Mod_Evasive Enhancing Reporting

Apr 27, 2007

I got mod_evasive installed and its working fine. Its detecting the IPs, blocking the IPs and sending me the emails.

The emails I'm getting only have the sender name "Apache" and the content shows the IP address is blocking.

How can I enhance the email report to display the following:

1) get a proper Subject header in the email

2) change the From header to include the hostname - i.e.
apache@web.domain.tld

3) have the program do a reverse lookup on the ip, and include that in the body.

Do I need to include a script using the DOSSystemCommand to do this?

View 5 Replies


ADVERTISEMENT

How To Do Reporting With IIS 5.0

Jun 2, 2008

if there is anyway that IIS 6.0 can do reporting of the websites that are running on it. For example I would like to get the local IP address and host header values for them. I can do it manual by going to each website but that will take forever. It seems like there should be a easier way.

View 1 Replies View Related

Server Reporting Tool

Oct 19, 2009

I am maintaining a dedicated server ( which have apache,mysql,ftp,dns servers) for my organization , i want to produce a weekly report on server like,

1)Avg Server load for current week

2)Avg Memory usage for current week

3)No.of time apache,mysql,dns was killed in current week

As above i want produce a report ,How can take such kind of report from server? Is there is any tool for report generation?

View 7 Replies View Related

Exim4 Bounce Reporting

Mar 31, 2009

We developed an Exim server on debian that sending mails outside to our customers. It's an IP based auth server. For bounce reporting and management, what would you recommend us?

Is there anything like; send all bouncing mails that sent from this server to myaccount@gmail.com? We need this to be done in MTA level..

View 1 Replies View Related

Performance / Reporting Tool

May 29, 2009

I have several servers and I need a tool to measure CPU/disk/memory performance.

I no nothing about hardware (and I also don't want/need to know).

The tools is to compare only - I don't care about the measure unit, I just need a way to compare the performance between my servers like which one as a faster CPU and so on...

Anyone knows such a FREEWARE (and not bloatware) tool?

If the tool has some kind of hardware report... well.. even better.

View 4 Replies View Related

WHM Reporting Way Way Under Actual Usage

May 13, 2008

One friend I host sites for is reporting 492MB in WHM, but running DU reports 5.4GB for just one site!!! I've had the DC run Quotafix, but it's still not correct. The site is drupal and DC said they can't even list the tmp folder for that account. Any suggestions so I don't loose $45/month in extra charges? I have no clue how many months this is been going on, but it's costing me allot it seems.

View 6 Replies View Related

Enabling PHP Error Reporting

Jan 7, 2007

I just leased a server through EV1. It's Linux (I think), Apache, and Plesk 8.0. I'm trying to get error reporting to work for my php scripts. I opened up the php.ini file (I'm about 90% sure that it's the right php.ini file) found in the /etc folder. I changed error reporting to "on" and restarted my server with Plesk.

PHP errors are still not showing up.

View 2 Replies View Related

Realtime DNS Blacklist Fed By Reporting Admins

Jan 26, 2007

Wondering if anyone knows of an email DNSBL that are have a real time reporting tool which directly feeds the DNSBL?

I have been using Spamcop for reporting in hopes I might be able to get some IP's listed. However so far I have not seen any IP's listed until many hours or days after they are reported (possibly going through a validation process?).

Wondering if anyone knows a more pro-active DNSBL that is fed directly by reporting and administrators?

View 2 Replies View Related

Mod_evasive

Jun 21, 2007

I know this can be the most foolishly question on WHT but I'm looking for mod_evasive's download link, I tried googling and searching all forums but all links was dead

anybody can give me a link to get mod_evasive ? Ofcourse If you have a better idea than using of mod_evasive I'll be glad to hear

View 2 Replies View Related

Mod_evasive

Oct 14, 2007

We installed mod_evasive and ever since we are getting files like: dos-xxx.xxx.xxx.xxx, where xxx.xxx.xxx.xxx is an IP in our /tmp directory. The contents of the file is usually a 4 or 5 digit number and is owned by apache. Can anyone help me understand what this file is? Is it a product of mod_evasive? Can the files be deleted?

View 14 Replies View Related

Reporting A Website For Illegal Hacking And Other Activities?

Sep 29, 2008

How would I go about reporting a website for illegal hacking and other activities?

Their host is fully supporting them. They have even given them the ip address of the proxy I used, in which case the client of theirs have added the proxy to their htaccess deny list.

View 12 Replies View Related

Munin Stopped Reporting Eth0 After Reboot

Apr 30, 2008

I rebooted my server and now munin is not showing any eth0 traffic. All other graphs are fine. I can see there is a ton of apache accesses so there is definitely eth0 traffic. Munin logs report no errors. I restarted munin and munin-node. I even did 'yum remove munin munin-node' and reinstalled again but it still doesn't work for eth0.

View 4 Replies View Related

Accurate Reporting On Hits/unique Visits

May 20, 2008

We've got a client who is using both AWstats and Webalizer and they are claiming the numbers are different between the two and that the numbers reported are not accurate. They need a specific list on how many impressions they are getting on a daily, weekly and monthly time period for advertisers.

View 7 Replies View Related

Microsoft Junk Mail Reporting Program - Who Uses This

Jul 20, 2008

Anyone else sign up for this?

Did microsoft require your host email them and say "[you] have exclusive sending rights for this IP"?

Here is the part of the email from microsoft:

xx, unfortunately, we have not received an e-mail confirmation from
your ISP, [host], for your IP
x.x.x.x. Please ask them to re-send the e-mail confirmation to [email] with the [id] subject. Please also
ask them to include you on the "To" or "Cc" field in case that we fail
to receive their e-mail confirmation.

Is this a requirement for everybody?

I signed up for AOL's junk reporting program a few months ago and I didn't have to bother anybody about it.

If I recall correctly, all AOL cared about was whether or not my reverse DNS was set properly.

View 0 Replies View Related

Telia Is Reporting A Fiber Cut In The US - Any Other Carriers Impacted

Aug 20, 2007

Telia is reporting a fiber cut in the US - any other carriers impacted?

from Telia:

We regret to advise that we are currently experiencing a cable cut in
the United States. This outage is causing degradation in our IP
backbone, which may affect your service.

The fault has been brought to the attention of senior management, and we
are actively working to resolve the fault. Unfortunately we do not know
when the fault will be resolved.

We will update you as soon as we have further information, and apologise
for the inconvenience caused to you and your customers.

View 14 Replies View Related

Mod_evasive Log Content

Mar 24, 2008

I have a file named dos-1.2.13.4 (i changed the IP address in purpose) inside the log and inside the file there is a 4 digit number that is constantly changing. more

[root@myserver]# more dos-1.2.13.4
8726

What is 8726?

View 1 Replies View Related

Mod_evasive Installation

Feb 25, 2008

We are having problem with installing mod_evasive on our server. We tried installing it on our Virtual Machine that runs Fedora 7 (on our server, we have Fedora core 5), and on Virtual Machine it is fine, we can compile it and put it in our Apache2 conf file.

However, when we try

[root@ mod_evasive]# /usr/local/psa/admin/bin/apxs -i -a -c mod_evasive20.c
on the server, we get a

[root@ mod_evasive]# /usr/local/psa/admin/bin/apxs -i -a -c mod_evasive20.c
gcc -DHARD_SERVER_LIMIT=512 -DDEFAULT_PATH="/usr/local/psa/admin/bin:/bin:/usr/bin" -DLINUX=22 -DTARGET="httpsd" -DHAVE_SET_DUMPABLE -DNO_DBM_REWRITEMAP -DMOD_SSL=208122 -DEAPI -O -pipe -I/usr/include -O3 -fexpensive-optimizations -fstrength-reduce -pipe -DPLESK_Linux -I/home/builder/buildbot/psa-8.2.1-bfc7/build/plesk/lib/dist/include/libxml2 -W -Wall -DPLESK_Linux -I/home/builder/buildbot/psa-8.2.1-bfc7/build/plesk/plesk-utils/include -DBSG_CR -DBSG_MSG -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DHAS_RPM -DUSE_SLEEP_ON_IDLE -Wno-unused-parameter -fpic -DSHARED_MODULE -I/usr/local/psa/admin/include -c mod_evasive20.c ....

View 1 Replies View Related

Testing Mod_Evasive

Apr 2, 2007

I have 2 questions here.

1. I have installed mod_evasive version 1.10.1 on a Cent OS 4.4 server.

I'm using the test.pl script that comes with mod_evasive to test the configuration and when running the script from the same server mod_Evasive is installed. The mod_evasive is able to detect the intrusion and block the IP of the server.

If I use the same test.pl script from an external server the requests come in and are viewable in the access log but mod_evasive doesnt block the IP of the external server. Probably is not blocing the ip of the external server because of latency.

Is there a way to modify the test.pl script to make it more agressive and get results when testing from an external server?

Here I'm pasting the code of the test.pl script:

Code:
#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO::Socket;
use strict;

for(0..100) {
my($response);
my($SOCKET) = new IO::Socket::INET( Proto => "tcp",
PeerAddr=> "test.domain.tld:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0

";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}

2. Also, I have sendmail installed and on the mod_evasive config I have email address specified on DOSEmailNotify. When testing from the internal server with the test.pl script the server is able to block the ip, put in the hash table but it never sends an email to my email address.

View 0 Replies View Related

Mod_evasive Settings

Mar 30, 2007

mod_evasive settings?

I cant find out the setting which would ban all bad IPs and will nto ban normal ones.

