Stop HTTP DOS Attack

This is a simple external module, originally coded for linux apache 2.2, which is compiled for windows (apache 2.2) and help stop DOS attack with webserver.

Steps:

1. Download the attached file and extract it inside your webserver module folder. (xampp\apache\modules)
2. Load the module with the following code, add in httpd.conf:

Code:

---

LoadModule dosevasive22_module modules/mod_dosevasive22.dll

<IfModule dosevasive22_module>
DOSPageCount 2
DOSPageInterval 1
DOSBlockingPeriod 10
DOSSiteCount 50
DOSSiteInterval 1
</IfModule>

---

* This setting means a 2x connection (same page) or 50x connection (whole website) in 1 sec will be temporarily blocked for 10 sec. and your webserver will return forbidden error to the attacker.

3. Restart your webserver.

* You can see the possible attacks in the error.log. (xampp\apache\logs\)

thanks for this. i might use this when my server is up.

work on app 2.5.10 ?
and where exacly to put in htp.conf this ot doesn`t matter ?

It is compiled for apache 2.2x and as far as I know 2.2 series is the latest there is. 'httpd.conf' is the main configuration of apache, usually resided inside conf folder.

i know where is the file. I was thinking in the file does hav matter where exacli to put the Text ?

And Can you do this fo 2.5 Series :D it`s better :glare:

You can find some loadmodule code inside the conf file, you can put it just after the last loadmodule code in httpd.conf. So where you get exactly your 2.5 apache?

Quote:

---

Originally Posted by phit666

You can find some loadmodule code inside the conf file, you can put it just after the last loadmodule code in httpd.conf. So where you get exactly your 2.5 apache?

---

http://www.appservnetwork.com/module...article&sid=46
just google.bg :D

doh that is appserv version 2.5 not apache doh...

AppServ 2.5.10

* Apache 2.2.8
* PHP 5.2.6
* MySQL 5.0.51b
* phpMyAdmin-2.10.3

do not drink and drive ... read and read

EDIT: prove that this works? why can i trust this?

Here, visit this page then press F5 continuesly (make it fast) like 5 times and look at the page that will appear.
http://***/

this doesnt stop a real dos attack, becuase i would be attacking your pc hardware directly not your shitty web server. great job to maybe stop the noobs, but for the pro's, which outnumber the noobs, your screwed.

When i add this dll and mode, after 30min i have crash all windowse programs, dude not good. Example Explorer Debug error, Destope stuck, can't turn on windows task manager, when open him 5sec, and also debug error, so yeah cool protection from HTTP DOS (maybe) but will also stop all windowse :D

Quote:

---

Originally Posted by c4cadvisor

this doesnt stop a real dos attack, becuase i would be attacking your pc hardware directly not your shitty web server. great job to maybe stop the noobs, but for the pro's, which outnumber the noobs, your screwed.

---

yea i test it and for me don`t works :ehh::glare:

Quote:

---

Originally Posted by c4cadvisor

this doesnt stop a real dos attack, becuase i would be attacking your pc hardware directly not your shitty web server. great job to maybe stop the noobs, but for the pro's, which outnumber the noobs, your screwed.

---

I clearly stated HTTP and ok go ahead PRO attack a server where only 80 tcp port is open :).

anyone using this without windows problem?

work perfect

Quote:

---

Originally Posted by phit666

I clearly stated HTTP and ok go ahead PRO attack a server where only 80 tcp port is open :).

---

realy ? and what about Net Tools , the most of hacker's and pro use the NetTools (is a program for all what is in Internet) like HTTP flooder (DoS) , Port Scanner , Fastest Host Scanner (UDP), HTTP scanner (Open port 80 subnet scanner and more ....
soo i just ask to everyone ...is somthing solution to stop this program ? i mean is alot of program like Net Tools ...is any solution to stop the hacker from attack us ?

This metod dont secured for ddos attack.
Tested, i attack my friend (use Sprut.exe):
Apache webserver used cpu 100%
Site only white list (for me and other ppl)
p.s. During the test, attacked only one person, but if they attack more than three people then jam the server at all because of this mod. Probably it is better to use a firewall.
This secure don't work =/

this its DOS attack nt DDOS

Quote:

---

Originally Posted by Kagorec

This metod dont secured for ddos attack.
Tested, i attack my friend (use Sprut.exe):
Apache webserver used cpu 100%
Site only white list (for me and other ppl)
p.s. During the test, attacked only one person, but if they attack more than three people then jam the server at all because of this mod. Probably it is better to use a firewall.
This secure don't work =/

---

Agreed

cus its not DDOS lool

"DOS" ZZ

appserv insatll ?

Quote:

---

Originally Posted by mordon

appserv insatll ?

---

excuse me ?:PXD

Appserv to install?

Can you please explain what each part of the code does?

I'm assuming via the explanation, that if a connection has more than 5x+ within a 1 second period it will be blocked for 10 seconds.

Better yet, I would suggest this: "QaasWall"- Opensource and Effective Firewall for Windows | for DoS attacks (via a single source-- not many "reflectors").

Otherwise if your server is being hit directly and NOT your webserver, and is being hit hard (via a DDOS ATTACK), the only way to slow it down is good firewall hardware, because there is no way to fully stop a DDoS attack.

Good firewall hardware can become more and more expensive, depending on the severity level of the attack you're experiencing. ;P

WORKS!! fckn great

Quote:

---

Originally Posted by sultan123

WORKS!! fckn great

---

Nope, it never will works with real attacks, just syn flood and some basic thing.. agains real dos - ddos its useless.

To stop it, you would need to use something as HWP (specific service to provide HTTP Attack Mitigation), it works nicely. :)

http://i.imgur.com/JtqfWRP.png
http://i.imgur.com/huwbRjh.png

It is a nice service from HyperFilter - HWP :)

Yeah, the best way is the load balancing what Hyperfilter and some another services making, but if you want you can make a simple anycast system with some cheep vps :'D

Quote:

---

Originally Posted by RevolGaming

Yeah, the best way is the load balancing what Hyperfilter and some another services making, but if you want you can make a simple anycast system with some cheep vps :'D

---

Anycast or Cheap VPS cannot solve it, as it doesn't perform HTTP Traffic Validation at all, these things requires very specific equipments working on this for you, and for sure, you need specializing companies on this.

Of course you can try as much workarounds you want and it may solve some issues, but it won't be a final solution. :P

Quote:

---

Originally Posted by MaxZeus

Anycast or Cheap VPS cannot solve it, as it doesn't perform HTTP Traffic Validation at all, these things requires very specific equipments working on this for you, and for sure, you need specializing companies on this.

Of course you can try as much workarounds you want and it may solve some issues, but it won't be a final solution. :P

---

Yes I know it, I am Win sysadmin and Network administrator, it was just a simple example, because I am using anycast systems to protect my hosting website and under 100-150 gb its totally okey.

Quote:

---

Originally Posted by RevolGaming

Yes I know it, I am Win sysadmin and Network administrator, it was just a simple example, because I am using anycast systems to protect my hosting website and under 100-150 gb its totally okey.

---

Can you describe anycasting ? :) Because unless you have control of your own IP Space and have your own ASN, you aren't doing it at all, you are calling it as anycast, but surely not doing it.

Anyways, if you want to be safe against all types of attacks you'll need something better than only taking a few VPS and making some sort of round robin between them.

xampp 1.7.1 work perfect

Quote:

---

Originally Posted by olaolala3

xampp 1.7.1 work perfect

---

What do you mean? xampp 1.7.1 is not a firewall or protection program :O

Anycast is for DNS... what does that have to do with XAMPP. Apache can be killed with any script written by any kid...