How to prevent DDOS attack by CSF firewall?

Preventing DDOS attack from csf firewall.

First make sure DDOS attack is not from open recursive DNS settings. To check and fix that issue please read this article – Preventing DDOS aplification open resolver attack

This article is to set CSF firewall so that any DDOS intentional attack to your server can be prevented.

 

Step 1: open and edit CSF config file. 

vi /etc/csf/csf.conf

 

Settings: 

Enable connection tracking.
CT_LIMIT is max number of connection allowed from one IP, you can set this value as per your server requirement.

CT_LIMIT =100

Set connection tracking interval.

CT_INTERVAL =30

If you want to get possible ddos attack email then enable it.

CT_EMAIL_ALERT =1

If you want to make IP blocks permanent then set this to 1, otherwise blocks
will be temporary and will be cleared after CT_BLOCK_TIME seconds

CT_PERMANENT = 1

If you opt for temporary IP blocks for CT, then the following is the interval
in seconds that the IP will remained blocked for (e.g. 1800 = 30 mins)

CT_BLOCK_TIME = 1800

If you only want to count specific ports (e.g. 80,443) then add the ports
to the following as a comma separated list. E.g. “80,443”

CT_PORTS = 80,23,443

 

These settings will be enough for DDOS attacks but if you are getting more attacks even you have above option configured then we can set few more options.

 

Step 2: Enable distributed attacks

LF_DISTATTACK = 1  

Set the following to the minimum number of unique IP addresses that trigger
LF_DISTATTACK

LF_DISTATTACK_UNIQ = 2

 

Step 3: Enable distributed FTP attacks

LF_DISTFTP = 1

 

Set the following to the minimum number of unique IP addresses that trigger
LF_DISTFTP. LF_DISTFTP_UNIQ must be <= LF_DISTFTP for this to work

LF_DISTFTP_UNIQ = 3

 

If this option is set to 1 the blocks will be permanent
If this option is > 1, the blocks will be temporary for the specified number
of seconds

LF_DISTFTP_PERM =1

 

Step 4: Enable distributed SMTP attacks.

 

LF_DISTSMTP =1

 

Set the following to the minimum number of unique IP addresses that trigger
LF_DISTSMTP. LF_DISTSMTP_UNIQ must be <= LF_DISTSMTP for this to work

LF_DISTSMTP_UNIQ =4

 

If this option is set to 1 the blocks will be permanent
If this option is > 1, the blocks will be temporary for the specified number
of seconds

LF_DISTSMTP_PERM =1

 

This is the interval during which a distributed FTP or SMTP attack is
measured

LF_DIST_INTERVAL = 300

Virtualmin – upgrate PHP 5.3 to PHP 5.4 / PHP 5.5 or higher version from Yum

Upgrade PHP 5.3 default version in Virtualmin / webmin to PHP 5.3 / php 5.5 in Centos:

Virtualmin / webmin comes with default php5.3 version while higher version is only available in pro version. This article helps how to update php versions  to higher version like php5.5.

 

Step 1:  Install PHP version:

For centos 6:

rpm -Uvh http://mirror.webtatic.com/yum/el6/latest.rpm

For centos 5:

rpm -Uvh http://mirror.webtatic.com/yum/el5/latest.rpm

Now install php by:

To install php 5.4 version:

yum install php54w php54w-common php54w-mysql php54-mbstring

To install php 5.5 version

yum install php55w php55w-opcache php55w-common php55w-mysql php55-mbstring

More module can be added by simple apending the module name at the end of yum or can be installed sepereatly.

