Results 1 to 23 of 23
  1. #1
    Join Date
    Mar 2009
    Posts
    245

    Making csf to work like dos deflate?

    I installed ddos deflate,and it worked fine half hour until suddenly port 80 stopped to work.These lead to disaster where i accidentally screwed network on server,but after 2.5 hours of downtime i managed to restore things properly.Now i turned off iptables,and plan to install csf(config system firewall as webmin plugin).I readed somewhere here how csf can also be configured to block ip's with defined number of max connections,so technically it doing same job as dos deflate?Also someone said how that cant help if its hard ddos attack,how csf file will be overloaded with toomuch ip addressees.But i don't realty except to block hard ddos attacks,i think it will do job against low and medium ddos attacks if server have strong network port/hardware and software optimization.And primarily what is most important,to block bots.

    So post your experiences with csf here.

  2. #2
    csf works well, we have it on all our servers.

    Lots of IP addresses get blocked by csf and lfd everyday. All the details for csf are in the readme.

  3. #3
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    432
    Quote Originally Posted by roguehosting View Post
    Now i turned off iptables,and plan to install csf(config system firewall as webmin plugin)
    CSF is a script for iptables, therefore you must have iptables up and running !
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  4. #4
    Join Date
    Mar 2009
    Posts
    245
    Quote Originally Posted by Ore Stone Radio View Post
    csf works well, we have it on all our servers.

    Lots of IP addresses get blocked by csf and lfd everyday. All the details for csf are in the readme.
    I know,but now i don't dare to proceed simply beacuse of this situation with ddos deflate.But still bots must be blocked.

  5. #5
    Apf firewall also work great against the doss deflate for banning the IPs.
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

  6. #6
    Join Date
    Jul 2009
    Posts
    178
    PORTFLOOD = "80;tcp;100;5"

    There is a option called PORTFLOOD wiich will block the IP once it reaches max connection simultaneously.

  7. #7
    Join Date
    Mar 2009
    Posts
    245
    Ok next question:how to define to which mail send alerts?Right now it sends to root mail adress.
    And how to whitelist ip's,i mean i have another server which connect to this server(serves as image hotlink)so that generate a lot of connections.
    Last edited by linuxfan; 09-08-2009 at 03:38 PM.

  8. #8
    Just edit etc/aliases and define where root emails go...

  9. #9
    Join Date
    Mar 2009
    Posts
    245

  10. #10
    Yep you got it

    root:[email protected]

    Looks right

  11. #11
    Join Date
    Mar 2009
    Posts
    245
    Ok next question:
    How to set whitelist ip list,which means that ip can do anything you want on server.

  12. #12
    Just add the ip address to the allow list.

    Are you using csf or apf now?

  13. #13
    Join Date
    Mar 2009
    Posts
    245
    Quote Originally Posted by Ore Stone Radio View Post
    Just add the ip address to the allow list.

    Are you using csf or apf now?
    Csf,but it is disabled right now.I want to be 100% sure how everything will work as it should to prevent blocking of http server or anything other important.

  14. #14
    I think you need to add your ip address to the csf.allow and csf.ignore files.

    I am not in front of a computer at the moment so that is off the top of my head.

    If you have the webmin module for csf do it in there.

  15. #15
    Join Date
    Mar 2009
    Posts
    245
    Quote Originally Posted by Ore Stone Radio View Post
    I think you need to add your ip address to the csf.allow and csfmignore files.

    I am not in from of a computer at the moment so that is off the top of my head.

    If you have the webmin module for csf do it in there.
    Yes i noticed those two files in csf directory,in first one says how that is whitelist for csf and other for ldf,so to make it work completely both files need to be edited.
    Next question:
    I noticed csf support dyndns.Right now i using host.allow in etc to allow only my ip to access ssh,but i need to edit it every 24 hours since my ip is dynamic.Would be possible to set that with csf to update automatically host allow with my ip or to recognize dyndns subdomain as my ip adress?

