files like: dos-xxx.xxx.xxx.xxx, where xxx.xxx.xxx.xxx is an IP in our /tmp directory. The contents of the file is usually a 4 or 5 digit number and is owned by apache. Can anyone help me understand what this file is? Is it a product of mod_evasive? Can the files be deleted?
View 14 Replies
View Related
Oct 27, 2008
How can I run memtest86 remotely?? my server has crashed 8 times in less than a week ,
I've had many glitches, it's failed to restart a few times and twice I had a odd glitch where /home/mishkin/ on became read only access (even to mishkin) chmod couldn't fix it and the first time a reboot solved it, the seccond time the server went dead, not even remote reboot can bring it back online
I told my host server.lu about this and demanded a new server, they repleyed with "did you run memtest?"
I told them that I have no idea how to do that remotely and it's 12+ hours (8 of them buisness hours) without reply
help me out guys, oh also any idea how I can get it running again??
it's debian stable
oh and during some of the crashes I had 3 terminals and xfce4 running only (and wasn't even logged on )
I'm not running anything untested
View 6 Replies
View Related
Mar 24, 2008
I have a file named dos-1.2.13.4 (i changed the IP address in purpose) inside the log and inside the file there is a 4 digit number that is constantly changing. more
[root@myserver]# more dos-1.2.13.4
8726
What is 8726?
View 1 Replies
View Related
Feb 25, 2008
We are having problem with installing mod_evasive on our server. We tried installing it on our Virtual Machine that runs Fedora 7 (on our server, we have Fedora core 5), and on Virtual Machine it is fine, we can compile it and put it in our Apache2 conf file.
However, when we try
[root@ mod_evasive]# /usr/local/psa/admin/bin/apxs -i -a -c mod_evasive20.c
on the server, we get a
[root@ mod_evasive]# /usr/local/psa/admin/bin/apxs -i -a -c mod_evasive20.c
gcc -DHARD_SERVER_LIMIT=512 -DDEFAULT_PATH="/usr/local/psa/admin/bin:/bin:/usr/bin" -DLINUX=22 -DTARGET="httpsd" -DHAVE_SET_DUMPABLE -DNO_DBM_REWRITEMAP -DMOD_SSL=208122 -DEAPI -O -pipe -I/usr/include -O3 -fexpensive-optimizations -fstrength-reduce -pipe -DPLESK_Linux -I/home/builder/buildbot/psa-8.2.1-bfc7/build/plesk/lib/dist/include/libxml2 -W -Wall -DPLESK_Linux -I/home/builder/buildbot/psa-8.2.1-bfc7/build/plesk/plesk-utils/include -DBSG_CR -DBSG_MSG -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DHAS_RPM -DUSE_SLEEP_ON_IDLE -Wno-unused-parameter -fpic -DSHARED_MODULE -I/usr/local/psa/admin/include -c mod_evasive20.c ....
View 1 Replies
View Related
Mar 30, 2007
mod_evasive settings?
I cant find out the setting which would ban all bad IPs and will nto ban normal ones.
View 0 Replies
View Related
Apr 1, 2007
Does anyone know any good mod_evasive rules that pick up DoS, but not many false positives? Just looking to see what works for everyone out there, been having trouble.
Or if there is better apache module to combat DoS.
View 3 Replies
View Related
Apr 16, 2009
how I can execute memtest86 remotely without any KVM access. Is this possible? If so, how would I go about it? I run Debian 5.0 32bit with bigmem kernel (16x4GB Dimms)
View 5 Replies
View Related
Aug 20, 2008
my current situation is that i'm currently renting out a server in a datacenter, and there is no realistic way I can get physical access. Call me cheap, but I really don't fancy shelling out $100 to get my techs to install it. I do have an idea though, and I just wanted to know how realistic it is / how I would go about performing it.
My server has a rescue shell (uses busybox) that I am able to re-install the OS from (all linux OSes), re-partition the HDD and do general troubleshooting things from. If I was to create a VMware machine on my local computer, install windows 2003 and use a hdd image cloner (from within the machine) to create an image of the HDD, how would I go about copying this image to the server's HDD? I don't know of any cross platform "HDD backer upper / recoverer thingies"
View 6 Replies
View Related
Jun 12, 2008
I'm wanting to access one of my MySQL db's on my VPS (WHM/cPanel).
Specifically, I want to connect to the db from Excel and pull down certain data live.
I've set up my IP address for remote access in cPanel.
I've done this before on my old shared hosting account, where the hostname for the db was [url]
But under WHM/cPanel, the only hostname used for MySQL is 'localhost', which doesn't work when trying to connect remotely.
View 2 Replies
View Related
May 21, 2008
Just wondering if anyone can share how they access there colo servers remotely? We have a couple of servers in one datacentre and have just setup a new small co-lo solution.
At present we just use RDP to access our windows servers on the standard ports (pretty bad i know). The RDP ports are open as there may be occasions when we need to access the servers from anywhere. Our new soloution is presently setup like this but i am interested in locking it down.
How do other people access their servers? We have DRAC/ILO cards in the servers but we only tend to use these in emergencies as the remote console is pretty slow.
how to improve security are greatfully received!
View 14 Replies
View Related
Mar 6, 2008
I have just ordered an unmanaged dedicated server with KVM IP. now what I want to know is, how can I install software from my computer to the dedicated server on the other end? Would I have to upload the ISO to that server then install it from there or can I install it directly from my computer to that computer?
View 2 Replies
View Related
Jan 11, 2007
I don't know if this is possible after searching on the internet for solutions. Here is the problem. I recently logged off my colocated server 2 days ago, and have been trying to log into it again like I always do using remote desktop. Each time I try it gives me this following error: "This computer can't connect to the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator."
