Dear guys

My server was unstable at this month
sometimes fork 700 process and apache 80 access per second
and that's made server very slow . very bad browsing

when i checked log files /var/log/messages found that errors

Apr 20 04:06:28 suhosin[798]: ALERT - configured request variable value length limit exceeded - dropped variable 'message' (attacker '212.107.116.238', file '/usr/local/cpanel/cgi-sys/php4')
Apr 22 00:27:05 suhosin[15442]: ALERT - configured request variable name length limit exceeded - dropped variable 'amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;a mp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp ;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;a mp;amp;amp;amp;amp;amp;goto' (attacker '87.117.227.208', file '/usr/local/cpanel/cgi-sys/php4')
Apr 22 00:27:06 suhosin[15445]: ALERT - configured request variable name length limit exceeded - dropped variable 'amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;a mp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp ;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;a mp;amp;amp;amp;amp;amp;goto' (attacker '87.117.227.208', file '/usr/local/cpanel/cgi-sys/php4'

How could i stop that attack by mod_security

Thanks

The Suhosin alerts already tell you it dropped the request, so that's good. I'd use something like the iptables recent, tarpit, hash or equivalent module instead to keep connection limits or drop offenders, then Snort to catch any exploiting and then mod_security to deny everything else bad that passes up the stack. There's more but it's a start.

An introduction to mod_security can be found here, http://www.onlamp.com/pub/a/apache/2..._security.html.