Most creators, businesses, and publishers don’t have the
expertise to monitor and manage the ever evolving landscape of security
threats, and so they trust their web hosting company to take care of
their online presence. Today, I want to take a look at two of the
components that allow responsible web hosting providers to keep their
clients safe from attack.
from http://www.wiredtree.com/blog/how-mod_evasive-and-mod_security-help-protect-your-website/
Mod_evasive
A denial of service attack
occurs when a server or group of servers — often constituents of a
botnet — bombard a site with many more requests than it can handle,
resulting in degraded service for legitimate users, and, in the worst
cases, no service at all.
Apache, the web server that serves the majority of sites on
the web, isn’t very good at handling denial of service attacks. It will
assume that all requests are genuine and make a good faith effort to
fulfill them. But, when those requests become excessive, Apache can
become overloaded and use all of the server resources available to it,
causing the server to slow down to a crawl.
Mod_evasive
bills itself as an “evasive maneuvers module for Apache” and helps the
web server to better determine which requests are genuine and which are
malicious, making it a powerful tool for preventing denial of service
attacks from swamping servers. It creates a dynamic table containing the
IP addresses of incoming requests and monitors them for bad behavior,
denying requests from IPs that match certain conditions. For example, if
an IP requests the same page more than a few times a second,
mod_evasive will ignore future requests for a period of time. It will
also deny requests from any IP making more than 50 requests per second
of the same child process. Essentially, mod_evasive rate limits requests
in an attempt to prevent the server becoming overwhelmed.
Mod_security
Mod_security is
an application-layer firewall for Apache (and other web servers). It
monitors incoming requests and blocks those that contain common
exploits. For example, one of the most pervasive methods used by hackers
to breach the security of sites running databases is through SQL
injection attacks. Poorly coded sites that don’t properly validate input
are vulnerable to being passed strings that will be run by the
database, potentially allowing hackers to gain access to data that they
shouldn’t be able to see or even edit the database — causing it to
delete user information, for example. Mod_security will prevent these
sort attacks from being successful by blocking them before they ever
reach the server.
In a recent study, mod_security was found to be more effective at preventing successful attacks than the systems implemented by SaaS web application firewall providers like CloudFlare.
While neither of these applications will make a site invulnerable,
working together they can defeat a significant proportion of the attacks
that will be faced by the average website, helping ensure that a site
does not become a victim of hackers and maintains stability,
availability, and performance in the face of denial of service attacks.from http://www.wiredtree.com/blog/how-mod_evasive-and-mod_security-help-protect-your-website/