Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security and Mod_evasive Modules

Step 4: Simulating an DDoS Attacks on Apache

There are several tools that you can use to simulate an external attack on your server. You can just google for “tools for simulating ddos attacks” to find several of them.

Note that you, and only you, will be held responsible for the results of your simulation. Do not even think of launching a simulated attack to a server that you’re not hosting within your own network.

Should you want to do the same with a VPS that is hosted by someone else, you need to appropriately warn your hosting provider or ask permission for such a traffic flood to go through their networks. Tecmint.com is not, by any means, responsible for your acts!

In addition, launching a simulated DoS attack from only one host does not represent a real life attack. To simulate such, you would need to target your server from several clients at the same time.

Our test environment is composed of a CentOS 7 server [IP 192.168.0.17] and a Windows host from which we will launch the attack [IP 192.168.0.103]:

Confirm Host IPAddress

Confirm Host IPAddress

Please play the video below and follow the steps outlined in the indicated order to simulate a simple DoS attack:

Then the offending IP is blocked by iptables:

Blocked Attacker IP

Blocked Attacker IP

Conclusion

With mod_security and mod_evasive enabled, the simulated attack causes the CPU and RAM to experiment a temporary usage peak for only a couple of seconds before the source IPs are blacklisted and blocked by the firewall. Without these tools, the simulation will surely knock down the server very fast and render it unusable during the duration of the attack.

We would love to hear if you’re planning on using (or have used in the past) these tools. We always look forward to hearing from you, so don’t hesitate to leave your comments and questions, if any, using the form below.

Reference Links

https://www.modsecurity.org/
http://www.zdziarski.com/blog/?page_id=442

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

133 Responses

  1. Malcolm Turnbull says:

    Gabriel,
    Thanks the mod_evasive stuff is really interesting – I might have a play with it…

    A true DDOS is pretty hard to handle but every little helps.

    We’ve noticed a big rise in brute force login attacks recently and made a blog about using ModSecurity to stop them: loadbalancer.org/blog/brute-force-login-modsecurity-waf

  2. helwi ahmad says:

    this tutorial for old version and you will found error if you use this version of tutorial.

  3. Sam says:

    Thank you for a perfect article.

    I did all the steps in tutorial but when I restart apache got the below error,

    AH00526: Syntax error on line 25 of /etc/httpd/crs/owasp-modsecurity-crs/base_rules/modsecurity_crs_40_generic_attacks.conf:
    Error creating rule: Unknown variable: pk_ref)/

    so, what can i do!

  4. John says:

    Hi,

    I have a CentOS 7 / Plesk Onyx server with multiple PHP versions. How can I install these extensions on each PHP version (5.4, 5.6, 7.0, 7.1)?

    Thanks.

  5. Nguyen Hung says:

    I can’t do that. I can’t run below command, may be owsap update or upgrade. So can you fix some thing. Please!

    # wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
    
  6. EVGA says:

    I think it doesn’t work well with CloudFlare. Have you try install vDDoS Protection Reverse Proxy from https://sourceforge.net/p/vddos-protection Layer 7 Filter Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack?

Leave a Reply to helwie ahmad Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.