In the ConfigServer Security & Firewall (CSF) configuration file, update the CT_LIMIT value to limit the number of connections per IP address. This is a simple trick to prevent some types of Denial of Service (DOS) attack.
Note
To stop the Denial of Service (DoS) attack immediately, read this null route example.
To stop the Denial of Service (DoS) attack immediately, read this null route example.
1. /etc/csf/csf.conf
SSH into your server as root. Edit the /etc/csf/csf.conf file.
Terminal
$ ssh root@yourserver #login as root
$ vim /etc/csf/csf.conf
2. CT_LIMIT
Find CT_LIMIT and update it to 150, this means if the total number of connections to the server is more than 150, the IP address will be blocked. Save & exit.
/etc/csf/csf.conf
###############################################################################
# SECTION:Connection Tracking
###############################################################################
# Connection Tracking. This option enables tracking of all connections from IP
# addresses to the server. If the total number of connections is greater than
# this value then the offending IP address is blocked. This can be used to help
# prevent some types of DOS attack.
#
# Care should be taken with this option. It's entirely possible that you will
# see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD
# and HTTP so it could be quite easy to trigger, especially with a lot of
# closed connections in TIME_WAIT. However, for a server that is prone to DOS
# attacks this may be very useful. A reasonable setting for this option might
# be around 300.
#
# To disable this feature, set this to 0
CT_LIMIT = "150"
3. Restart CSF
$ csf -r- 0 Users Found This Useful
