If you want to protect your apache webserver against DOS,DDOS or brute force attacks use mod_evasive module.mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

* Requesting the same page more than a few times per second
* Making more than 50 concurrent requests on the same child per second
* Making any requests while temporarily blacklisted (on a blocking list)

This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it’s a good idea to integrate this with your firewalls and routers for maximum protection.

This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on ‘reload’ should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use.

Install mod_evasive in Debian

#apt-get install libapache2-mod-evasive

This will complete the installation

Test mod_evasive Module

open any browser,open your apache server home page, and click the reload button as fast as you can.

source here

In this article I am trying to explain what DDOS is and how it can be prevented. DDOS happens due to lack of security awareness of the network/server owners. On a daily basis we hear that a particular machine is under DDOS attack or NOC has unplugged the machine due to DDOS attack . So DDOS has become one of the common issues in this electronics world. DDOS is like a disease which doesn’t have an anti-viral developed. So we should be carefull while dealing with it . Never take it lightly. In this article i am trying to explain the steps/measures which will help us defend from DDOS attack ,up to a certain extend .

What is a DDOS attack?

Simply said, DDOS is an advanced version of DOS attack . Like DOS , DDOS also tries to deny the important services running on a server by broadcasting packets to the destination server in a way that the Destination server cannot handle it. The speciality of the DDOS is that, it relays attacks not from a single network/host like DOS. The DDOS attack will be launched from different dynamic networks which has already been compromised.

Normally, DDOS consists of 3 parts . One is the Master ,Other the slave and atlast the victim. The master is the attack launcher ie the person/machine behind all this,sound’s COOL right . The slave is the network which is being compromised by the Master and Victim is the target site/server . Master informs the compromised machines, so called slaves to launch attack on the victim’s site/machine. Hence its also called co-ordinated attack.

In my term, Master is said to be the Master Brain, Slave is said to be the launch pad for the attack and Victim is the target.

How do they Do it? Read the rest of this entry »

Note: This howto has been tested and works for Ubuntu 8.04 Hardy Heron server editions for other vesions of ubuntu see WifiDocs/ChillispotHotspot

Chillispot is software which provides authentication and restricted network access to clients. Its primary use is in wireless (WiFi) networks.

For instance, suppose you are managing a wireless network in a hotel: the access points are connected via the wired LAN to a server which works as a gateway, firewall, DNS server, etc. Now you want the same server (either because it’s desirable or because it’s required by your nation’s law) to require authentication from all clients, possibly without messing around with the configuration of the access points. And maybe you even want users to be able to browse some sites (i.e. an internal web server or the hotel web site) without the need to authenticate themselves. Chillispot lets you manage all of this, and some more.

Please take a look at the Chillispot.info web site to see how the software works. In a few words, hillispot creates a virtual private network (192.168.182.0/24, but you can change this default setting) which it uses to dialogate with the clients and to decide who and how to let to see the outside network. Chillispot manages the allocation of dynamic IP addresses to clients, so you don’t need other DHCP tools.

Requirements

The following software is required for this installation:

• Chillispot
• FreeRadius
• Apache
• MySQL Read the rest of this entry »

source here

Some times we need to use our existing hosting account to (maybe temporarily) place another web-site in it. But what we can do, if our hosting provider allows only one hosting directory and only aliases for main site (as GoDaddy.com does)? We can use the following Apache+mod_rewrite trick to host unlimited number of domains on one hosting directory.

First of all, we need to point our new domain to hosting server IP. If server’s IP is static, we can do it by simple A-record in our DNS-zone control panel:

    new-domain.com  IN A IP.ADD.RE.SS

If you don’t know IP address of hosting server or this address is not permanent (for example, because of some load balancing used by hosting provider), you can use simple trick with CNAME-record in your new DNS-zone:

     new-domain.com  IN CNAME already-hosted-domain.com.

After the first step was finished we have new-domain.com pointed to our hosting provider’s server. Now, we need to add this domain support to hosting server. We can do it by your hosting provider’s “Domain aliases” option or another option with such meaning.

After we have associated our new domain name with existing directory on hosting server (/hosting/dir), everything we need is to do something to force hosting server to use some sub-directory for all requests to new-domain.com (/hosting/dir/new-domain). To do it, we need to put following code into the .htaccess file in /hosting/dir directory:

    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} !^/new-domain/
    RewriteCond %{HTTP_HOST} new-domain\.com$
    RewriteRule (.*) http://already-hosted-domain.com/new-domain/$1 [L]

That’s all! After we have created this file, all requests to new-domain.com will be pointed to /hosting/dir/new-domain directory.

source here