How CSF Can Protect your Server From Dost Attacks

there is a new built-in feature with newly version of CSF that can protect your serer against Dos Attack
you can easily protect any of your open ports against dos attack by providing their port in the field of its configuration

forexample that one of the vulnerable to dos attacks prots is the port 80 which your web server use and that could be any web server and
the most known is apache

Go to Plugin managers in WHM/Cpanel

then choose csf

select configration
then go down to find CT_LIMIT  =

then type any max number of connection that you may want to allow the clients ip address could have

on CT_INTERVAL  = you can type any intervals that you want its maximum amount to be checked
check this CT_EMAIL_ALERT  = if you want to recieve emails form reporting the banning of those ip addresses

make CT_PERMANENT  = remain 0 not to block an ip address permanently

CT_BLOCK_TIME  = should be 300 that is a good and resonable value

make CT_SKIP_TIME_WAIT  = into 1 if you do like not to have Tim_WAIT to be counted as ip connections but it is
better to have it remain 0

in CT_STATES  = provide thet specific state you want to be counted as a connection of ip address to the server

in CT_PORTS  = it is recommanded to provide only port 80,443 delimited just like this with comma to count only
connections of ip address only on this port that ports like ftp that are connections hungry wont counted as an ip connection
that may have false-positive effects

Why Csf Firewall is notifying me by this warrning

Firewall Status: Enabled but in Test Mode – Don’t forget to disable TESTING in the Firewall Configuration

Dont become worry, it is just saying that your firewall is in test mode and is not active.This is because by default after you installed CSf, its status is in testing mode , not to provide any confiusion in the system so that after you tested that every thing were fine by havind csf in test mode  you can change its status to the active mode to Defend your server against Attacks.

How to Enable CSF Firewall in active mode and getting reed of Test Mode

Login to WHM ad goto the plugin and select

ConfigServer Security&Firewall

then go to the Firewall Configuration

on the very first item you could be able to see “TESTING =” that is by default assigned 1 value to it

just you need to change its value to 0 so that testing mode will be disabled and its status will be changed into active mode

after that restart CSF firewall for the changes take effect and now you are done

Thanks

“

changeing the ssh port to a non-standard port
for securing it first you need to change the access to the ssh to a non-standard port so that even by using some backdoors your root password was hacked you are convinience that nobody still has any access to the ssh to destroy your file and server
to do so run this command to open the “/etc/ssh/sshd_config” with nano editor

got to the line containing

and remove the # to uncomment it and use an alternative instead of port 22
remember to mention the unstandard port that you changed in the firwall to allow tcp_out and tcp_in connections
so it will turn out to be somthing like this

and also put the the port number”3957″ tcp_out and tcp_in in the firewall

Force the SSH to use the protocol 2
second go and edit this line

and by removing the # to uncomment this line and specify the protocol 2 for ssh by changing it to

in this tutorial I want to show you the best graphical software to monitor your proccess loged in the past hours or days
for doing so first you must have sar installed.so for doing so install sar if you havn’t.
hopefully by defalt the sar package is avaleble in Linux Centos Server which I have workded 99% of my times with it.so the only thing you must run is to do a yum install

so you have installed sar
for runing the sar jsut type sar
I dont want to tell you the command stuff including in sar, instead i ant to tell you the best graphical interface which will read all of the logs and show it in graphical interface
after you had sar installed wait for one day to have all the loges saved of these ours then downlaod the
ksar
then run it and type the root ip and root access to your server to have all the logs of every thing such as load of the server,ram usage,cpu usage,and swap and every thing graphicly in your front local desktop

good luck
voskha

Importance of having a Firewall like CSF & LFD

Securing a server has a high priority to be implemented on your server, so to have a better security you should install some third party applications, Like a good Firewall .but the other thing you should keep in mind is to consider how much money is in your pocket.Today I want to introduce you A Free Open Source Firewall that also is updated regularly and has so many options to secure your server from known attacks that is Called CSF (ConfigServer Security and Firewall).

one of those best software firewalls that will bring you high security is CSF (ConfigServer Security & Firewall)

Why to choose to Install CSF & LFD

CSF is by far my favor, that is because it has the  best integration with cpanel and have a great User Interface (UI) in WHM / Cpanel that it is so easy to edit this firewall configuration and manage it through your WHM, so it is Cpanel/WHM Friendly.Another benefit is that CSF has been tested well on Centos Linux servers, and i myself have it installed on my own Centos Server and untill today I haven’t seen any problems and it is working so greate.

