As soon as a device is connected to the internet, it is vulnerable. To reduce the vulnerability of your server, we advice to use CSF (Configserver Security and Firewall). You can find more information about CSF at the authors website. CSF can be used to control the firewall and LFD detects brute force attacks and block them (depending on the settings).
When you have CentOS, use the following command to pre-install the required tools.
yum install perl-libwww-perl net-tools perl-LWP-Protocol-https -y
Use the following commands to install CSF:
cd /usr/src rm -fv csf.tgz wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
CSF is by default installed with a test modus. In general the configuration is good enough for basic protection for DirectAdmin and Cpanel environments. We do recommend to check the configuration options and adjust them to your requirements. Also, your IP is by default on the whitelist.
To disable the test modus, open the file /etc/csf/csf.conf and change TESTING to 0:
TESTING = "0"
It is also good to receive alerts from CSF and LFD. Change LF_ALERT_TO to your e-mail address:
LF_ALERT_TO = "mail@domain.com"
By default CSF and LFD will send you a lot of alerts. In general it is safe to ignore them and they can be switched off. We do recommend to review every option with ALERT to see if the alert is relevant for you.
We also recommend to close SSH port 22 and only allow this for whitelisted IP’s. You can change this in the TCP_IN and TCP6_IN variables:
Original: TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2222" New: TCP_IN = "20,21,25,53,80,110,143,443,465,587,993,995,2222"
After any change to the configuration, you have to restart CSF using the following commands. In our experience this works beter than csf -r.
csf -x csf -e
* A whitelist is a list of IP’s that will never get blocked in the firewall. Useful to prevent that you will block yourself but also dangerous if you whitelist anybody.