How to Prevent DDOS with CSF

You just need to configure two csf directives, thats it.

The two directives are PORTFLOOD and SYNFLOOD.

SYNFLOOD

SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like

SYNFLOOD = “1″

SYNFLOOD_RATE = “30/s”

SYNFLOOD_BURST = “10″

i.e. if 30 connections are received from an IP/sec for 10 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.

PORTFLOOD

PORTFLOOD = 80;tcp;100;5,22;tcp;5;300

ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.

PORTFLOOD = 80;tcp;100;5,22;tcp;5;300

ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.

 

Was this answer helpful?

 Print this Article

Also Read

How to disable ping request?

If you are looking for the  steps to disable ping. Please find the steps below. Run the...

Prevent DDoS by using mod_evasive

“mod_evasive” is an evasive maneuvers module for Apache to provide evasive action in...

How to Prevent Symlink Attacks

ad Impact of Symlink - Suppose you own a small hosting company with a Linux Box, & 1337...

How to Password Protect a Directory

This tutorial will teach how to password protect a directory. Password protecting a directory...

How to change default SSH port?

Everyone knows 22 is the default SSH port. So it’s always good to change this default port...