Some fake hackers like to hack deployed servers by using tools like "DirBuster"; however, it's easy to defend. Also remember that applying brute force on deployed server is ILLEGAL and that will get you into trouble.
I am using IP 123.123.123.123 as the attacker's IP here.
1. Ban the attacker's IP
In the apache setting file add:
<Location />
Order deny,allow
Deny from 123.123.123.123
</Location>
2. Setup mod_evasive
Follow the instruction here, which is:
- apt-get install apache2-utils
- make sure module configuration is on in Apache setting:
- Include mods-enabled/*.load
- Include mods-enabled/*.conf
- configure DOS parameters by adding following into .conf file of the site
<IfModule mod_evasive20.c>To test, run this perl script: https://github.com/KoHead/mod_evasive/blob/master/test.pl
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify someone@somewhere.com
</IfModule>
3. Setup Nagios with notifications
Setup a system monitoring program on the server, so if there's anything abnormal the administrator will receive emails immediately. Check: http://www.nagios.org/
No comments:
Post a Comment