Accéder au contenu principal

HOW TO INCREASE DENY IP LIMIT IN CSF FIREWALL

 

How to increase DENY IP limit in CSF firewall

 

In CSF firewall, old IP addresses will be automatically removed from /etc/csf/csf.deny file when the ‘DENY_IP_LIMIT ‘ is reached. An example is given below :

root@server [~]# csf -d 192.168.1.1

csf: DENY_IP_LIMIT (200), the following IP’s were removed from /etc/csf/csf.deny

In the above example you can see that DENY_IP_LIMIT is 200 so the oldest IP in csf.deny was removed when you tried to add a new IP to deny list.

Do the below steps to increase deny IP limit in CSF firewall. Setting DENY limit to a very high value will slow down network and website. Make sure there is sufficient resources on the server before you increase this value.

1. Log into linux server via SSH as root

2. First take a backup of the CSF configuration file.

cp -a /etc/csf/csf.conf /etc/csf/csf.conf.original

3. Edit CSF configuration using vi editor

vi /etc/csf/csf.conf

Change the below lines

DENY_IP_LIMIT = “200” to DENY_IP_LIMIT = “500”

DENY_TEMP_IP_LIMIT = “100” to DENY_TEMP_IP_LIMIT = “500”

4. Save the CSF configuration file

5. Run the below command to restart the firewall

csf -r

The changes in csf configuration file will not reflect without restarting the firewall.



Increasing the DENY_IP_LIMIT and DENY_TEMP_IP_LIMIT is very helpful when the server is under attack from different IP address (DOS attack). CSF will be able to hold more IP address in csf.deny file when you increase the value. Increasing DENY_IP_LIMIT to a very high value is not recommended because this will slow down your server.

Setting DENY_IP_LIMIT to 0 will disable limiting and it is not recommended.

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

Open Media Vault NAS change password

Known Root Password Login to the OMV using the root user and the current password via SSH or Console enter the following command passwd root The new password is now active. Unknown Root Password, but Admin Access to OMV GUI is Available In this scenario we still can help ourselves with the GUI. The method we use is, that we create a cron job for the root user which then resets the password. Navigate to System -> Cron Jobs Press the +Add button UN-tick the enabled box, so that the cronjob does not run automatically. put into the command field the following line, replace newpasswd with your password: echo "root:newpasswd" | chpasswd press okay select the newly created cron job Click the run button. in the opening window click the start button. It will shortly deactivate and activate again. open ssh or console and login as root with your new password. Root and Admin Password Unknown If you do not know the root password, you need to boot with a Li...
Enregistrer un commentaire
Lire la suite

Joomla! Anti-Malware Scan Script

  Le fichier jamss.php Il faut le mettre sur la racine du site web et ouvrir le fichier via le navigateur https://github.com/btoplak/Joomla-Anti-Malware-Scan-Script--JAMSS-/blob/master/jamss.php <?php /**  * JAMSS - Joomla! Anti-Malware Scan Script  * @version 1.0.7  *  * @author Bernard Toplak [WarpMax] <bernard@orion-web.hr>  * @link http://www.orion-web.hr  *  * This script should be used for searching the infected or malware/backdoor  * files in Joomla! installations.  *  * ALL COMMENTS AND SUGGESTIONS ARE WELCOME!  *  *  * @license http://opensource.org/licenses/gpl-3.0.html GNU Public License, version 3 (GPL-3.0)  * This program is free software; you can redistribute it and/or modify it under  * the terms of the GNU General Public License as published by the Free Software  * Foundation; either version 3 of the License, or (at your option) any later  * version.  *  * Th...
Enregistrer un commentaire
Lire la suite

cPanel DDOS attack - Mitigate Slowloris Attacks - mod_qos

Apache mod_evasive Mod_evasive is a module available for the Apache HTTP server that can automatically block attacks by rate-limiting any IP that sends too many requests in a short time. Start by installing the module from WHM’s  EasyApache 4  interface. Select the  Currently Installed Packages  profile, search for  mod_evasive  in the  Apache Modules  section, and then install it. The default settings are good for most servers, but you can tweak them further by editing the configuration file  /etc/apache2/conf.d/300-mod_evasive.conf . You can also whitelist specific IP addresses or classes, so legitimate requests are not blocked. Configure CSF to block attacks While  mod_evasive  works very well, it only protects the Apache webserver. In order to harden other services as well, you can install the free  ConfigServer Security & Firewall  (CSF), which also includes a WHM plugin. As the  root  user, install CSF ...
Enregistrer un commentaire
Lire la suite