ConfigServer Firewall :: Advanced Protection
#1
[Image: csf_small.png]

This tutorial which teach you how to install ConfigServer Firewall, and configure it to protect your forum and server from DOS, SYN flood, and spam attacks. [all features here]

Requirements:

- Root SSH access to your server
- A supported operating system
- A supported virtual server
----------

Installation

Login to your server as root, and execute these commands in order,

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

If you did it right, you should see this in the csf directory, (use command ls for a list)

[Image: uSVZ.png]
----------

Configuration

I am using nano to edit the configuration files, and I highly suggest you do too. To install nano,
yum install nano

If you use cPanel, you can integrate this firewall with it by running these commands,
cd /etc/csf
sh install.cpanel.sh

If not, let's continue to configure CSF manually.
----------

Protection from DOS and SYN flood attacks

To protect your server and forum from these, open the CSF configuration file like so,
cd /etc/csf
nano csf.conf

Use CTRL + W to find the following, (one at a time)
CT_LIMIT
CT_SKIP_TIME_WAIT
SYNFLOOD

and adjust their values to look like this
CT_LIMIT = "50"
CT_SKIP_TIME_WAIT = "1"
SYNFLOOD = "1"

Now you are protected from DOS and SYN flood attacks, and will be notified by email when an IP is blocked.
------

Protection from spam attacks

You can configure CSF to block know spammers in the Dshield, Spamhaus and BOGON lists, to do this, open the CSF configuration file again,
cd /etc/csf
nano csf.conf

Use CTRL + W to find the following, (one at a time)
LF_DSHIELD = "0"
LF_SPAMHAUS = "0"
LF_BOGON = "0"

and adjust their values to look like this,
LF_DSHIELD = "86400"
LF_SPAMHAUS = "86400"
LF_BOGON = "86400"

BOGON is optional, I don't recommend it as much.
Now your server and forum is protected from a huge list of known bad IP's, ever growing.
----------

Other useful settings

You can block countries known to attack, find the following,
CC_DENY = " "

and modify it to suit your needs, so if you want to block all incoming traffic from Great Britain and China, adjust it like this,
CC_DENY = "GB,CN "
----------

You can configure lfd to watch directories for suspicious files, find the following,
LF_DIRWATCH

and give it a value of 300,
LF_DIRWATCH = "300"

If a suspicious file is found, you will receive an email.
----------

Finally

You need to switch off testing mode, find,
TESTING = "1"

replace with,
TESTING = "0"

Restart CSF and LFD after making changes to csf.conf
service csf restart
service lfd restart
----------

Finished. Now you configured CSF to:
- Block millions of known bad IP's
- Notify you when a suspicious file is found on your server
- Notify you when someone logs into SSH
- Protect your server from DOS and SYN flood attacks

and so much more.
I highly recommend CSF, I will never have a server without it.
If you need help with other settings in csf.conf that aren't listed, post here and I'll help you.
Do not copy and paste this guide elsewhere.
Thank you.
[Image: hdoE.png]
m1ne.net - coming soon
Reply
#2
Nice guide Solidus. I already use CSF, though I use spamhaus manually - I had no idea CSF allowed you to use it, so thanks for that!
Reply
#3
Yep, it's a really nice feature. Dshield is good too.
[Image: hdoE.png]
m1ne.net - coming soon
Reply
#4
I never even knew about Dshield before (though I am now using them too). Since enabling the two via CSF though, I haven't had any spam comments on my blog. When I was using spamhaus manually, I'd still occasionally get one or two.
Reply
#5
Thanks. +rep
Reply
#6
This user has been denied support. This user has been denied support.
I'm using this as cPanel addon in WHM and I must say its a great thing to have.
Reply
#7
(2012-01-08, 05:47 AM)crazy4cs Wrote: I'm using this as cPanel addon in WHM and I must say its a great thing to have.

Where in cpanel is it?

We contact our host provider?

Thanks!
Reply
#8
This user has been denied support. This user has been denied support.
(2012-01-08, 05:56 AM)FooFighter Wrote:
(2012-01-08, 05:47 AM)crazy4cs Wrote: I'm using this as cPanel addon in WHM and I must say its a great thing to have.

Where in cpanel is it?

We contact our host provider?

Thanks!
I use a VPS and I've got cPanel installed in it. So I setup whatever modules/addons/plugins I like through WHM (root - Web Host Manager). I'm not sure whether this would be functional in shared hosting just for 1 client, but yeah, try asking your host.

Reply
#9
cPanel is mentioned in my post. You won't get it on a shared host.
[Image: hdoE.png]
m1ne.net - coming soon
Reply
#10
thanks Solidus for the grand tutorial. this will help me experiment on different platforms.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)