Instructions for installing CSF Firewall for vps to prevent DDOS
If you rent hosting , resisting small attacks from outside into the server is the responsibility of the Server provider. If you rent VPS / server separately and self-administer to serve your website, this job is required for you to do it yourself.
Against large attacks, they need to use hardware, private network devices to filter and analyze to block malicious packets. But if your website is small, it certainly won't be that much, right? We just need to fight small attacks, flood, syn flood, scan port with firewalls to block packets before they go straight to the web server is already quite effective.
Instructions for anti-DDOS for VPS with CSF Firewall
Currently, there are many free Firewall programs available online, but personally, CSF is one of the most compact and effective firewalls today.
OPERATION MECHANISM OF CSF FIREWALL
- CSF Firewall is provided free of charge.
- Based on the operation of iptables and the ldf process to perform scan logs to detect access signs showing an attack
Almost CSF's activities do not consume VPS Server resources. So installing CSF Server just helps you protect your VPS against small attacks while ensuring maximum performance for your website.
FEATURES OF CSF FIREWALL
- Installing CSF will help your web server not to handle access requests that are attacking the website.
- Block blocks the IPs that are executing your Scan Port server
- BruteForce Attack to VPS, web server, Direct Admin, Cpanel, …
- Block Ip sync Flood
- Block IP ping Flood
- Allows us to block access from a specific country based on the national ISO code.
- Support IPV4, IPV6
When CSF Firewall detects attacks from a specific IP address, it will temporarily lock or permanently IP address at the network layer, so it is safer at the application layer. Your web server will not need to handle access requests from banned IPs, currently on the locked list, and service performance will be guaranteed.
In addition, CSF has many other features for you to learn.
HOW TO INSTALL CSF FIREWALL
If you are using APF and BFD firewal for your VPS. Please remove it before installing CSF. You use the following command to remove:
1 | ./remove_apf_bfd.sh |
After uninstalling, you can use SSH to manipulate and type the command below, to be installed automatically for your VPS server. If you do not know how to use SSH, please see the following article: INSTRUCTION FOR LINUX VPS CONTROL BY PUTTY SSH CLIENT
1 | wget http://kienthucweb.net/script/others/csf-auto-install && chmod + x csf-auto-install && ./csf-auto-install |
Installation work takes place quite quickly. When successful, it will return the following content:
1 2 | You can set up the CSF Firewall bar + Configure the server KienThucWeb.Net - KienThucWeb.Net |
So the installation steps are done. Please note that you can troubleshoot problems during your own use such as: Block port Direct Admin, Kloxo through the setup file with the following command:
1 | vi /etc/csf/csf.conf |
You need to note the lines: TCP_IN and TCP_OUT to add or remove Port desired!
After saving the reset you use the command: csf -r to restart CSF.
EPILOGUE
With CSF Firewall, you can easily protect your VPS at the network layer, against small attacks that endanger the operation of websites located on your servers. I personally feel that CSF is a pretty good Firewall, after installing to help my server protect Port scan attacks, Kloxo is quite effective. If you have any problems, please leave a comment for us to discuss.
ITZone via kienthucweb.net