How to Prevent DDOS with CSF

You just need to configure two csf directives, thats it.

The two directives are PORTFLOOD and SYNFLOOD.

SYNFLOOD

SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like

SYNFLOOD = “1″

SYNFLOOD_RATE = “30/s”

SYNFLOOD_BURST = “10″

i.e. if 30 connections are received from an IP/sec for 10 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.

PORTFLOOD

PORTFLOOD = 80;tcp;100;5,22;tcp;5;300

ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.

PORTFLOOD = 80;tcp;100;5,22;tcp;5;300

ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.

 

Was this answer helpful?

 Print this Article

Also Read

How to Prevent Symlink Attacks

ad Impact of Symlink - Suppose you own a small hosting company with a Linux Box, & 1337...

How to install Linux Maldet Anti Sheller

This guide will walk you through installing LMD (Linux Malware Detect) on your VPS/Dedicated...

How to increase numiptent limit?

You may got the following errors ( Most probably after enabling CSF ) The VPS iptables...

Preventing DDOS aplification open resolver attack

DDOS Attack  by open DNS resolver: Open dns resolver provides name resolution to any network...

Is my server hacked? Lets check it with rootkit hunter

RookHit Hunter is a command-line utility that will search your machine for...