{"id":1562,"date":"2015-07-06T22:43:53","date_gmt":"2015-07-06T20:43:53","guid":{"rendered":"https:\/\/www.hostking.host\/blog\/?p=1562"},"modified":"2015-07-06T22:43:53","modified_gmt":"2015-07-06T20:43:53","slug":"how-to-install-mod-evasive-on-cpanel-servers","status":"publish","type":"post","link":"https:\/\/www.hostking.host\/blog\/how-to-install-mod-evasive-on-cpanel-servers\/","title":{"rendered":"How to install mod_evasive on cPanel Servers"},"content":{"rendered":"

mod_evasive<\/strong> is an Apache module by Jonathan Zdziarski to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.<\/p>\n

This article is using version 1.10.1 (stable). You can grab the latest from Zdziarski<\/a>.<\/p>\n

    \n
  1. \n
    Login to your server as the root user via SSH terminal.<\/div>\n<\/li>\n
  2. \n
    Let’s navigate to the default ‘source’ directory and download the latest module for Apache to compile against.<\/div>\n
      \n
    • \n
      \n
      cd \/usr\/local\/src\/\ncurl -Ls https:\/\/go.khtechs.com\/modevasive > \/usr\/local\/src\/mod_evasive.tar.gz<\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n
    • \n
      Extract the newly downloaded archive and move into it’s directory.<\/div>\n
        \n
      • \n
        \n
        tar xf mod_evasive.tar.gz\ncd \/usr\/local\/src\/mod_evasive<\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n
      • \n
        Perform the following command to build the module from it’s source:<\/div>\n
          \n
        • \n
          \n
          \/usr\/local\/apache\/bin\/apxs -i -a -c mod_evasive24.c<\/pre>\n<\/div>\n<\/li>\n
        • \n
          Once completed successfully, you should see a few lines of output, ending with:<\/div>\n<\/li>\n
        • \n
          \n
          [activating module `evasive20' in \/usr\/local\/apache\/conf\/httpd.conf]<\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n
        • \n
          We also need to tell Apache where to look for mod_evasive’s configurations. Open Apache’s configuration file and look for ‘LoadModule evasive*’, right below it add:<\/div>\n
            \n
          • \n
            \n
            Include \"\/usr\/local\/apache\/conf\/includes\/mod_evasive.conf\"<\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n
          • \n
            That created an entry in the Apache configuration, however cPanel’s EasyApache will remove it on any rebuild\/upgrade unless we distill it.<\/div>\n
              \n
            • \n
              \n
              \/usr\/local\/cpanel\/bin\/apache_conf_distiller --update<\/pre>\n<\/div>\n<\/li>\n
            • \n
              You’ll receive ‘Distilled successfully’ as long as all syntax is correct.<\/div>\n<\/li>\n<\/ul>\n<\/li>\n
            • \n
              Now that we know it won’t be removed from the main configuration, we can add our mod_evasive.conf.<\/div>\n
                \n
              • \n
                \n
                touch \/usr\/local\/apache\/conf\/includes\/mod_evasive.conf\nnano mod_evasive.conf<\/pre>\n<\/div>\n<\/li>\n
              • \n
                When nano opens, add the following (or your custom configuration) to the file:<\/div>\n<\/li>\n
              • \n
                \n
                <IfModule mod_evasive20.c>\n    DOSHashTableSize    3097\n    DOSPageCount        2\n    DOSSiteCount        50\n    DOSPageInterval     1\n    DOSSiteInterval     1\n    DOSBlockingPeriod   3600\n    DOSLogDir           \"\/var\/log\/mod_evasive\"\n    DOSWhitelist        127.0.0.1\n<\/IfModule><\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n
              • \n
                Let’s make the directory for logs.<\/div>\n
                  \n
                • \n
                  \n
                  touch \/var\/log\/mod_evasive<\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n
                • \n
                  Test the configuration syntax to make sure everything is correct.<\/div>\n
                    \n
                  • \n
                    \n
                    \/usr\/local\/apache\/bin\/apachectl configtest\nSyntax OK<\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n
                  • \n
                    Restart Apache.<\/div>\n
                      \n
                    • \n
                      \n
                      \/scripts\/restartsrv_httpd<\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n
                    • \n
                      Check to make sure the evasive module is running.<\/div>\n
                        \n
                      • \n
                        \n
                        \/usr\/local\/apache\/bin\/apachectl -M | grep evasive<\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n
                      • \n
                        To ensure EasyApache rebuilds mod_evasive with upgrades of Apache, rebuilds, etc. perform the following:<\/div>\n
                          \n
                        • \n
                          \n
                          echo \"\/usr\/local\/apache\/bin\/apxs -i -a -c \/usr\/local\/src\/mod_evasive\/mod_evasive24.c\" >> \/scripts\/after_apache_make_install\nchmod +x \/scripts\/after_apache_make_install<\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n
                          You’re all set!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
                          mod_evasive is an Apache module by Jonathan Zdziarski to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed…<\/p>\n","protected":false},"author":2,"featured_media":1219,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[88,89],"class_list":["post-1562","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-website-and-web-hosting","tag-brute-force","tag-ddos","entry"],"_links":{"self":[{"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/posts\/1562","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/comments?post=1562"}],"version-history":[{"count":0,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/posts\/1562\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/media\/1219"}],"wp:attachment":[{"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/media?parent=1562"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/categories?post=1562"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/tags?post=1562"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}