| Posted by HostingFields, 01-11-2010, 06:26 PM | | Hello,
Could this protection work with CSF?
I see in configuration it is for APF.
http://deflate.medialayer.com/
Thanks,
s-f-r-j
|
| Posted by rickb12, 01-11-2010, 06:29 PM | | Yes. DDoS Deflate will work under CSF.
Also, take a look at CSF's Connection Flood feature. Although I don't recommend enabling it all of the time, it's a good tool to keep in your toolbox for when a DDoS attack comes up.
|
| Posted by HostingFields, 01-11-2010, 06:34 PM | | in its configuration it shows this:
APF="/etc/apf/apf"
Should i change this to something else?
I was looking @ CSF's protection, but was afraid to enable\change it
|
| Posted by M Bacon, 01-11-2010, 06:41 PM | | In ddos.conf you change these two lines.
Change:
To:
Change the email to your email address to see alerts. CSF has some protection against DDOS with connection tracking if you need it.
|
| Posted by HostingFields, 01-11-2010, 06:53 PM | | so, even tho APF is not installed on my server, that will work?
.. because i see its all APF, APF, APF
What would be recommended option for connection? 150?
Thanks,
s-f-r-j
|
| Posted by M Bacon, 01-11-2010, 06:56 PM | | Yes. You do need APF at all.
150 is fine.
|
| Posted by RHS-Chris, 01-11-2010, 10:56 PM | | You can do this with CSF, and not with APF. In the file ddos.conf, change this line:
APF="/etc/apf/apf"
to
APF="/usr/sbin/csf"
or, where ever you have csf installed. This will add the IP to the csf.deny file.
|
| Posted by HostingFields, 01-12-2010, 12:36 AM | | Thanks all.
You guys recommend running this software ?
Today i did have a problem with apache flood.
I was manually blocking IPs that were flooding apache.
Thanks,
s-f-r-j
|
| Posted by LeaTrueman, 01-12-2010, 12:51 AM | | Hello,
Using CSF firewall, The DDos attack can be fixed.
Open the CSF configuration file /etc/csf/csf.conf
search for variable called CT_LIMIT, by default it will be like CT_LIMIT=0 , change this to CT_LIMIT=100 ,here 100 is the max no.of connections from an IP to your server ( choose this value according to the connections coming )
Now search for variable called CT_PORTS.This option is used to specify the port for which you want prevent DOS attack.Since our aim is to prevent the DOS attck to apache port 80 , change CT_PORTS = to CT_PORTS = 80″
When these steps are done ,then if your server have 100 established connections from a IP to apache ,it considered as DOS attack and that IP is blocked in firewall by CSF.
|
| Posted by HostingFields, 01-12-2010, 12:55 AM | | Ah, that way i dont need to go with that software i asked about.
Okay, ill do that, hope it will work well.
Still, CSF will send notifications when an IP is blocked?
Thanks,
s-f-r-j
|
| Posted by HostingFields, 01-12-2010, 01:02 AM | | what about this:
CT_INTERVAL =
# Connection Tracking interval. Set this to the the number of seconds between
# connection tracking scans
Isn't 30 second 2 long to check?
Thanks,
s-f-r-j
|
| Posted by LeaTrueman, 01-12-2010, 01:51 AM | | Hello,
CSF will send notification if CT_EMAIL_ALERT is set to 1 and if CT_INTERVAL is set to 30 seconds and then it will scan for connections in every 30 secs which is a better value.
|
| Posted by layer0, 01-12-2010, 01:51 AM | | That will work for denying IPs, but do note that the unban command is different (if I recall correctly) in CSF, so it will not unban IPs properly.
|
|
 Add to Favourites
 Print this Article
|
