php2all Webdesign &
Programmierung

Apache HTTP DoS tool released

Offenbar gibt es neuerdings ein Tool, mit dem jede Apache-Version angegriffen werden kann.

Nähere Infos dazu: http://isc.sans ... ml?storyid=6601 und http://ha.ckers.org/slowloris/

Mail dazu von leaseweb:

There has been a public release of a Apache DoS tool.
You can read about it on the following URL´s

http://isc.sans ... ml?storyid=6601
http://ha.ckers.org/slowloris/

All versions of Apache are vulnerable.
There are a couple of solutions, one of them is limitipconn

http://dominia. ... mitipconn2.html

However we have found it does not work as it should on all
distributions. We have put together a quick shell script that should
give you protection in case your server is being attacked. It currently
is a crude version, if you see it does not work on your server please
contact our support and we will try and get it working for you.
If you suspect your server is being attacked you can download the
following to your linux webserver. This script does not work on BSD or
windows.

http://www.leaseweb.com/antiloris.sh

Place the file in some directory and make it executable.

# wget -O /usr/local/sbin/antilotis.sh http://www.leaseweb.com/antiloris.sh
# chmod 755 /usr/local/sbin/antilotis.sh
# echo \"* * * * * /usr/local/sbin/antilotis.sh\" >> /etc/crontab

Then edit the file.
In the beginning of the file there are a couple of variables:
LIMIT=50
EMAILADDRESS=your-email@example.com
SENDEMAIL=1
RESTARTAPACHE=1

LIMIT is used for the amount of sessions the attacker has to open before
his IP address will be blocked.
EMAILADDRESS is the email address you want to receive email alerts on
SENDMAIL can be 1 or 0. Set to 0 to no longer receive email.
RESTARTAPACHE This variable can restart apache after the IP address has
been blocked. Some customers may not want to restart their apache after
eac attack, but wait for regular apache time-outs.

Nicht von mir getestet und verifiziert. Das sollten Spezis mit Zugriff auf einen Linux-Apache mal machen.