I've had this server colocated for about 5 months now and I've never had any issues connecting remotely to it. Seems like Remote Desktop got broken somehow, or it's being blocked? I am an admin with logins/passwords etc. The OS is Windows Server 2003 R2, I'm not connected to a remote reboot console. I don't want to have to call the data center for remote hands on support for a restart if that's not going to fix the issue, from what I've heard they charge quite a bit.
View 7 Replies
View Related
Mar 25, 2009
i want to install mod on my centos Cpanel server. so i try:
cd /usr/local/src
wget mod_evasive_1.10.1.tar.gz
tar -zxf mod_evasive_1.10.1.tar.gz
cd mod_evasive
/usr/sbin/apxs -cia mod_evasive20.c
but when i run /usr/sbin/apxs -cia mod_evasive20.c there is some error for me :
[root@ mod_evasive]#/usr/sbin/apxs -cia mod_evasive20.c
-bash: /usr/sbin/apxs: No such file or directory
View 8 Replies
View Related
Nov 27, 2008
and is it good to install or not?[url]
View 5 Replies
View Related
Jul 30, 2007
Can I turn off mod_evasive in .htaccess or does it have to be done server wide only in httpd.conf?
Or if not, is there a way I can exclude a specific account from it?
View 1 Replies
View Related
Apr 27, 2007
I got mod_evasive installed and its working fine. Its detecting the IPs, blocking the IPs and sending me the emails.
The emails I'm getting only have the sender name "Apache" and the content shows the IP address is blocking.
How can I enhance the email report to display the following:
1) get a proper Subject header in the email
2) change the From header to include the hostname - i.e.
apache@web.domain.tld
3) have the program do a reverse lookup on the ip, and include that in the body.
Do I need to include a script using the DOSSystemCommand to do this?
View 5 Replies
View Related
Oct 26, 2007
Is there a way to block ips with mod_evasive by adding the ips to the mod_evasive configuration file?
View 3 Replies
View Related
Jul 9, 2007
Some times I read in logs
server mod_evasive[24203]: Blacklisting address 84.255.151.xxx: possible attack.
Where can I find this black list and all IP listed
View 2 Replies
View Related
Aug 2, 2009
I have setup Active Directory and client computers (win xp sp3). Now I want to install applications on client systems from the wondows server 2003.
View 3 Replies
View Related
Nov 7, 2008
Is there a script or program which I can use to start my game servers remotely? I am giving my friend a free game server, but the problem is that he wants the power to start/stop the server because he wants to update the binaries. I am not looking for a game server control panel, but more like a small script or program that has the power to start/stop the server. The game server I am hosting for him is Team Fortress 2. Also, it has to be free since I am not going to make any profit of this.
Game - Team Fortress 2
OS - Windows 2003 Server
Web hosting - WAMP
View 2 Replies
View Related
Aug 30, 2007
I have a problem connecting to my win2003 server from my work. The thing is that everything is turned off. I dont have administration rights. The remote connection in win xp doesnt work, telnet also dont work. Im behind proxy, all ports are closed. Is there any way, to install software on my server or smth else, so somehow i could connecti to my server remotely? I need to be able to connect to gui interface or maybe just be able to start programs, which crashed.
View 12 Replies
View Related
Aug 18, 2007
KVM to manage multiple servers using single KVM.
We want that if server owner want the kvm for its server we add the user remotely and provide him username/password for KVM to access his server. Once he is done we remove his access from KVM.
Can this kvm [url] be used to manage multiple servers remotely?
There are more then 12 servers to be managed remotely.
All the operations has to be managed remotely. We don't want datacenter intervention or datacenter guys to plugin and plugout the kvm's for each server.
View 12 Replies
View Related
May 5, 2008
Installing mod_evasive after serveral attacks on our server.
but when restarting httpd I get this error,
httpd: Syntax error on line 36 of /usr/local/apache/conf/httpd.conf: API module structure 'evasive20_module' in file /usr/lib/httpd/modules/mod_evasive20.so is garbled - expected signature 41503232 but saw 41503230 - perhaps this is not an Apache module DSO, or was compiled for a different Apache version?
Running apache 2.2.8
View 1 Replies
View Related
Jun 23, 2008
I would like to install the Mod_evasive for Apache 2.0 on RHEL 4 Server(Cpanel Installed). I downloaded the Mod_evasive source and extracted and used the following command.
# cd mod_evasive
# /usr/sbin/apxs -cia mod_evasive20.c
I am getting folowing message.
-bash: /usr/sbin/apxs: No such file or directory
# whereis apxs
apxs:
View 2 Replies
View Related
Feb 6, 2008
We tried to use one software for offline browsing to download our site and test it if it will fail or not. We used 500 threads at once. Program was able to request 56 pages per second. Of course server (site) failed because there were no more available mysql connections. So site went down. Mod_evasive didn't block that.
Here is the config:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 80
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 30
DOSLogDir "/var/log/httpd"
</IfModule>
Here is the copy of text I found on one site about mod_evasive:
Mod_evasive does work relatively well for small to medium sized brute force or HTTP level DoS attacks. There is, however, an important limitation that mod_evasive has that you should be aware of. The mod_evasive module is not as good as it could be because it does not use shared memory in Apache to keep information about previous requests persistent. Instead, the information is kept with each child process or thread. Other Apache children that are then spawned know nothing about abuse against one of them. When a child serves the maximum number of requests and dies, the DoS information goes with it. So, what does this mean? This means that if an attacker sends their HTTP DoS requests and they do not use HTTP Keep-Alives, then Apache will spawn a new child process for every request and it will never trigger the mod_evasive thresholds. This is not good…
Is there any solution for such type of attack with Keep Alive disabled?
View 4 Replies
View Related
