LxCenter HyperVM & Kloxo Support

Forum



Members   Search      Help    Register    Login    Home
Home » LxCenter » Open and Non-Technical Discussions » SLOWLORIS
SLOWLORIS [message #94418] Sat, 21 January 2012 06:14 Go to next message
szkuta is currently offline szkuta  
Messages: 8
Registered: December 2011
Location: win32GI
Member
you should fix that on mainpage
maybe you should add a modified version of apache into a new kloxo version (mod/patch)
please have a look to this ---> antiloris

screen
http://host-tracker.com/check_res_ajx/9665037-0/

thank you

Report message to a moderator

Re: SLOWLORIS [message #94426 is a reply to message #94418] Sat, 21 January 2012 07:29 Go to previous messageGo to next message
mustafaramadhan is currently offline mustafaramadhan  Indonesia
Messages: 5728
Registered: December 2010
Location: Yogyakarta
Super Grandmaster
Forum Moderator
So, what you mean?

http://download.lxcenter.org/kdev.png
..:: MRatWork ::..
Server/Web-integrator - perfect not always more useful

--- Need KVM/OpenVZ VPS? - click here (Kloxo-MR READY!) ---

For bug/feature/security - Member rank status
http://download.lxcenter.org/hdev.png

Report message to a moderator

Re: SLOWLORIS [message #94429 is a reply to message #94426] Sat, 21 January 2012 09:12 Go to previous messageGo to next message
prandah is currently offline prandah  Indonesia
Messages: 491
Registered: March 2011
Location: indonesia
Master
Indonesian Forum Moderator
i think you check it when server get hight traffic
i have check it bot no problem Smile
http://host-tracker.com/check_res_ajx/9665814-0/

ready

Report message to a moderator

Re: SLOWLORIS [message #94493 is a reply to message #94429] Mon, 23 January 2012 08:07 Go to previous messageGo to next message
szkuta is currently offline szkuta  Germany
Messages: 8
Registered: December 2011
Location: win32GI
Member
brother listen to me
there is a bug on apache webserver
i can take down this site very easy with just one 100mbit virtual server by using a slowloris script
there is mod/addon for apache webservers calls "antiloris"

Report message to a moderator

Re: SLOWLORIS [message #94495 is a reply to message #94493] Mon, 23 January 2012 09:17 Go to previous messageGo to next message
shazar is currently offline shazar  United States
Messages: 1856
Registered: May 2011
Grandmaster
LxCenter Core Team Member
LxCenter Representative
A 100 mbit connection could probably take down a lot of low memory systems with the default apache config just because of the MaxClients setting of 256. Even better than this slowloris, you can crash a whole server and cause corruption to files or the databases.

There is an iptables example on this page that people can set up themselves: http://www.cert.org/blogs/certcc/2009/07/slowloris_vs_your_w ebserver.html

I am not saying that there isn't a need for the apache module, I just wonder how realistic this is. I can set up a Kloxo installation and use this iptables and give you an ip address to try to attack if you'd like.

https://www.mercuryvps.com
HyperVM Xen VPS hosting

Report message to a moderator

Re: SLOWLORIS [message #94517 is a reply to message #94495] Tue, 24 January 2012 10:53 Go to previous messageGo to next message
szkuta is currently offline szkuta  Germany
Messages: 8
Registered: December 2011
Location: win32GI
Member
yes sure
please send me an ip adress of a server
slowloris takes them down

Report message to a moderator

Re: SLOWLORIS [message #94522 is a reply to message #94517] Tue, 24 January 2012 12:43 Go to previous messageGo to next message
prandah is currently offline prandah  Indonesia
Messages: 491
Registered: March 2011
Location: indonesia
Master
Indonesian Forum Moderator
i just understand slowris is http DOS : http://ha.ckers.org/slowloris/

ready

Report message to a moderator

Re: SLOWLORIS [message #94525 is a reply to message #94522] Tue, 24 January 2012 13:09 Go to previous messageGo to next message
shazar is currently offline shazar  United States
Messages: 1856
Registered: May 2011
Grandmaster
LxCenter Core Team Member
LxCenter Representative
Prandah - Do you know how to run the script? I can send you an IP later on.

https://www.mercuryvps.com
HyperVM Xen VPS hosting

Report message to a moderator

Re: SLOWLORIS [message #94526 is a reply to message #94525] Tue, 24 January 2012 14:09 Go to previous messageGo to next message
prandah is currently offline prandah  Indonesia
Messages: 491
Registered: March 2011
Location: indonesia
Master
Indonesian Forum Moderator
i'm sory but i dont know how to run it
if my provider know, them server use for flooding
i will get suspend Sad

ready

Report message to a moderator

Re: SLOWLORIS [message #94527 is a reply to message #94526] Tue, 24 January 2012 14:17 Go to previous messageGo to next message
shazar is currently offline shazar  United States
Messages: 1856
Registered: May 2011
Grandmaster
LxCenter Core Team Member
LxCenter Representative
Ok I will send it to szkuta later on. I'd like to see the result against my httpd config that I posted (http-light).

https://www.mercuryvps.com
HyperVM Xen VPS hosting

Report message to a moderator

Re: SLOWLORIS [message #94531 is a reply to message #94527] Tue, 24 January 2012 19:22 Go to previous messageGo to next message
shazar is currently offline shazar  United States
Messages: 1856
Registered: May 2011
Grandmaster
LxCenter Core Team Member
LxCenter Representative
szkuta Can you paste exactly how to test? I set up my test server with just 256 MB of ram that works with Drupal 7 and wonder if it can do anything...

https://www.mercuryvps.com
HyperVM Xen VPS hosting

Report message to a moderator

Re: SLOWLORIS [message #94535 is a reply to message #94531] Tue, 24 January 2012 20:19 Go to previous messageGo to next message
thunder11 is currently offline thunder11  
Messages: 395
Registered: September 2010
Location: Serbia
Master
From what I found on the net this script works best against default settings in apache. I sincerely doubt it can do anything to your servers. Second thing, webservers should be behind something so most of the heat will never reach the target, and third, I think I'm gonna start testing your configs tomorow. Not that is relevant to the subject, but I pray to God to give me strength and stubbornest to finish my quest for holly grail of webserver configs.

Report message to a moderator

Re: SLOWLORIS [message #94537 is a reply to message #94535] Tue, 24 January 2012 22:56 Go to previous message
shazar is currently offline shazar  United States
Messages: 1856
Registered: May 2011
Grandmaster
LxCenter Core Team Member
LxCenter Representative
I have my config with 2000 connections on the front end now and flying with just 256 MB of memory:) The switch to worker was simple.

I really am interested in this slowloris though. I just want to fully understand it and see the best possible way to avoid an attack. It would be extremely hard to avoid it with the mod_php standard, though one of those slowloris mods may help, I like more native solutions or something in the Apache project personally.

https://www.mercuryvps.com
HyperVM Xen VPS hosting

Report message to a moderator

Previous Topic:[VOTE]Whats Your Favorite Webserver ?
Next Topic:Modules for whmcs
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Tue Jun 18 18:17:56 EDT 2013

Total time taken to generate the page: 0.01271 seconds
.:: Contact :: Home :: Privacy ::.

Click here to lend your support to: LxCenter and make a donation at www.pledgie.com !

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software