How To Prevent DDOS Attack by CSF firewall
In this article, we are going share a tutorial about How to Prevent DDOS attack by CSF firewall. Denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. A distributed denial-of-service (DDoS) is where the attack source is more than one–and often thousands–of unique IP addresses.
CSF is one of most common firewall as its freely available and its very effective for servers. Most of server gurus calls CSF a must have firewall for server. CSF has built-in protection against entry level to mid level DDOS attacks. SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it.
If you are expecting an attack, enable it and set the rules a bit strict, like
SYNFLOOD = “1" SYNFLOOD_RATE = “40/s” SYNFLOOD_BURST = “20"
i.e. if 40 connections are received from an IP/sec for 20 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.
PORTFLOOD = 80;tcp;100;5,22;tcp;5;300
ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.