These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for Apache reported as vulnerable to SlowLoris, BEST and CRIME attacks on Virtualmin on the new forum.
Web Hosting and Cloud Computing Control Panels
Anyone pls?
Thanks
I suspect that you're not getting answered because this is not a virtualmin question.
All of these are attacks on your webserver, apache. I would ask the people who conducted your penetration test where the best place to go look for information would be.
Above that - I'd also say that protecting against DOS attacks is nowhere near as essential as other forms of security. Being DOS'ed is having your site go down. Not good, but your damage is limited to that, you don't lose data or become a conduit for Spam, and generally these attacks let up fairly soon. If you are being criminally blackmailed, your ISP and the FBI can actually help.
Everyone I know who's run a server for a long time has been hacked, rooted or otherwise compromised at some point in their careers. I don't know anyone who's been DOS'ed.
I think a perfectly reasonable strategy for nearly all small- and medium-sized organizations is to simply ignore the possibility of DOS'ing until and unless it actually happens.
If the only vulnerabilities your server has is to DOS, then you're in excellent shape. Change nothing. :-D
Hello Tom, thanks a lot for your comments.
Yes, I´m very concerned about security. I use the CSF firewall from http://configserver.com/, and it has helped a lot. One of my customers website was a target for a distributed DOS attack once, I was able to block it denying the attackers IPs, it was a lot of work, and CSF helped a lot that day (around 300 IPs).
I did a bit of research and I know is not a trivial task to block DOS attacks, so I posted here looking for some advice.
The customer that sent me the report is a big company in Brazil, and it would be bad for my company to answer something like "when it happens we will see what we can do". I have to make a least a few precautions to try to avoid the attack.
My main concern is the SlowLoris attack, because it seems to be an easy attack to perform. It leaves a connection open on Apache holding its resources. Is there any configuration that can be done in Apache to prevent this? Or a module?
Thank you very much
As I said - this NOT the right site to ask this question!
I believe this issue should a concern for everyone that has a Virtualmin box, so I don't think it is so wrong to post it here. But anyway, I'm sorry, I'll seek for help somewhere else.
Howdy,
While you are quite welcome to post sysadmin related questions here, I'm not entirely certain of the answers to those.
I think some of them may simply be SSL cipher related though. For example, I Google'd "Apache beast", and came up with this link, showing SSL ciphers to configure Apache with:
http://mariobrandt.de/archives/technik/secure-apache-against-cve-2011-33...
Hi Eric,
Yes, I've seen that one. I'll search for solutions and will try to implement them. When I'm done I'll post my findings here for future reference.
Thank you
Hello all,
For reference, to block the Anti Loris there is an Apache module that does it. To install it on Centos 6.3 I used the instructions bellow:
http://www.santavy.sk/item3/antiloris.html
install the APache eXtenSion tool (apxs from httpd-devel)
download the antiloris apache module
untar the installer
install the module
restart the apache
check whether mod_antiloris is loaded properly
Cheers, []s
I have had experience where at least once a week I had to restart the server when it started acting very slow. looking at my apache logs I saw one my busier virtual website was getting overwhelmed with request coming from a web crawler. Searching online for a solution I found this http://www.howtoforge.com/how-to-defend-slowloris-ddos-with-mod_qos-apac.... After I installed it on my Debian box the problem went away. This might also help.