This tutorial which teach you how to install ConfigServer Firewall, and configure it to protect your forum and server from DOS, SYN flood, and spam attacks. [all features here]
Requirements:
- Root SSH access to your server
- A supported operating system
- A supported virtual server
----------
Installation
Login to your server as root, and execute these commands in order,
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
If you did it right, you should see this in the csf directory, (use command ls for a list)![[Image: uSVZ.png]](http://gfxf.net/images/2012/09/24/uSVZ.png)
----------
Configuration
I am using nano to edit the configuration files, and I highly suggest you do too. To install nano,
yum install nano
If you use cPanel, you can integrate this firewall with it by running these commands,
cd /etc/csf
sh install.cpanel.sh
If not, let's continue to configure CSF manually.
----------
Protection from DOS and SYN flood attacks
To protect your server and forum from these, open the CSF configuration file like so,
cd /etc/csf
nano csf.conf
Use CTRL + W to find the following, (one at a time)
CT_LIMIT
CT_SKIP_TIME_WAIT
SYNFLOOD
and adjust their values to look like this
CT_LIMIT = "50"
CT_SKIP_TIME_WAIT = "1"
SYNFLOOD = "1"
Now you are protected from DOS and SYN flood attacks, and will be notified by email when an IP is blocked.
------
Protection from spam attacks
You can configure CSF to block know spammers in the Dshield, Spamhaus and BOGON lists, to do this, open the CSF configuration file again,
cd /etc/csf
nano csf.conf
Use CTRL + W to find the following, (one at a time)
LF_DSHIELD = "0"
LF_SPAMHAUS = "0"
LF_BOGON = "0"
and adjust their values to look like this,
LF_DSHIELD = "86400"
LF_SPAMHAUS = "86400"
LF_BOGON = "86400"
BOGON is optional, I don't recommend it as much.
Now your server and forum is protected from a huge list of known bad IP's, ever growing.
----------
Other useful settings
You can block countries known to attack, find the following,
CC_DENY = " "
and modify it to suit your needs, so if you want to block all incoming traffic from Great Britain and China, adjust it like this,
CC_DENY = "GB,CN "----------
You can configure lfd to watch directories for suspicious files, find the following,
LF_DIRWATCH
and give it a value of 300,
LF_DIRWATCH = "300"
If a suspicious file is found, you will receive an email.
----------
Finally
You need to switch off testing mode, find,
TESTING = "1"
replace with,
TESTING = "0"
Restart CSF and LFD after making changes to csf.conf
service csf restart
service lfd restart