View 0 Replies View Related

Mod_Evasive Rules

Apr 1, 2007

Does anyone know any good mod_evasive rules that pick up DoS, but not many false positives? Just looking to see what works for everyone out there, been having trouble.

Or if there is better apache module to combat DoS.

View 3 Replies View Related

Error On Install Mod_evasive

Mar 25, 2009

i want to install mod on my centos Cpanel server. so i try:

cd /usr/local/src
wget mod_evasive_1.10.1.tar.gz
tar -zxf mod_evasive_1.10.1.tar.gz
cd mod_evasive
/usr/sbin/apxs -cia mod_evasive20.c

but when i run /usr/sbin/apxs -cia mod_evasive20.c there is some error for me :

[root@ mod_evasive]#/usr/sbin/apxs -cia mod_evasive20.c
-bash: /usr/sbin/apxs: No such file or directory

View 8 Replies View Related

Mod_evasive Is It Good To Install

Nov 27, 2008

and is it good to install or not?[url]

View 5 Replies View Related

Mod_Evasive - Testing Remotely

Apr 10, 2007

I have 2 questions here.

1. I have installed mod_evasive version 1.10.1 on a Cent OS 4.4 server.

I'm using the test.pl script that comes with mod_evasive to test the configuration and when running the script from the same server mod_Evasive is installed. The mod_evasive is able to detect the intrusion and block the IP of the server.

If I use the same test.pl script from an external server the requests come in and are viewable in the access log but mod_evasive doesnt block the IP of the external server.

Probably is not blocing the ip of the external server because of latency.

Is there a way to modify the test.pl script to make it more agressive and get results when testing from an external server?

Here I'm pasting the code of the test.pl script:

Quote:

#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO:ocket;
use strict;

for(0..100) {
my($response);
my($SOCKET) = new IO:ocket::INET( Proto => "tcp",
PeerAddr=> "test.domain.tld:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0

";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}

2. Also, I have sendmail installed and on the mod_evasive config I have email address specified on DOSEmailNotify. When testing from the internal server with the test.pl script the server is able to block the ip, put in the hash table but it never sends an email to my email address.

View 0 Replies View Related

Can I Turn Off Mod_evasive In .htaccess

Jul 30, 2007

Can I turn off mod_evasive in .htaccess or does it have to be done server wide only in httpd.conf?

Or if not, is there a way I can exclude a specific account from it?

View 1 Replies View Related

Mod_Evasive - Testing Remotely

Apr 11, 2007

I have 2 questions here.

1. I have installed mod_evasive version 1.10.1 on a Cent OS 4.4 server.

I'm using the test.pl script that comes with mod_evasive to test the configuration and when running the script from the same server mod_Evasive is installed. The mod_evasive is able to detect the intrusion and block the IP of the server.

If I use the same test.pl script from an external server the requests come in and are viewable in the access log but mod_evasive doesnt block the IP of the external server. Probably is not blocing the ip of the external server because of latency.

Is there a way to modify the test.pl script to make it more agressive and get results when testing from an external server?

Here I'm pasting the code of the test.pl script:

Quote:

#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO:Socket;
use strict;

for(0..100) {
my($response);
my($SOCKET) = new IO:Socket::INET( Proto => "tcp",
PeerAddr=> "test.domain.tld:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0

";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}

2. Also, I have sendmail installed and on the mod_evasive config I have email address specified on DOSEmailNotify. When testing from the internal server with the test.pl script the server is able to block the ip, put in the hash table but it never sends an email to my email address.

View 0 Replies View Related

Mod_Evasive - Blocking IPs Manually

Oct 26, 2007

Is there a way to block ips with mod_evasive by adding the ips to the mod_evasive configuration file?

View 3 Replies View Related

Mod_evasive And Black List

Jul 9, 2007

Some times I read in logs
server mod_evasive[24203]: Blacklisting address 84.255.151.xxx: possible attack.

Where can I find this black list and all IP listed

View 2 Replies View Related

Errror When Restarting Httpd Mod_evasive

May 5, 2008

Installing mod_evasive after serveral attacks on our server.

but when restarting httpd I get this error,

httpd: Syntax error on line 36 of /usr/local/apache/conf/httpd.conf: API module structure 'evasive20_module' in file /usr/lib/httpd/modules/mod_evasive20.so is garbled - expected signature 41503232 but saw 41503230 - perhaps this is not an Apache module DSO, or was compiled for a different Apache version?


Running apache 2.2.8

View 1 Replies View Related

Installing Mod_evasive On Cpanel Server

Jun 23, 2008

I would like to install the Mod_evasive for Apache 2.0 on RHEL 4 Server(Cpanel Installed). I downloaded the Mod_evasive source and extracted and used the following command.

# cd mod_evasive
# /usr/sbin/apxs -cia mod_evasive20.c

I am getting folowing message.

-bash: /usr/sbin/apxs: No such file or directory

# whereis apxs
apxs:

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved