Accéder au contenu principal

HOW TO INCREASE DENY IP LIMIT IN CSF FIREWALL

 

How to increase DENY IP limit in CSF firewall

 

In CSF firewall, old IP addresses will be automatically removed from /etc/csf/csf.deny file when the ‘DENY_IP_LIMIT ‘ is reached. An example is given below :

root@server [~]# csf -d 192.168.1.1

csf: DENY_IP_LIMIT (200), the following IP’s were removed from /etc/csf/csf.deny

In the above example you can see that DENY_IP_LIMIT is 200 so the oldest IP in csf.deny was removed when you tried to add a new IP to deny list.

Do the below steps to increase deny IP limit in CSF firewall. Setting DENY limit to a very high value will slow down network and website. Make sure there is sufficient resources on the server before you increase this value.

1. Log into linux server via SSH as root

2. First take a backup of the CSF configuration file.

cp -a /etc/csf/csf.conf /etc/csf/csf.conf.original

3. Edit CSF configuration using vi editor

vi /etc/csf/csf.conf

Change the below lines

DENY_IP_LIMIT = “200” to DENY_IP_LIMIT = “500”

DENY_TEMP_IP_LIMIT = “100” to DENY_TEMP_IP_LIMIT = “500”

4. Save the CSF configuration file

5. Run the below command to restart the firewall

csf -r

The changes in csf configuration file will not reflect without restarting the firewall.



Increasing the DENY_IP_LIMIT and DENY_TEMP_IP_LIMIT is very helpful when the server is under attack from different IP address (DOS attack). CSF will be able to hold more IP address in csf.deny file when you increase the value. Increasing DENY_IP_LIMIT to a very high value is not recommended because this will slow down your server.

Setting DENY_IP_LIMIT to 0 will disable limiting and it is not recommended.

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

cPanel DDOS attack - Mitigate Slowloris Attacks - mod_qos

Apache mod_evasive Mod_evasive is a module available for the Apache HTTP server that can automatically block attacks by rate-limiting any IP that sends too many requests in a short time. Start by installing the module from WHM’s  EasyApache 4  interface. Select the  Currently Installed Packages  profile, search for  mod_evasive  in the  Apache Modules  section, and then install it. The default settings are good for most servers, but you can tweak them further by editing the configuration file  /etc/apache2/conf.d/300-mod_evasive.conf . You can also whitelist specific IP addresses or classes, so legitimate requests are not blocked. Configure CSF to block attacks While  mod_evasive  works very well, it only protects the Apache webserver. In order to harden other services as well, you can install the free  ConfigServer Security & Firewall  (CSF), which also includes a WHM plugin. As the  root  user, install CSF with these terminal commands: cd /usr/src rm -fv csf.tgz wget https://down
Enregistrer un commentaire
Lire la suite

Spool file is locked (another process is handling this message)

LOG: MAIN cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -Mrm 1dUoey-0006YJ-3A Message 1dUoey-0006YJ-3A is locked LOG: skip_delivery MAIN Spool file is locked (another process is handling this message) To do this you can run the following commands. |exim -Mt 1dUoey-0006YJ-3A |exim -Mrm 1dUoey-0006YJ-3A I am also providing the following page in case you want more information regarding the exim command options. http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html
Enregistrer un commentaire
Lire la suite

Open Media Vault NAS change password

Known Root Password Login to the OMV using the root user and the current password via SSH or Console enter the following command passwd root The new password is now active. Unknown Root Password, but Admin Access to OMV GUI is Available In this scenario we still can help ourselves with the GUI. The method we use is, that we create a cron job for the root user which then resets the password. Navigate to System -> Cron Jobs Press the +Add button UN-tick the enabled box, so that the cronjob does not run automatically. put into the command field the following line, replace newpasswd with your password: echo "root:newpasswd" | chpasswd press okay select the newly created cron job Click the run button. in the opening window click the start button. It will shortly deactivate and activate again. open ssh or console and login as root with your new password. Root and Admin Password Unknown If you do not know the root password, you need to boot with a Li
Enregistrer un commentaire
Lire la suite