How to Prevent DDOS with CSF

You just need to configure two csf directives, thats it.

The two directives are PORTFLOOD and SYNFLOOD.

SYNFLOOD

SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like

SYNFLOOD = “1″

SYNFLOOD_RATE = “30/s”

SYNFLOOD_BURST = “10″

i.e. if 30 connections are received from an IP/sec for 10 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.

PORTFLOOD

PORTFLOOD = 80;tcp;100;5,22;tcp;5;300

ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.

PORTFLOOD = 80;tcp;100;5,22;tcp;5;300

ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.

 

Was this answer helpful?

 Print this Article

Also Read

How to change default SSH port?

Everyone knows 22 is the default SSH port. So it’s always good to change this default port...

How to disable all Apache header information?

Follow the below steps to disable Apache header information. Edit your mail Apache configuration...

How to prevent DDoS attack with csf?

First make sure DDOS attack is not from open recursive DNS settings. To check and fix that issue...

Disable shell access for unknown users

Suspect there are other users in your system that have shell access to your system? Please follow...

How to install Linux Maldet Anti Sheller

This guide will walk you through installing LMD (Linux Malware Detect) on your VPS/Dedicated...