Web Hosting?

**Frank Broughton** · 11-04-2011, 10:53 PM

Originally Posted by gohighvoltage

Question, "thisisit" has a BFD rules for Jag servers,

Should I need this, since I have CSF installed and running?

NO - you cannot run both!

**Frank Broughton** · 11-04-2011, 10:55 PM

Be careful you do not block yourself. If you enter the wrong password so many times, it will block YOUR IP.... I have had that happen many times to users on my servers.

**gohighvoltage** · 11-06-2011, 03:34 PM

Thanks Frank, Appreciate the advice and help. So far this firewall is awesome. Anyone with a server should definitely install it.

**gohighvoltage** · 11-07-2011, 05:46 PM

I noticed since the install of CSF, that the numiptent use went a lot higher, not on the hard limit, but close. Is this a problem, or is there any way to limit the Number of IP packet filtering entries without reducing the protection of the firewall?

**gohighvoltage** · 11-28-2011, 08:43 PM

Installing CSF+LFD was the best thing I ever did!!! I am up to 150 IP addresses permanently blocked now for port scanning and attempts to brute force log in!!! Crazy!!!

**Deyson** · 11-29-2011, 12:19 AM

Is CSF+LFD for VPS hosting?

I am using Jaguar’s Web Hosting Plan.

**JPC-Bilal** · 11-29-2011, 12:46 AM

Hi Deyson,

CSF-LFD is installed on all of our shared, sdx and reseller servers too. Thank you.

**Jamsori** · 11-29-2011, 05:21 AM

Originally Posted by gohighvoltage

I noticed since the install of CSF, that the numiptent use went a lot higher, not on the hard limit, but close. Is this a problem, or is there any way to limit the Number of IP packet filtering entries without reducing the protection of the firewall?

That means CSF+LFD is doing its job, really. Sure you're aware of it now though since this is an older post.

Originally Posted by gohighvoltage

Installing CSF+LFD was the best thing I ever did!!! I am up to 150 IP addresses permanently blocked now for port scanning and attempts to brute force log in!!! Crazy!!!

Haha, it's a pretty awesome script.

**Big Tom** · 12-01-2011, 08:13 PM

A very cool feature of csf is blocking whole countries. There is a limit in regards to how many rules iptables can handle before slowing down, so when I had China, Russia and Moldova blocked, it slowed the whole system down quite a bit (and prior to that the Jag admins had to chane a parameter on the VM outside of the operating system).
The entry to block complete countries in /etc/csf/csf.conf is CC_DENY - The line CC_DENY = "CN,RU,MD" would block China, Russia, Moldovia :-)

**gohighvoltage** · 12-02-2011, 06:27 PM

Originally Posted by Big Tom

A very cool feature of csf is blocking whole countries. There is a limit in regards to how many rules iptables can handle before slowing down, so when I had China, Russia and Moldova blocked, it slowed the whole system down quite a bit (and prior to that the Jag admins had to chane a parameter on the VM outside of the operating system).
The entry to block complete countries in /etc/csf/csf.conf is CC_DENY - The line CC_DENY = "CN,RU,MD" would block China, Russia, Moldovia :-)

Yeah, blocking Russia, China, and some other countries isn't a bad idea. Most of my attacks are from a few countries.

LinkBack

Thread Tools

Display

Web Hosting?

Bookmarks

Bookmarks

Posting Permissions