Go Back   Web Server Hosting Forum by BODHost > Support > Linux Server Hosting
http://www.bodhost.com/forum/Reload this Page Apache vulnerable to DoS?
 

Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old 06-20-09, 10:37
BOD Member
  
Join Date: Jun 2009
Posts: 47
Default Apache vulnerable to DoS?
I just got an email today that has me a little worried. According to SANS Internet Storm Center, a DoS tool has just be released recently that targets Apache web servers, among others. After a little digging, I was able to find a site with the alleged DoS tool. I won't post it here, though, since I believe it's too dangerous to make public — unless the BODhost crew want to know about it, that is. In any case, the ISC article already describes how it works.

So, are we vulnerable, and is there anything we can do to protect ourselves? One article I've read says that one possible solution is mod_limitipconn. I would like to know if that's true and if there's anything we could or should do to protect our servers.
Reply With Quote
  #2 (permalink)  
Old 06-20-09, 13:01
BOD Member
  
Join Date: Jun 2009
Posts: 48
Default
That's worrying news indeed. Considering that a majority of web servers on the internet run on Apache, that's quite a lot of potential victims. >_<
Reply With Quote
  #3 (permalink)  
Old 06-21-09, 01:10
BOD Member
  
Join Date: Jun 2009
Posts: 65
Default
This isn't anything new. This kind of vulnerability has always been present in Apache and is easily blocked anyway. CSF can block this kind of attack, I believe.
Reply With Quote
  #4 (permalink)  
Old 06-21-09, 02:12
BOD Member
  
Join Date: Jun 2009
Posts: 47
Default
Oh, so it's not that dangerous, then? That's a relief. If it's really so easily stopped, then BODhost's own security and DDoS measures should be able to stop it if it happens, right?
Reply With Quote
  #5 (permalink)  
Old 06-21-09, 06:40
BOD Member
  
Join Date: May 2009
Posts: 45
Default
That gave me a scare! It's good to know that it's not really as bad it sounded. Yeah, I know, unless you're a target, the chance of being DoS'ed is really slim. Even so, I'll rest easier knowing that my server is safe and secure.
Reply With Quote
  #6 (permalink)  
Old 10-16-09, 15:55
BOD Member
  
Join Date: Oct 2009
Posts: 50
Default
I doubt I would put more hype into it pending they have things under control, but I would always make sure that anything you can do to keep things secure, you do, rather than assume "everything will be okay". A friend did that and ended up having to rebuild his home test machine from nothing.
Reply With Quote
  #7 (permalink)  
Old 12-06-09, 11:33
BOD Member
  
Join Date: Nov 2009
Posts: 50
Default
That's a bit scary, as most web servers run on Apache. I read that DDOS usually attack sites hosted on high-profile web servers like banks, credit card payment gateways and banks. It's a bit relieving to know that my tiny site is not their target Yet, prevention is always better than cure.
Reply With Quote
Reply

« VPS to Dedicated | Linux to Windows Host? »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump


All times are GMT -6. The time now is 01:49.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0
Copyright © 1999-2012, BODHost Ltd. All rights reserved.

Web Server Hosting   -   Contact Us   -     -   Members   -   Register   -   Calendar   -   Search   -   FAQ