Language Selection

English French German Italian Portuguese Spanish

Quick way to stop apache and connect floods with csf

Filed under
Howtos

 
Well first off this will only stop http or connect floods if you are having a real ddos problem you should be on a protected network otherwise there isnt much you can do server level if the attacks are pretty big. Using this method in combination with a protected network is the best way to go if you are having dos problems or host sites that do.
If you dont have CSF you can get it at www.configserver.com

This is real handy if your server is lagging badly, In some cases you have to tune down the connection limit to around 30 or less, depends how many ips hitting, etc; What this does is it kills apache, lowers the connection limit in csf.conf and restarts everything. When it does and lfd daemon runs again it will ban all of the ips with so many connections.
 
Code:

cp /etc/csf/csf.conf /etc/csf/csf.conf2
 
Code:

nano -w /etc/csf/csf.conf2
ctrl+w search for tracking, will be the second result. Turn your connection level to where you want it to be. Usually 30 gets the job done. You can always change it to suit the situation
 
Code:

nano -w /usr/bin/dos
insert
 
Code:

killall httpd ; cp -R /etc/csf/csf.conf /etc/csf/csf.conf1 ; cp -R /etc/csf/csf.conf2 /etc/csf/csf.conf ; csf -r ; service httpd restart
here is shortcut script to turn your connection limit back to normal
 
Code:

nano -w /usr/bin/dosoff
insert
 
Code:

cp -R /etc/csf/csf.conf1 /etc/csf/csf.conf ; csf -r
 
Code:

chmod 700 /usr/bin/dos /usr/bin/dosoff
Now you can go in your server and quickly fight it.
Just enter dos in your terminal to start it. And dosoff to set back to normal. Hope this can help someone

More in Tux Machines

Linux 4.6.5

I'm announcing the release of the 4.6.5 kernel. All users of the 4.6 kernel series must upgrade. The updated 4.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.6.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... thanks, greg k-h Read more Also: Linux 4.4.16 Linux 3.14.74

today's leftovers

Leftovers: Software

  • The Linux Deepin File Manager Is a Thing of Beauty
    China-based Linux distro Deepin has shown off its all-new desktop file manager. And to say it's pretty is an understatement.
  • GRadio Lets You Find, Listen to Radio Stations from the Ubuntu Desktop
    Love to listen to the radio? My ol’ pal Lolly did. But let’s say you want to listen to the radio on Ubuntu. How do you do it? Well, the Ubuntu Software centre should always be the first dial you try, but you’ll need to sift through a load of static to find a decent app.
  • Reprotest 0.2 released, with virtualization support
    reprotest 0.2 is available in PyPi and should hit Debian soon. I have tested null (no container, build on the host system), schroot, and qemu, but it's likely that chroot, Linux containers (lxc/lxd), and quite possibly ssh are also working. I haven't tested the autopkgtest code on a non-Debian system, but again, it probably works. At this point, reprotest is not quite a replacement for the prebuilder script because I haven't implemented all the variations yet, but it offers better virtualization because it supports qemu, and it can build non-Debian software because it doesn't rely on pbuilder.
  • Calibre 2.63.0 eBook Converter and Viewer Adds Unicode 9.0 Support, Bugfixes
    Kovid Goyal has released yet another maintenance update for his popular, open-source, free, and cross-platform Calibre ebook library management software, version 2.63.0. Calibre 2.63.0 arrives two weeks after the release of the previous maintenance update, Calibre 2.62.0, which introduced support for the new Kindle Oasis ebook reader from Amazon, as well as reading and writing of EPUB 3 metadata. Unfortunately, there aren't many interesting features added in the Calibre 2.63.0 release, except for the implementation of Unicode 9.0 support in the regex engine of the Edit Book feature that lets users edit books that contain characters encoded with the recently released Unicode 9.0 standard.
  • Mozilla Delivers Improved User Experience in Firefox for iOS
    When we rolled out Firefox for iOS late last year, we got a tremendous response and millions of downloads. Lots of Firefox users were ecstatic they could use the browser they love on the iPhone or iPad they had chosen. Today, we’re thrilled to release some big improvements to Firefox for iOS. These improvements will give users more speed, flexibility and choice, three things we care deeply about.
  • LibreOffice 5.2 Is Being Released Next Wednesday
    One week from today will mark the release of LibreOffice 5.2 as the open-source office suite's latest major update. LibreOffice 5.2 features a new (optional) single toolbar mode, bookmark improvements. new Calc spreadsheet functions (including forecasting functions), support for signature descriptions, support for OOXML signature import/export, and a wealth of other updates. There are also GTK3 user-interface improvements, OpenGL rendering improvements, multi-threaded 3D rendering, faster rendering, and more.
  • Blackmagic Design Finally Introduces Fusion 8 For Linux
  • Why Microsoft’s revival of Skype for Linux is a big deal [Ed: This article is nonsense right from the headline. Web client is not Linux support. And it's spyware (centralised too).]

today's howtos