2011-12-17, 07:55 PM
This tutorial which teach you how to install ConfigServer Firewall, and configure it to protect your forum and server from DOS, SYN flood, and spam attacks. [all features here]
Requirements:
- Root SSH access to your server
- A supported operating system
- A supported virtual server
----------
Installation
Login to your server as root, and execute these commands in order,
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.shIf you did it right, you should see this in the csf directory, (use command ls for a list)
----------
Configuration
I am using nano to edit the configuration files, and I highly suggest you do too. To install nano,
yum install nanoIf you use cPanel, you can integrate this firewall with it by running these commands,
cd /etc/csf
sh install.cpanel.shIf not, let's continue to configure CSF manually.
----------
Protection from DOS and SYN flood attacks
To protect your server and forum from these, open the CSF configuration file like so,
cd /etc/csf
nano csf.confUse CTRL + W to find the following, (one at a time)
CT_LIMIT
CT_SKIP_TIME_WAIT
SYNFLOODand adjust their values to look like this
CT_LIMIT = "50"
CT_SKIP_TIME_WAIT = "1"
SYNFLOOD = "1"Now you are protected from DOS and SYN flood attacks, and will be notified by email when an IP is blocked.
------
Protection from spam attacks
You can configure CSF to block know spammers in the Dshield, Spamhaus and BOGON lists, to do this, open the CSF configuration file again,
cd /etc/csf
nano csf.confUse CTRL + W to find the following, (one at a time)
LF_DSHIELD = "0"
LF_SPAMHAUS = "0"
LF_BOGON = "0"and adjust their values to look like this,
LF_DSHIELD = "86400"
LF_SPAMHAUS = "86400"
LF_BOGON = "86400"BOGON is optional, I don't recommend it as much.
Now your server and forum is protected from a huge list of known bad IP's, ever growing.
----------
Other useful settings
You can block countries known to attack, find the following,
CC_DENY = " "and modify it to suit your needs, so if you want to block all incoming traffic from Great Britain and China, adjust it like this,
CC_DENY = "GB,CN "You can configure lfd to watch directories for suspicious files, find the following,
LF_DIRWATCHand give it a value of 300,
LF_DIRWATCH = "300"If a suspicious file is found, you will receive an email.
----------
Finally
You need to switch off testing mode, find,
TESTING = "1"replace with,
TESTING = "0"Restart CSF and LFD after making changes to csf.conf
service csf restart
service lfd restartFinished. Now you configured CSF to:
- Block millions of known bad IP's
- Notify you when a suspicious file is found on your server
- Notify you when someone logs into SSH
- Protect your server from DOS and SYN flood attacks
and so much more.
I highly recommend CSF, I will never have a server without it.
If you need help with other settings in csf.conf that aren't listed, post here and I'll help you.
Do not copy and paste this guide elsewhere.
Thank you.