Requirements:
- Root SSH access to your server
- A supported operating system
- A supported virtual server
----------
Installation
Login to your server as root, and execute these commands in order,
Code:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
If you did it right, you should see this in the csf directory, (use command ls for a list)
----------
Configuration
I am using nano to edit the configuration files, and I highly suggest you do too. To install nano,
Code:
yum install nano
If you use cPanel, you can integrate this firewall with it by running these commands,
Code:
cd /etc/csf
sh install.cpanel.sh
If not, let's continue to configure CSF manually.
----------
Protection from DOS and SYN flood attacks
To protect your server and forum from these, open the CSF configuration file like so,
Code:
cd /etc/csf
nano csf.conf
Use CTRL + W to find the following, (one at a time)
Code:
CT_LIMIT
CT_SKIP_TIME_WAIT
SYNFLOOD
and adjust their values to look like this
Code:
CT_LIMIT = "50"
CT_SKIP_TIME_WAIT = "1"
SYNFLOOD = "1"
Now you are protected from DOS and SYN flood attacks, and will be notified by email when an IP is blocked.
------
Protection from spam attacks
You can configure CSF to block know spammers in the Dshield, Spamhaus and BOGON lists, to do this, open the CSF configuration file again,
Code:
cd /etc/csf
nano csf.conf
Use CTRL + W to find the following, (one at a time)
Code:
LF_DSHIELD = "0"
LF_SPAMHAUS = "0"
LF_BOGON = "0"
and adjust their values to look like this,
Code:
LF_DSHIELD = "86400"
LF_SPAMHAUS = "86400"
LF_BOGON = "86400"
BOGON is optional, I don't recommend it as much.
Now your server and forum is protected from a huge list of known bad IP's, ever growing.
----------
Other useful settings
You can block countries known to attack, find the following,
Code:
CC_DENY = " "
and modify it to suit your needs, so if you want to block all incoming traffic from Great Britain and China, adjust it like this,
Code:
CC_DENY = "GB,CN "
You can configure lfd to watch directories for suspicious files, find the following,
Code:
LF_DIRWATCH
and give it a value of 300,
Code:
LF_DIRWATCH = "300"
If a suspicious file is found, you will receive an email.
----------
Finally
You need to switch off testing mode, find,
Code:
TESTING = "1"
replace with,
Code:
TESTING = "0"
Restart CSF and LFD after making changes to csf.conf
Code:
service csf restart
service lfd restart