Linux Tools
Now Reading
How to avoid Clickjacking and SlowLoris attacks in CentOS
0

How to avoid Clickjacking and SlowLoris attacks in CentOS

To avoid Clickjacking and SlowLoris attacks in CentOS

In this article we will learn how to avoid Clickjacking and SlowLoris attacks in CentOS.

Clickjacking
Clickjacking is a method in which the users are attacked in a practical manner. For an instance, you may click some images or any part of the web, but it automatically redirects you to the hidden page. In this the users will never know that they are hacked. Example of such case is, following someone on Facebook, sharing the news or anything on Twitter, and other Google AdSense clicks.

Fixing Clickjacking

Before starting, make sure that your server is running or not by using the following command.

[root@linuxhelp ~]# systemctl status httpd 
 httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2016-09-16 11:58:26 IST; 3 days ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 16546 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
 Main PID: 16622 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─16622 /usr/sbin/httpd -DFOREGROUND
           ├─16623 /usr/sbin/httpd -DFOREGROUND
           ├─16624 /usr/sbin/httpd -DFOREGROUND
           ├─16625 /usr/sbin/httpd -DFOREGROUND
           ├─16627 /usr/sbin/httpd -DFOREGROUND
           └─16628 /usr/sbin/httpd -DFOREGROUND

Sep 16 11:58:25 linuxhelp systemd[1]: Starting The Apache HTTP Server...
Sep 16 11:58:25 linuxhelp httpd[16622]: AH00558: httpd: Could not reliably determine t...age
Sep 16 11:58:26 linuxhelp systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

Run the following command to check the X-frame parameter in the Apache servers. It is used to prevent the user from the Clickjacking attacks.

[root@linuxhelp ~]# curl -I http://192.168.7.190/ 
HTTP/1.1 403 Forbidden
Date: Tue, 20 Sep 2016 01:16:14 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8

As the output does not show any sign of “X-Frame” parameter, our server is vulnerable and can be attacked easily. To enable it open the apache configuration file and edit as follows.

[root@linuxhelp ~]# vim /etc/httpd/conf/httpd.conf 
Header always append X-Frame-Options SAMEORIGIN

Then save and exit.
Run the following command to verify the syntax error.

[root@linuxhelp ~]# httpd -t 
Syntax OK

In order to apply the changes, restart apache web server.

[root@linuxhelp ~]# systemctl restart httpd 

Run the following command to check whether the X-Frame parameter is enabled or not.

[root@linuxhelp ~]# systemctl restart httpd
[root@linuxhelp ~]# curl -I http://192.168.7.190/ 
HTTP/1.1 403 Forbidden
Date: Tue, 20 Sep 2016 01:25:32 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8

Now your system is secured from Clickjacking attack.

SlowLoris
SlowLoris is a service denied attack. In this one web server attacks another server and destroys all the resources and services running inside the server. If you open a web page it will be blocked automatically, and creates a Deadlock situation.

Fixing SlowLoris

Many parameters are used to prevent server from SlowLoris attack. Here, we will implement QOS module to stop SlowLoris attacks in Apache. Edit apache configuration file and add the QOS module configuration as follows.

[root@linuxhelp ~]# vim /etc/httpd/conf/httpd.conf 

      QS_ClientEntries                  100000
      QS_SrvMaxConnPerIP                50
      MaxClients                        256
      QS_SrvMaxConnClose                180
      QS_SrvMinDataRate                 150 1200

:wq

Save and exit from the file.
Explanations
QS_ClientEntries          – shows the connection limits.
MaxClients                      – shows the maximum clients per connections.
QS_SrvMaxConnClose – it keeps the server Alive when at least 180(mentioned) connections are in use.
QS_SrvMinDataRate    – requires a minimum of 150 bytes per second per connection and limits the connection to 1200 bytes per second           when the server reaches the MaxClients limit.
QS_SrcMaxConnPerIP – shows the connection per IP

Now our system is safe from Clickjacking and SlowLoris attacks.

Thank you! for using Linux Help.

You find this tutorial helpful? Share with your friends to keep it alive.

For more help topics, browse our website www.linuxhelp.com

Be the first to comment, we value your suggestions. For further queries please comment below.

Leave a Response