How to prevent DDos attacks

Hello everyone…

Here I present some steps to prevent DDos attacks.

>>>>>>>>>Install/Configure APF firewall
>>>>>>>>>Install/Configure mod_evasive
>>>>>>>>>Install mod_security
>>>>>>>>>Blocking IPs maintaining more connections
>>>>>>>>>Optimizing the httpd.conf file

Install/Configure APF firewall

cd /usr/local/src/
tar -zxvf apf-current.tar.gz; cd apf-*

Step 2: Installation

sh ./

Install/Configure mod_evasive

Download the source

tar -xzvf mod_evasive_1.10.1.tar.gz
cd mod_evasive

Compile in the mod_evasive apache module using apxs

For Apache 2
/usr/local/apache/bin/apxs -i -a -c mod_evasive20.c

For Apache 1.3
/usr/local/apache/bin/apxs -i -a -c mod_evasive.c

If the apxs path is not /usr/local/apache/bin/apxs replace it with the appropriate path

Edit your httpd.conf /usr/local/apache/conf/httpd.conf

Add the lines below.

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10

/etc/init.d/httpd restart

You can try another values for the above and obtain the best setting.
In some cases mod_evasive also blocks legitimate user IPs.

Install mod_security

Install this module via WHM

WHM >> cPanel >> Addon Modules >> Select “modsecurity ” >>save

Blocking IPs maintaining more connections

You can check out the number of http requests coming to your server and the
ip’s from where it is coming by executing the command :

netstat -plan | grep :80 | awk ‘{print $5}’ | cut -d: -f 1 | sort | uniq -c | sort -n

If you feel like there are inordinate amount of requests from a single ip, you
can block it in your APF using this command :

apf -d IP

Using iptables, you can block the ip with :
iptables -A INPUT -s -j DROP

You can check out the ip to which maximum number of http requests are coming
with the following command :

[root@server ~]# netstat -plan|grep :80|awk {‘print $4′}|cut -d: -f 1|sort|uniq -c|sort -n

Optimizing the httpd.conf file

vi /usr/local/apache/conf/httpd.conf

Change the values as follows.

MaxKeepAliveRequests 50
KeepAliveTimeout 60

Also edit the following options.


Reduce the timeout, Maxclients etc.

Leave a comment

Leave your opinion

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: