{"id":46889,"date":"2017-11-09T13:00:00","date_gmt":"2017-11-09T19:00:00","guid":{"rendered":"https:\/\/blog.cpanel.com\/?p=46889"},"modified":"2017-11-09T13:00:00","modified_gmt":"2017-11-09T19:00:00","slug":"blocking-attacks-with-easyapache-4s-mod_evasive","status":"publish","type":"post","link":"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/","title":{"rendered":"Blocking attacks with EasyApache 4&#8217;s mod_evasive"},"content":{"rendered":"<p>With the release of EasyApache 4 on Nov 7th, 2017, we now provide the\u00a0<code>mod_evasive<\/code>\u00a0Apache module. You can install it either in the EasyApache 4 interface, or with\u00a0<code>yum install ea-apache24-mod_evasive<\/code>\u00a0on the command line.<\/p>\n<h2 id=\"EasyApache4nowprovidesthemod_evasiveApachemodule-Whatismod_evasive?\">What is mod_evasive?<\/h2>\n<p>The<code>mod_evasive<\/code> Apache module helps to protect your server against\u00a0DoS, DDoS, and brute force attacks. It also acts a detection tool, and you can configure it to communicate with iptables, firewalls, and routers, among other things.<\/p>\n<p>This module works well for single-server attacks, distributed attacks, and brute-force attacks. If you integrate it with your firewall or IP filters, it can withstand even large attacks.\u00a0<span class=\"inline-comment-marker\">For the best protection, you should integrate it with your firewalls and routers.<\/span><\/p>\n<p>If your infrastructure cannot fend off other types of DoS attacks, this module will\u00a0<strong>only<\/strong>\u00a0help to the limits of your total bandwidth or server capacity for returning 403 errors.<\/p>\n<h3 id=\"EasyApache4nowprovidesthemod_evasiveApachemodule-Whatdoesthemoduledo?\">What does the module do?<\/h3>\n<p>The\u00a0<code>mod_evasive<\/code>\u00a0Apache module creates an internal, dynamic hash table of IP addresses and URIs, and denies any single IP address that does the following:<\/p>\n<ul>\n<li>Requests the same page more than a few times per second.<\/li>\n<li>Makes more than 50 concurrent requests on the same child per second.<\/li>\n<li>Makes any request while temporarily blacklisted.<\/li>\n<\/ul>\n<p>The module creates an instance for each listener, ensuring a built-in cleanup mechanism and good scaling. Because of this, it will rarely catch a legitimate request, even if a user repeatedly clicks on reload.<\/p>\n<h2 id=\"EasyApache4nowprovidesthemod_evasiveApachemodule-HowdoIstopanattack?\">How do I stop an attack?<\/h2>\n<p>So what do you do if you are the target of an DoS attack? In a DoS attack, an attacker may request a URL from your server as many times as they can in an attempt to cause you trouble. Because of the quantity of requests, your webserver may become unresponsive.<\/p>\n<p>To stop the attack, first install mod_evasive on your server with the following command:<\/p>\n<div class=\"code panel pdl conf-macro output-block\">\n<div class=\"codeContent panelContent pdl\">\n<div>\n<div id=\"highlighter_289585\" class=\"syntaxhighlighter sh-confluence nogutter bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">yum\u00a0<\/code><code class=\"bash functions\">install<\/code>\u00a0<code class=\"bash plain\">ea-apache24-mod_evasive<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>The default configuration provided by cPanel &amp; WHM will block most attacks without any extra configuration changes. The server&#8217;s response to those attackers will change to\u00a0<code>403 Forbidden<\/code>. This means that\u00a0<code>mod_evasive<\/code>\u00a0detected and blocked the attack before your system processed the request.<\/p>\n<p>You will now see the following message in your Apache\u00a0<code>error_log<\/code>\u00a0file:<\/p>\n<div class=\"code panel pdl conf-macro output-block\">\n<div class=\"codeContent panelContent pdl\">\n<div>\n<div id=\"highlighter_510188\" class=\"syntaxhighlighter sh-confluence nogutter bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">Client denied by server configuration<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>You will also see a message in\u00a0<code>\/var\/log\/messages<\/code>\u00a0that resembles the following example:<\/p>\n<div class=\"code panel pdl conf-macro output-block\">\n<div class=\"codeContent panelContent pdl\">\n<div>\n<div id=\"highlighter_223131\" class=\"syntaxhighlighter sh-confluence nogutter bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">localhost mod_evasive[2635]: Blacklisting address X.X.X.X: possible DoS attack.<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>The\u00a0<code>mod_evasive<\/code>\u00a0module does\u00a0<strong>not<\/strong>\u00a0blacklist clients forever,\u00a0<span class=\"inline-comment-marker\">as you can configure the block time<\/span>, but it will block them long enough to put a stop to the attack. Adjust the DOSBlockingPeriod directive in the\u00a0<code>mod_evasive<\/code>\u00a0configuration file to adjust how long to block those attacks.<\/p>\n<h2 id=\"EasyApache4nowprovidesthemod_evasiveApachemodule-Whatnext?\">What next?<\/h2>\n<p>If you would like to install mod_evasive, you can either install it in the\u00a0<em>Apache Modules<\/em>\u00a0section of WHM&#8217;s\u00a0<em><a href=\"https:\/\/documentation.cpanel.net\/display\/EA4\">EasyApache 4<\/a><\/em>\u00a0interface (<em>WHM<\/em>\u00a0&gt;&gt;\u00a0<em>Home<\/em>\u00a0&gt;&gt;\u00a0<em>Software<\/em>\u00a0&gt;&gt;\u00a0<em>EasyApache 4<\/em>), or you can install it on the command line with the\u00a0<code>yum install ea-apache24-mod_evasive<\/code>\u00a0command.<\/p>\n<p>For more information, including all the configuration details, read our\u00a0<a class=\"external-link\" href=\"https:\/\/documentation.cpanel.net\/display\/EA4\/Apache+Module%3A+Evasive\" rel=\"nofollow\">Apache Module: Evasive<\/a>\u00a0documentation.<\/p>\n<p>Happy blocking!