How to avoid Clickjacking and SlowLoris attacks in CentOS
To avoid Clickjacking and SlowLoris attacks in CentOS
In this article we will learn how to avoid Clickjacking and SlowLoris attacks in CentOS.
Clickjacking
Clickjacking is a method in which the users are attacked in a practical manner. For an instance, you may click some images or any part of the web, but it automatically redirects you to the hidden page. In this the users will never know that they are hacked. Example of such case is, following someone on Facebook, sharing the news or anything on Twitter, and other Google AdSense clicks.
Fixing Clickjacking
Before starting, make sure that your server is running or not by using the following command.
[root@linuxhelp ~]# systemctl status httpd
? httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service enabled vendor preset: disabled)
Active: active (running) since Fri 2016-09-16 11:58:26 IST 3 days ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 16546 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 16622 (httpd)
Status: " Total requests: 0 Current requests/sec: 0 Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
??16622 /usr/sbin/httpd -DFOREGROUND
??16623 /usr/sbin/httpd -DFOREGROUND
??16624 /usr/sbin/httpd -DFOREGROUND
??16625 /usr/sbin/httpd -DFOREGROUND
??16627 /usr/sbin/httpd -DFOREGROUND
??16628 /usr/sbin/httpd -DFOREGROUND
Sep 16 11:58:25 linuxhelp systemd[1]: Starting The Apache HTTP Server...
Sep 16 11:58:25 linuxhelp httpd[16622]: AH00558: httpd: Could not reliably determine t...age
Sep 16 11:58:26 linuxhelp systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
Run the following command to check the X-frame parameter in the Apache servers. It is used to prevent the user from the Clickjacking attacks.
[root@linuxhelp ~]# curl -I http://192.168.7.190/
HTTP/1.1 403 Forbidden
Date: Tue, 20 Sep 2016 01:16:14 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: " 1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html charset=UTF-8
As the output does not show any sign of “ X-Frame” parameter, our server is vulnerable and can be attacked easily. To enable it open the apache configuration file and edit as follows.
[root@linuxhelp ~]# vim /etc/httpd/conf/httpd.conf
Header always append X-Frame-Options SAMEORIGIN
Then save and exit.
Run the following command to verify the syntax error.
[root@linuxhelp ~]# httpd -t
Syntax OK
In order to apply the changes, restart apache web server.
[root@linuxhelp ~]# systemctl restart httpd
Run the following command to check whether the X-Frame parameter is enabled or not.
[root@linuxhelp ~]# systemctl restart httpd
[root@linuxhelp ~]# curl -I http://192.168.7.190/
HTTP/1.1 403 Forbidden
Date: Tue, 20 Sep 2016 01:25:32 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: " 1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html charset=UTF-8
Now your system is secured from Clickjacking attack.
SlowLoris
SlowLoris is a service denied attack. In this one web server attacks another server and destroys all the resources and services running inside the server. If you open a web page it will be blocked automatically, and creates a Deadlock situation.
Fixing SlowLoris
Many parameters are used to prevent server from SlowLoris attack. Here, we will implement QOS module to stop SlowLoris attacks in Apache. Edit apache configuration file and add the QOS module configuration as follows.
[root@linuxhelp ~]# vim /etc/httpd/conf/httpd.conf
QS_ClientEntries 100000
QS_SrvMaxConnPerIP 50
MaxClients 256
QS_SrvMaxConnClose 180
QS_SrvMinDataRate 150 1200
:wq
Save and exit from the file.
Explanations
QS_ClientEntries - shows the connection limits.
MaxClients - shows the maximum clients per connections.
QS_SrvMaxConnClose - it keeps the server Alive when at least 180(mentioned) connections are in use.
QS_SrvMinDataRate - requires a minimum of 150 bytes per second per connection and limits the connection to 1200 bytes per second when the server reaches the MaxClients limit.
QS_SrcMaxConnPerIP - shows the connection per IP
Now our system is safe from Clickjacking and SlowLoris attacks.
Comments ( 0 )
No comments available