In the ConfigServer Security & Firewall (CSF) configuration file, update the CT_LIMIT
value to limit the number of connections per IP address. This is a simple trick to prevent some types of Denial of Service (DOS) attack.
To stop the Denial of Service (DoS) attack immediately, read this null route example.
1. /etc/csf/csf.conf
SSH into your server as root. Edit the /etc/csf/csf.conf
file.
$ ssh root@yourserver #login as root
$ vim /etc/csf/csf.conf
2. CT_LIMIT
Find CT_LIMIT
and update it to 150, this means if the total number of connections to the server is more than 150, the IP address will be blocked. Save & exit.
###############################################################################
# SECTION:Connection Tracking
###############################################################################
# Connection Tracking. This option enables tracking of all connections from IP
# addresses to the server. If the total number of connections is greater than
# this value then the offending IP address is blocked. This can be used to help
# prevent some types of DOS attack.
#
# Care should be taken with this option. It's entirely possible that you will
# see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD
# and HTTP so it could be quite easy to trigger, especially with a lot of
# closed connections in TIME_WAIT. However, for a server that is prone to DOS
# attacks this may be very useful. A reasonable setting for this option might
# be around 300.
#
# To disable this feature, set this to 0
CT_LIMIT = "150"
3. Restart CSF
$ csf -r
- 0 Users Found This Useful