ModEvasive is a brilliant module that works on a web server to counter Distributed Denial of Service (DDoS) and Brute-force attacks.
DDoS attacks overwhelm a web server with a lot of traffic from different sources making a website and web applications inaccessible over a period that the invasion lasts.
A brute force attack is an automated method of accessing a resource on the web by using trial and error method. This kind of attack uses consecutive guesses in login forms to gain access to a system and gain classified information.
With ModEvasive installed and enabled on your system, you can stay away from these kinds of attacks. In this guide, we will show you how to install Apache ModEvasive module on your Ubuntu 18.04 VPS.
- A web server
- A non-root user that can perform sudo tasks
- Apache web server.
Step 1: Update Ubuntu Package Index
You should update the package information list before your install any software on your Ubuntu 18.04 server. Run the command below:
$ sudo apt-get update
Step 2: Install ModEvasive
We can now obtain and install ModEvasive from Ubuntu’s software repository using the command below:
$ sudo apt-get install libapache2-mod-evasive
You can always check if ModEvasive is running and enabled by running the command below:
$ sudo apachectl -M | grep evasive
You should get the below response from your system
$ evasive20_module (shared)
Step 3: Configuring ModEvasive
Like most Ubuntu packages, ModEvasive has a configuration file that you can configure depending on your needs. The file is located at /etc/apache2/mods-enabled/evasive.conf.
To make changes to the file, open it with a nano editor:
$ sudo nano /etc/apache2/mods-enabled/evasive.conf
Comment the entries on the file by removing the pound symbol at the beginning of each line. Then replace DOSEmailNotify with your personal email address (e.g. email@example.com).
The file should be similar to the below text when edited:
<IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSEmailNotify firstname.lastname@example.org DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" DOSLogDir "/var/log/mod_evasive" </IfModule>
Then, save the file by pressing CTRL + X, Y and Enter.
Step 4: Creating Log Directory for ModEvasive
On the above configuration file, we specified DOSLogDir as /var/log/mod_evasive this directory is not created by default when ModEvasive is installed. So we need to create it and set the appropriate file permissions.
$ sudo mkdir /var/log/mod_evasive $ sudo chown -R www-data:www-data /var/log/mod_evasive
Step 5: Restart Apache
You can now restart Apache for the changes to take effect
$ sudo systemctl restart apache2
Step 6: Testing ModEvasive
Once the ModEvasive configuration is in place, we can do some testing to make sure the module is working. There is a built in script that you can use to test ModEvasive on your server. Just run the command below:
$ sudo perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl
If you setup everything correctly, you should get the below output on the terminal screen:
... HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden ...
That’s all, your Apache web server is now configured to fight DDoS and Brute force attacks. If you have setup an email server on your server, you should get an email every time ModEvasive blocks an attempted attack on your server.