How to install mod_evasive on a cPanel server

We are going to install mod_evasive to help protect our cPanel server from low end ddos attacks. The installation is really quite simple.

This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on ‘reload’ should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to us.

OK, now that’s done, how do we install this thing? Pretty simple, lets log into a terminal session as root.

I always download everything to my downloads folder, so, we change to it:

root@linuxserverguide[~] # cd downloads

Now, we need to grab the file (this is the latest version as of this post):

root@linuxserverguide[~/downloads] # wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz

Of course, we now need to extract them:

root@linuxserverguide[~/downloads] # tar zxvf mod_evasive_1.10.1.tar.gz

Now, change into the directory that was just created:

root@linuxserverguide[~/downloads] #cd mod_evasive

Now, you can view the README file for information on how to install this on a couple of different types of servers, however, we are going to focus on installing mod_evasive on an Apache2x server. We also have cPanel running on this box, so, to install, we run the following:

root@linuxserverguide[~/downloads] #/usr/local/apache/bin/apxs -i -a -c mod_evasive20.c

Now, that will create an entry in the httpd.conf file, and, if we want to retain that after an upgrade/rebuild, we need to tell cPanel not to take it out! Do do this, we now run this:

root@linuxserverguide[~/downloads] # /usr/local/cpanel/bin/apache_conf_distiller –update

Now, to change the settings for mod_evasive, we need to add them in some place. All we have done so far, is install the actually module into apache, and, even with a restart, it would not be using it. So, I like to add things into my includes files through either WHM, or, directly through the terminal. To do this, we run the following:

root@linuxserverguide[~/downloads] # vim /usr/local/apache/conf/includes/post_virtualhost_2.conf

Once the file is open, lets add in the following lines to the bottom of the file:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 3600
DOSEmailNotify root
</IfModule>

Once done, save the file, this varies depending on your editor of choice, in VI and VIM, its :wq enter.

That’s all folks! This will help to lesson the load on your server under a mild ddos attack, or, someone just being silly and trying to increase the load on your server.