Follow the steps bellow for installation:

CSF (ConfigServer Security & Firewall ) Installation Instructuon:

the above task first will download csf from he creator website using wget

then it uses tar -xzf command followed by the file name that has already been downlaoded to Extract CSF package.

then we used a cd command to go to the folder of CSF that has already been extracted

inside it we used sh install.sh to run its installer shell script to automatically isntall all the fields needed to make CSF up and running.

How to start CSF

How to Restart CSF

How to Flush the Rules

Thanks

Voshka

Preventing DDOS Attacks Simple Methods

To prevent DDos attacks you should install some kind of third party programs.There are other programs that can Defend against DDOs Attacks such Dos_Deflate that their method is to count the number of total connections of each ip address and preventing them from accessing your server in specific ammount of time.

DOS_Defalte Can Help you protect your Server from DDos Attacks

Dos_Deflate is a shell program  that can ban the ips that have reached the specific amount of connections you specified and also they will be banned until the time you have specified in the configuration of Dos_deflate shell program.

Dos_Deflate Installation Guide:

To install first ssh to your server
downloadit to your server

then run this by

cd /usr/local/ddos/;./ddos.sh
sh /usr/local/ddos/ddos.sh [/cc]
then you can edit the config by

Dos_Deflate Configration Guide:

Email Notifier

you can configure dos_defalte to email you and make you notified of whicdh ips have been banned or had more connection than limit that you specified.just go down and assign an email infront of the equal sign in quotation.

EMAIL_TO=”your_email@domain.com”

Frequncy Check

you can configure to test ip connections how much in miniute.let say if you had it configured 5 then by deviding 60 to 5 this means that dos_defalte will be ran every 12 seconds.have this variable configured with between 3 to 5 times per minute that is the best configration.

FREQ=5

Specify the number of maximum connection of each ip address

you can specify how many connections will define a bad ip address to be blocked fro myuor server.it depends on your apache timeout and other ports such as ftp that is a connection hungry.I recommand you configure dos_defalte to test only prot 80 that is mostly subject to DDOS attacks and provide between 100 to 200 connections.all the value you would define is mostly depends on your other configration factors of your server.

NO_OF_CONNECTIONS=

APF Ban Variable in Dos_Deflate

If you have APF installd change this value to 1,otherwise to have iptables to drop ips assign this variable the 0 value

APF_BAN=0

Killor Not,Test Mode or Active mode

you can configure to bann those suspicous ips or not, this will help you to have dos_deflate in testing mode for debuging purpuoses .to have it enabled to ban ip addresses have it 1,otherwise change it to 0

KILL=1

Define How much time bad ipaddress to be banned with dos_deflate

with this option you can define the time that an ip addresss that has beenknown as bad ip address to be banned from accessign to the server.Ideal times are between 300 to 1200 miniute period.

BAN_PERIOD=700

in this example I want to show you how you could be able to do so by a sample that would restart apache every 45 miniutes

to acomplish this you should creat a cronjob so you should go to the /var/spool/cron/ and edit the root file that is the root cronjob

then add this line to it

*/45 * * * * /scripts/restartsrv_apache

this will restart apache every 45 miniutes

please provide the following rul in iptables to accomplish so

there are times you want to have a better control over the system processes and usage and also having a better visual of ram and cpu usage on your server

How to Install Htop from source instruction:

Htop Installation Instruction from RPM

The following will guide you through the installation of this useful statistical software both on x82(32bit) & x64(64bit) centos servers

first ssh to your server and login as root

Htop Installation on 32bit Centos RPM Package

Htop installation on 64bit centos RPM Package

and if your linux centos version is 64bit use this instead:

How to Use htop

for using htop you can simply run htop command

also there are some other options for example the delay time that is -d

That the above will delay the refresh time to 2 seconds

Leave a comment if you have any questions or comments