Results 1 to 7 of 7
  1. #1
    Join Date
    Jan 2003
    Location
    England
    Posts
    124

    mod_dosevasive - default settings too strict?

    Hi,

    I recently installed mod_dosevasive, and left the settings as default. This was thus as follows:

    Code:
    DOSHashTableSize 3097
    DOSPageCount 5
    DOSSiteCount 100
    DOSPageInterval 2
    DOSSiteInterval 2
    DOSBlockingPeriod 10
    DOSBlockingPeriod 600
    However, I've found that a few customers are now getting locked out of their own sites thanks to this.

    Could anyone please advise as to better settings for mod_dosevasive? Does anyone have the module installed on their servers, and have no problems with customers getting locked out, while still preventing any actual flooding attacks?

    Any help would be much appreciated! Thanks in advance.

  2. #2
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,093
    That config usually works but if you are having trouble just up the limits. Set the PAgeCount to say 10 or maybe 15. The SiteCoun should be fine.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  3. #3
    Join Date
    May 2005
    Location
    Balmumcu, Istanbul, TR
    Posts
    21
    In this similar configuration, I fail to get emails to root with:
    DOSEmailNotify root
    . my apache runs as nobody and the /bin/mail perms are like:
    -rwxrwx--- 1 bin mail 69276 Feb 28 2004
    and I see this in error_log:
    sh: line 1: /bin/mail: Permission denied
    how should I re-write/edit the mod_dosevasive source file?

  4. #4
    Join Date
    Jan 2002
    Location
    UK
    Posts
    1,040
    that configuration can lock people out of doing things like vBB counter updates.

    eg. they click update counters for 1200 posts 100 posts done and it refreshes page on the 6th refresh they will get blocked.

  5. #5
    Join Date
    May 2005
    Location
    Balmumcu, Istanbul, TR
    Posts
    21

    in detail please?

    Originally posted by Chrysalis
    that configuration can lock people out of doing things like vBB counter updates.

    eg. they click update counters for 1200 posts 100 posts done and it refreshes page on the 6th refresh they will get blocked.
    can you explain this in detail please? with reasons..

  6. #6
    Join Date
    May 2005
    Location
    Balmumcu, Istanbul, TR
    Posts
    21
    ^bump^ ^bump^

  7. #7
    Join Date
    Jan 2002
    Location
    UK
    Posts
    1,040
    I already have

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •