CentOS VPS/DS dengan WHM: Mencegah DDOS attack dengan mod_evasive

Sekilas Tentang mod_evasive

What is mod_evasive?

mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

  • Requesting the same page more than a few times per second
  • Making more than 50 concurrent requests on the same child per second
  • Making any requests while temporarily blacklisted (on a blocking list)

This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it’s a good idea to integrate this with your firewalls and routers for maximum protection.

This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on ‘reload’ should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use.


Pemasangan:

1. Akses VPS/DS anda menggunakan ssh client (putty/tunnelier)
2. Chdir ke /usr/local/src dengan perintah

cd /usr/local/src

3. ambil pake mod_evasive

wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

4. Extract paket tersebut

tar -xzf mod_evasive_1.10.1.tar.gz

5. Pindah ke direktori hasil extract

cd mod_evasive

6. Build modulnya

/usr/bin/apxs -cia mod_evasive20.c

7. Done

Konfigurasi:

1.Edit file httpd.conf anda, bila anda menggunakan cPanel/WHM, file httpd.conf terletak di /usr/local/apache/conf/

nano /usr/local/apache/conf/httpd.conf

2. tambahkan baris berikut ke file tersebut:

<IfModule mod_evasive20.c>
    DOSHashTableSize   3097
    DOSPageCount        2
    DOSSiteCount         50
    DOSPageInterval     1
    DOSSiteInterval      1
    DOSBlockingPeriod   10
    DOSEmailNotify      [email protected]
</IfModule>

3. Kemudian simpan dan jalankan perintah berikut untuk mengupdate konfigurasi httpd (cPanel/WHM only):

/usr/local/cpanel/bin/apache_conf_distiller --update
/usr/local/cpanel/bin/build_apache_conf

4. Restart webserver anda dengan perintah:

service httpd restart

atau

/etc/init.d/httpd restart

5. Selesai

Mari kita test apakah modulnya telah berjalan 😉
1. Masuk ke direktori src mod_evasive td

cd /usr/local/src/mod_evasive

2. beri akses executable pada file test.pl

chmod +x test.pl

3. jalankan file tersebut

./test.pl

Bila anda melihat hasil berikut brarti instalasi anda sukses :-bd

HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
.........dipotong........
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
.........dipotong........
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

Semoga bermanfaat 🙂