cPanel & WHM Version 94 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

Apache module inclusion : mod_antilorus

david-dunn shared this idea 8 years ago
Completed

Hi Guys,


At the moment it would appear that cPanel / EasyApache ships without any 'SlowLorus' protection (which is a vulnerability in Apache which can DoS Apache in to being unresponsive and 'eat up' all of the connections Apache has available.


All it takes is one simple script on a Virtual Machine to take out nearly any cPanel server running Apache (from what I can tell) unless you are running mod_antilorus, which is not currently part of EasyApache.


Having this as a module (which I would recommend enabled by default) as part of Apache would really make sense to me from a security standpoint.


Further information regarding both the attack and fix can be found here:


http://ha.ckers.org/slowloris/

http://sourceforge.net/projects/mod-antiloris/


I know it's about two years old, and the advent of Apache 2.4 using the MPM workers *should* resolve this, I still think it would be a worthwhile inclusion.


Best Regards,David Dunn

Micron21

Best Answer
photo

Administrators may use mod_qos to protect against SlowLoris attacks. EasyApache has provided mod_qos for some time.

Comments (2)

photo
1

mod_qos was added to EasyApache last year to allow system administrators to protect there systems from slowlorus.


From looking at the mod_antilorus page the module looks abandoned. The last code change happened 2 and half years ago.

photo
1

Administrators may use mod_qos to protect against SlowLoris attacks. EasyApache has provided mod_qos for some time.

Replies have been locked on this page!