Knowledgebase

DDOS Deflate

Posted by HostingFields, 01-11-2010, 06:26 PM
Hello, Could this protection work with CSF? I see in configuration it is for APF. http://deflate.medialayer.com/ Thanks, s-f-r-j

Posted by rickb12, 01-11-2010, 06:29 PM
Yes. DDoS Deflate will work under CSF. Also, take a look at CSF's Connection Flood feature. Although I don't recommend enabling it all of the time, it's a good tool to keep in your toolbox for when a DDoS attack comes up.

Posted by HostingFields, 01-11-2010, 06:34 PM
in its configuration it shows this: APF="/etc/apf/apf" Should i change this to something else? I was looking @ CSF's protection, but was afraid to enable\change it

Posted by M Bacon, 01-11-2010, 06:41 PM
In ddos.conf you change these two lines. Change: To: Change the email to your email address to see alerts. CSF has some protection against DDOS with connection tracking if you need it.

Posted by HostingFields, 01-11-2010, 06:53 PM
so, even tho APF is not installed on my server, that will work? .. because i see its all APF, APF, APF What would be recommended option for connection? 150? Thanks, s-f-r-j

Posted by M Bacon, 01-11-2010, 06:56 PM
Yes. You do need APF at all. 150 is fine.

Posted by RHS-Chris, 01-11-2010, 10:56 PM
You can do this with CSF, and not with APF. In the file ddos.conf, change this line: APF="/etc/apf/apf" to APF="/usr/sbin/csf" or, where ever you have csf installed. This will add the IP to the csf.deny file.

Posted by HostingFields, 01-12-2010, 12:36 AM
Thanks all. You guys recommend running this software ? Today i did have a problem with apache flood. I was manually blocking IPs that were flooding apache. Thanks, s-f-r-j

Posted by LeaTrueman, 01-12-2010, 12:51 AM
Hello, Using CSF firewall, The DDos attack can be fixed. Open the CSF configuration file /etc/csf/csf.conf search for variable called CT_LIMIT, by default it will be like CT_LIMIT=0 , change this to CT_LIMIT=100 ,here 100 is the max no.of connections from an IP to your server ( choose this value according to the connections coming ) Now search for variable called CT_PORTS.This option is used to specify the port for which you want prevent DOS attack.Since our aim is to prevent the DOS attck to apache – port 80 , change CT_PORTS = “” to CT_PORTS = “80″ When these steps are done ,then if your server have 100 established connections from a IP to apache ,it considered as DOS attack and that IP is blocked in firewall by CSF.

Posted by HostingFields, 01-12-2010, 12:55 AM
Ah, that way i dont need to go with that software i asked about. Okay, ill do that, hope it will work well. Still, CSF will send notifications when an IP is blocked? Thanks, s-f-r-j

Posted by HostingFields, 01-12-2010, 01:02 AM
what about this: CT_INTERVAL = # Connection Tracking interval. Set this to the the number of seconds between # connection tracking scans Isn't 30 second 2 long to check? Thanks, s-f-r-j

Posted by LeaTrueman, 01-12-2010, 01:51 AM
Hello, CSF will send notification if CT_EMAIL_ALERT is set to 1 and if CT_INTERVAL is set to 30 seconds and then it will scan for connections in every 30 secs which is a better value.

Posted by layer0, 01-12-2010, 01:51 AM
That will work for denying IPs, but do note that the unban command is different (if I recall correctly) in CSF, so it will not unban IPs properly.



Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article

Also Read
How does Cloud work ? (Views: 630)
LayeredTech? (Views: 646)
Traffic shaping (Views: 624)


Language:

Client Login

Email

Password

Remember Me

Search