How to Prevent DDOS with CSF

You just need to configure two csf directives, thats it.

The two directives are PORTFLOOD and SYNFLOOD.

SYNFLOOD

SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like

SYNFLOOD = “1″

SYNFLOOD_RATE = “30/s”

SYNFLOOD_BURST = “10″

i.e. if 30 connections are received from an IP/sec for 10 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.

PORTFLOOD

PORTFLOOD = 80;tcp;100;5,22;tcp;5;300

ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.

PORTFLOOD = 80;tcp;100;5,22;tcp;5;300

ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.

 

Was this answer helpful?

 Print this Article

Also Read

How to Secure WHM/cPanel

Login to WHM using root username/passwdhttp://serverip:2086 or http://serverip/whm WHM –...

Scan your Linux system with Clam AntiVirus/ClamAV.Installation Guide

ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware...

How to install Linux Maldet Anti Sheller

This guide will walk you through installing LMD (Linux Malware Detect) on your VPS/Dedicated...

WHM/cPanel Server Hardening And Security Basics

1. Introduction A step by step paper how to secure linux server with cPanel/WHM andApache...

Installing Rkhunter (Rootkit Hunter) in RHEL, CentOS and Fedora

Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems...