Language Selection

English French German Italian Portuguese Spanish

Quick way to stop apache and connect floods with csf

Filed under
Howtos

 
Well first off this will only stop http or connect floods if you are having a real ddos problem you should be on a protected network otherwise there isnt much you can do server level if the attacks are pretty big. Using this method in combination with a protected network is the best way to go if you are having dos problems or host sites that do.
If you dont have CSF you can get it at www.configserver.com

This is real handy if your server is lagging badly, In some cases you have to tune down the connection limit to around 30 or less, depends how many ips hitting, etc; What this does is it kills apache, lowers the connection limit in csf.conf and restarts everything. When it does and lfd daemon runs again it will ban all of the ips with so many connections.
 
Code:

cp /etc/csf/csf.conf /etc/csf/csf.conf2
 
Code:

nano -w /etc/csf/csf.conf2
ctrl+w search for tracking, will be the second result. Turn your connection level to where you want it to be. Usually 30 gets the job done. You can always change it to suit the situation
 
Code:

nano -w /usr/bin/dos
insert
 
Code:

killall httpd ; cp -R /etc/csf/csf.conf /etc/csf/csf.conf1 ; cp -R /etc/csf/csf.conf2 /etc/csf/csf.conf ; csf -r ; service httpd restart
here is shortcut script to turn your connection limit back to normal
 
Code:

nano -w /usr/bin/dosoff
insert
 
Code:

cp -R /etc/csf/csf.conf1 /etc/csf/csf.conf ; csf -r
 
Code:

chmod 700 /usr/bin/dos /usr/bin/dosoff
Now you can go in your server and quickly fight it.
Just enter dos in your terminal to start it. And dosoff to set back to normal. Hope this can help someone

More in Tux Machines

today's howtos

Ubuntu 16.04.2 LTS Delayed Until February 2, Will Bring Linux 4.8, Newer Mesa

If you've been waiting to upgrade your Ubuntu 16.04 LTS (Xenial Xerus) operating system to the 16.04.2 point release, which should have hit the streets a couple of days ago, you'll have to wait until February 2. We hate to give you guys bad news, but Canonical's engineers are still working hard these days to port all the goodies from the Ubuntu 16.10 (Yakkety Yak) repositories to Ubuntu 16.04 LTS, which is a long-term supported version, until 2019. These include the Linux 4.8 kernel packages and an updated graphics stack based on a newer X.Org Server version and Mesa 3D Graphics Library. Read more

Calamares Release and Adoption

  • Calamares 3.0 Universal Linux Installer Released, Drops Support for KPMcore 2
    Calamares, the open-source distribution-independent system installer, which is used by many GNU/Linux distributions, including the popular KaOS, Netrunner, Chakra GNU/Linux, and recently KDE Neon, was updated today to version 3.0. Calamares 3.0 is a major milestone, ending the support for the 2.4 series, which recently received its last maintenance update, versioned 2.4.6, bringing numerous improvements, countless bug fixes, and some long-anticipated features, including a brand-new PythonQt-based module interface.
  • Due to Popular Request, KDE Neon Is Adopting the Calamares Graphical Installer
    KDE Neon maintainer Jonathan Riddell is announcing today the immediate availability of the popular Calamares distribution-independent Linux installer framework on the Developer Unstable Edition of KDE Neon. It would appear that many KDE Neon users have voted for Calamares to become the default graphical installer system used for installing the Linux-based operating system on their personal computers. Indeed, Calamares is a popular installer framework that's being successfully used by many distros, including Chakra, Netrunner, and KaOS.

Red Hat Financial News