List of modules are:

Package Provides
php54w mod_php, php54w-zts
php54w-bcmath
php54w-cli php-cgi, php-pcntl, php-readline
php54w-common php-api, php-bz2, php-calendar, php-ctype, php-curl, php-date, php-exif, php-fileinfo, php-ftp, php-gettext, php-gmp, php-hash, php-iconv, php-json, php-libxml, php-openssl, php-pcre, php-pecl-Fileinfo, php-pecl-phar, php-pecl-zip, php-reflection, php-session, php-shmop, php-simplexml, php-sockets, php-spl, php-tokenizer, php-zend-abi, php-zip, php-zlib
php54w-dba
php54w-devel
php54w-embedded php-embedded-devel
php54w-enchant
php54w-fpm
php54w-gd
php54w-imap
php54w-interbase php_database, php-firebird
php54w-intl
php54w-ldap
php54w-mbstring
php54w-mcrypt
php54w-mssql
php54w-mysql php-mysqli, php_database
php54w-mysqlnd php-mysqli, php_database
php54w-odbc php-pdo_odbc, php_database
php54w-pdo
php54w-pecl-apc
php54w-pecl-memcache
php54w-pecl-zendopcache
php54w-pecl-xdebug
php54w-pgsql php-pdo_pgsql, php_database
php54w-process php-posix, php-sysvmsg, php-sysvsem, php-sysvshm
php54w-pspell
php54w-recode
php54w-snmp
php54w-soap
php54w-tidy
php54w-xml php-dom, php-domxml, php-wddx, php-xsl
php54w-xmlrpc

Each module can be configured with ini files which are inside /etc/php.d/<module name>.ini

Here we are installing php 5.5 so in above module we replace php54w with php55w . example , php54w-mysql will be php55w-mysql in php 5.5

Step 2: setup PHP 5.5 version in apache

a) Create cgi file < if using php-cgi)

Go to your domain name:

/home/<username>/cgi-bin/

Copy existing cgi file lets say 5.4.cgi to new version cgi, in this case 5.5.cgi

cd /home/<username>/cgi-bin/
cp php5.4.cgi php5.5.cgi

edit cgi file

vi php.5.5.cgi

and replace with

#!/bin/bash
 PHPRC=$DOCUMENT_ROOT/../etc/php5 # your php version
 export PHPRC
 umask 022
 if [ "$REDIRECT_URL" != "" ]; then
 SCRIPT_NAME=$REDIRECT_URL
 export SCRIPT_NAME
 fi
 SCRIPT_FILENAME=$PATH_TRANSLATED
 export SCRIPT_FILENAME
 exec /usr/bin/php-cgi  # path of php-cgi

 

Give proper permission to your cgi files by:

chown <username>:<username> php5.5.cgi
chmod +x php5.5.cgi

b) create new PHP 5.5 fcgi file ( if using fcgi php)

go to

cd /home/<username>/fcgi-bin/

copy existing fcgi file to new php5.5 fcgi

cp php5.fcgi php5.5.fcgi

vi php5.5.fcgi

replace with following

#!/bin/bash
 PHPRC=$PWD/../etc/php5
 export PHPRC
 umask 022
 export PHP_FCGI_CHILDREN
 PHP_FCGI_MAX_REQUESTS=99999
 export PHP_FCGI_MAX_REQUESTS
 SCRIPT_FILENAME=$PATH_TRANSLATED
 export SCRIPT_FILENAME
 exec /usr/bin/php-cgi

 

Give proper permission to your cgi files by:

chown <username>:<username> php5.5.fcgi
chmod +x php5.5fcgi

 

c) Change path toPHP 5.5 cgi in apache httd.

Now final step is to edit apache httpd file to point to new version of php.

vi /etc/httpd/conf/httpd.conf

go to your domain virtual hosting settings.

i) For fcgi based domain

Remove current FCGIWrapper and replace with following :

FCGIWrapper /home/<username>/fcgi-bin/php5.5.fcgi .php

 

ii) For cgi based domain

Remove existing Action and AddType and replace with follows:

Action application/x-httpd-php5.5 /cgi-bin/php5.5.cgi
 AddType application/x-httpd-php5.5 .php

 

3) Step 3:  Restart apache server:

service httpd restart.