  16. #16
    Quote Originally Posted by roguehosting View Post
    Would be possible to set that with csf to update automatically host allow with my ip or to recognize dyndns subdomain as my ip adress?
    Not sure about that one sorry. Maybe someone else will have the answer..
    Ore Stone Radio
    Playing the best unsigned new music 24 hours a day
    Musicians - Visit our forums to submit your music for airplay

    www.orestoneradio.com an Ore Stone Music Ltd. Company

  17. #17
    Join Date
    Mar 2009
    Posts
    245
    Quote Originally Posted by Ore Stone Radio View Post
    Not sure about that one sorry. Maybe someone else will have the answer..
    Well i think i can resolve this other way.
    Next question:
    I started csf with test settings,and after starting it second time,i was not able to access webmin anymore.Any idea why?I mean that is strange since its only testing mode which should'nt block access to anything.Lucky i was able to shutdown firewall over ssh.
    And during test time i got warning messages about some system components like:
    haldaemon , rpc ,powerdns,mysql and two my scripts.First what i noticed,when my script was running under root there was no that warning,and when i switched it to user it showed.So those messages reports about excessive usage and suspicious usage.Since all those processes are legal,how do i add them to white list to prevent firewall to kill that processes?

  18. #18
    When csf is in test mode it will still block access to any ports you have not added.

    Make sure you have 10000 (or what ever port you have put webmin on) in the TCP allowed ports list.

    Test mode just flushes the rules every 5 minutes, i think.

    Have you installed the webmin module for csf? If so there is a security test, one of the top buttons. That will give you info about thoses services.
    Last edited by Ore Stone Radio; 09-08-2009 at 08:43 PM. Reason: added more info
    Ore Stone Radio
    Playing the best unsigned new music 24 hours a day
    Musicians - Visit our forums to submit your music for airplay

    www.orestoneradio.com an Ore Stone Music Ltd. Company

  19. #19
    Join Date
    Mar 2009
    Posts
    245
    Quote Originally Posted by Ore Stone Radio View Post
    When csf is in test mode it will still block access to any ports you have not added.

    Make sure you have 10000 (or what ever port you have put webmin on) in the TCP allowed ports list.

    Test mode just flushes the rules every 5 minutes, i think.

    Have you installed the webmin module for csf? If so there is a security test, one of the top buttons. That will give you info about thoses services.
    Yes i fixed most of red fields with security test.You think if i put ports on allow list which is used by powerdns,mysql,rpc,haldaemon and my two scripts it will stop send warnings?

  20. #20
    No but you can tell it to ignore certain processes that you are using...
    Ore Stone Radio
    Playing the best unsigned new music 24 hours a day
    Musicians - Visit our forums to submit your music for airplay

    www.orestoneradio.com an Ore Stone Music Ltd. Company

  21. #21
    Join Date
    Mar 2009
    Posts
    245
    Quote Originally Posted by Ore Stone Radio View Post
    No but you can tell it to ignore certain processes that you are using...
    By editing csf.pignore maybe?

  22. #22
    thats the one
    Ore Stone Radio
    Playing the best unsigned new music 24 hours a day
    Musicians - Visit our forums to submit your music for airplay

    www.orestoneradio.com an Ore Stone Music Ltd. Company

  23. #23
    Join Date
    Mar 2009
    Posts
    245
    Yes i see you can add executables and users there.

Similar Threads

  1. making a submit button work...
    By hopesfall in forum Programming Discussion
    Replies: 3
    Last Post: 07-14-2008, 11:12 PM
  2. Making .gif work as .php
    By joshusa in forum Dedicated Server
    Replies: 3
    Last Post: 11-05-2006, 03:38 AM
  3. Quick job- need help making forms work
    By romyc in forum Employment / Job Offers
    Replies: 2
    Last Post: 08-30-2005, 01:38 PM
  4. Making a server work
    By alert3ff in forum Hosting Security and Technology
    Replies: 0
    Last Post: 09-25-2003, 05:30 PM
  5. Making my mail login box work
    By jamesaspey in forum Programming Discussion
    Replies: 2
    Last Post: 09-11-2002, 05:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •