Install these 2 modules to protect your Apache server from DDoS attacks

Mod_Security and Mod_evasive

Servers run by small businesses that do not employ a full time admin are more often than not vulnerable to DDoS attacks. These servers rely mostly on the business owner’s know-how which is inadequate in most cases. Today, we take a look at the two modules that can help mitigate security risks from brute force and DDoS attacks to an extent.

Dedicated server providers pre install security fixes along with operating system and control panel. However, some fixes are left to the owners because they may affect the particular setup the owner wants to run. In any case, before the server is cleared for production environment, it should be reviewed for security issues and any known vulnerabilities should be addressed.

Securing servers is important because scripts to execute a DDoS attack are just as easy to locate on the web as they are to run. A vulnerable web server is like a sitting duck with neon lights on its back, they are easy to locate and attack. Vulnerable web servers within a protected network can also be used as a bouncing board to infiltrate the entire network within which the dedicated server is housed in.

Over the years various vulnerabilities have been detected, exploited and fixed in all available operating systems and web server platforms. Since Apache is the most popular web server, it is also the one that has been targeted more than others. The data from these attacks has been used to develop effective open source protection like the Mod_Security and Mod_evasive modules for Apache. These modules address the vulnerabilities that can be exploited to launch an attack.

Mod_Security is like a firewall on your computer, it runs on the web server and protects the web applications from attacks by actively detecting and preventing intrusions. It is designed to block commonly known exploits by implementing standard expressions and rule sets. This detection and prevention engine has a negligible footprint on the server resources and goes about its task by integrating itself within the web server.

Mod_Evasive is more like an umbrella. As its name suggests, it enables a web server to deploy evasive maneuvers when under a DDoS or brute force attack to protect itself from the damaging effects of the attack. It protects the server and network by detecting the number of requests from a single IP address per second. For example, if the connection requests from a particular IP address exceed the default of 50 simultaneous requests per second, it is blocked.

Techmint.com has a great article here with step by step instructions to install and configure Mod_Security and Mod_evasive modules to help protect your server. When in doubt you can always contact your tech support for more information.


Leave a Reply

Your email address will not be published. Required fields are marked *