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With the release of EasyApache 4 on Nov 7th, 2017, we now provide the\u00a0mod_evasive\u00a0Apache module. You can install it either in the EasyApache 4 interface, or with\u00a0yum install ea-apache24-mod_evasive\u00a0on the command line. What is mod_evasive? Themod_evasive Apache module helps to protect your server against\u00a0DoS, DDoS, and brute force attacks. It also acts a detection tool, [&hellip;]<\/p>\n","protected":false},"author":77,"featured_media":64809,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[49],"tags":[661,1885,1889],"class_list":["post-46889","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-easyapache","tag-evasive","tag-mod_evasive"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Blocking attacks with EasyApache 4&#039;s mod_evasive | cPanel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Blocking attacks with EasyApache 4&#039;s mod_evasive | cPanel\" \/>\n<meta property=\"og:description\" content=\"With the release of EasyApache 4 on Nov 7th, 2017, we now provide the\u00a0mod_evasive\u00a0Apache module. You can install it either in the EasyApache 4 interface, or with\u00a0yum install ea-apache24-mod_evasive\u00a0on the command line. What is mod_evasive? Themod_evasive Apache module helps to protect your server against\u00a0DoS, DDoS, and brute force attacks. It also acts a detection tool, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/\" \/>\n<meta property=\"og:site_name\" content=\"cPanel\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cpanel\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-11-09T19:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/devel.www.cpanel.net\/wp-content\/uploads\/2017\/11\/10272017EAModEvasive-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"4070\" \/>\n\t<meta property=\"og:image:height\" content=\"1956\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"cPanel Community\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cPanel\" \/>\n<meta name=\"twitter:site\" content=\"@cPanel\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"cPanel Community\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/\",\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/\",\"name\":\"Blocking attacks with EasyApache 4's mod_evasive | cPanel\",\"isPartOf\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\"},\"datePublished\":\"2017-11-09T19:00:00+00:00\",\"dateModified\":\"2017-11-09T19:00:00+00:00\",\"author\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\"},\"breadcrumb\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devel.www.cpanel.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blocking attacks with EasyApache 4&#8217;s mod_evasive\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\",\"url\":\"https:\/\/devel.www.cpanel.net\/\",\"name\":\"cPanel\",\"description\":\"Hosting Platform of Choices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devel.www.cpanel.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\",\"name\":\"cPanel Community\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"caption\":\"cPanel Community\"},\"description\":\"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel &amp; WHM their hosting platform of choice. For more information, visit cPanel.net.\",\"sameAs\":[\"https:\/\/cpanel.net\"],\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Blocking attacks with EasyApache 4's mod_evasive | cPanel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/","og_locale":"en_US","og_type":"article","og_title":"Blocking attacks with EasyApache 4's mod_evasive | cPanel","og_description":"With the release of EasyApache 4 on Nov 7th, 2017, we now provide the\u00a0mod_evasive\u00a0Apache module. You can install it either in the EasyApache 4 interface, or with\u00a0yum install ea-apache24-mod_evasive\u00a0on the command line. What is mod_evasive? Themod_evasive Apache module helps to protect your server against\u00a0DoS, DDoS, and brute force attacks. It also acts a detection tool, [&hellip;]","og_url":"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/","og_site_name":"cPanel","article_publisher":"https:\/\/www.facebook.com\/cpanel\/","article_published_time":"2017-11-09T19:00:00+00:00","og_image":[{"width":4070,"height":1956,"url":"https:\/\/devel.www.cpanel.net\/wp-content\/uploads\/2017\/11\/10272017EAModEvasive-1.png","type":"image\/png"}],"author":"cPanel Community","twitter_card":"summary_large_image","twitter_creator":"@cPanel","twitter_site":"@cPanel","twitter_misc":{"Written by":"cPanel Community","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/","url":"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/","name":"Blocking attacks with EasyApache 4's mod_evasive | cPanel","isPartOf":{"@id":"https:\/\/devel.www.cpanel.net\/#website"},"datePublished":"2017-11-09T19:00:00+00:00","dateModified":"2017-11-09T19:00:00+00:00","author":{"@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8"},"breadcrumb":{"@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/blocking-attacks-with-easyapache-4s-mod_evasive\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devel.www.cpanel.net\/"},{"@type":"ListItem","position":2,"name":"Blocking attacks with EasyApache 4&#8217;s mod_evasive"}]},{"@type":"WebSite","@id":"https:\/\/devel.www.cpanel.net\/#website","url":"https:\/\/devel.www.cpanel.net\/","name":"cPanel","description":"Hosting Platform of Choices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devel.www.cpanel.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8","name":"cPanel Community","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","caption":"cPanel Community"},"description":"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel &amp; WHM their hosting platform of choice. For more information, visit cPanel.net.","sameAs":["https:\/\/cpanel.net"],"url":"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/46889"}],"collection":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/users\/77"}],"replies":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/comments?post=46889"}],"version-history":[{"count":0,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/46889\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media\/64809"}],"wp:attachment":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media?parent=46889"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/categories?post=46889"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/tags?post=46889"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}