To help stop DOS (and to a certain extent DDOS) attacks we need a firewall. CSF (Configserver Security and Firewall) seems to be the most used on WHM.
wget http://www.configserver.com/free/csf.tgz
Now wait until the package installs. Once it's done we need to get rid of any problem firewalls
Get rid of APF+BFD
{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }sh /etc/csf/remove_apf_bfd.sh{/syntaxhighlighter}
To Allow ports open the file /etc/csf/csf.conf (with 'vi /etc/csf/csf.conf') and edit the lines with ports numbers. Here are some of the most used:
21 => FTP
22 => SSH
23 => Telnet
25 => SMTP Mail Transfer
43 => WHOIS service
53 => name server (DNS)
80 => HTTP (Web server)
110 => POP protocol (for email)
443 => HTTP Secure (SSL for https:// )
995 => POP over SSL/TLS
9999 => Urchin
3306 = > MysQL Server
2082 => CPANEL Default
2083 => CPANEL - Secure/SSL
2086 => CPANEL WHM
2087 => CPANEL WHM - Secure/SSL
2095 => cpanel webmail
2096 => cpanel webmail - secure/SSL
Plesk Control Panel => 8443
DirectAdmin Control Panel => 2222
Webmin Control Panel => 10000
You now need to go to Cpanel WHM -> CSF Firewall & Security -> Check System Security to sort any warnings
Once you have everything working as you like you need to run the Firewall without TESTING mode.
To do this open /etc/csf/csf.conf and look for the line TESTING = "1", change it to TESTING = "0".
Now restart the Firewall
{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }csf -r{/syntaxhighlighter}
Now the Firewall is working if you look on the left hand side of the WHM at the very bottom you will see 'ConfigServer Security&Firewall', clikc this to see the firewall control panel. This has all the setings for blocking and letting in any IPs, ranges, etc. We will start by getting rid of any of the warnings. In your 'ConfigServer Security & Firewall' hit the top button marked 'Check Server Security' and start fixing anything in red.
This will stop users on the server using port 25 to send emails. It will stop some scripts sending emails.
Some files will need to be set as 1777, to do this with /TMP for example
{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }chmod -R 1777 /tmp{/syntaxhighlighter}
This means anyone may be able to run anything in that directory. To fix
Check SSH UseDNS
Open and find 'UseDNS no', change it to 'UseDNS yes' and save.
NB: If something goes wrong use SSH and edit this file /etc/csf/csf.allow and allow your IP. You can get in and sort it out.
If all else fails use
{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }sh /etc/csf/uninstall.sh{/syntaxhighlighter}
to uninstall
Thanks to mysql-apache-php.com for this tutorial
Also see this installation doc and the main CSF page.
Contact me here or catch me on one of
the social networks below
Try this on your mobile
You should be able to use this right from the screen
M | T | W | T | F | S | S |
---|---|---|---|---|---|---|
|
|
|
|
|
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
|
|
|
|
|
|
Copyright David Slack - Web developer