Cart is empty
SnelServer.com More

How Can I Deal With DDoS Without a Hardware Firewall?

10/15/2014 | Security |

A Distributed Denial of Service (DDoS) attack can bring a server to its knees in minutes. DDoS involves flooding a server with requests, forcing the server to be unusable and unresponsive. While occasional DDoS attacks are inconvenient, repeated and persistent attacks can cripple a website and prevent you from running your business.

Large businesses like PayPal have felt the full force of DDoS in the past, but no website or business is immune. While DDoS attacks are illegal, in many countries but it is incredibly difficult to track down the perpetrators, since they often use botnets to carry out their crimes. Prevention therefore is the best cure.

About Firewalls

Hardware firewalls are often considered the most robust type of protection against all kinds of intruders, and the best defence against DDoS, but they are not always practical. The days of placing mainframes behind firewalls are long gone. If you run virtual machines, a hardware firewall isn’t practical. The solution? You will need to run a software firewall to protect each server you deploy. Config Server Firewall (CSF) is a free software firewall that is designed for Linux servers. It’s valuable because it’s designed to prevent the kinds of brute force attacks that can bring a server down. CSF has flood detection technology that is specifically designed to recognise, and protect against, a DDoS attack. The key feature is connection limit protection, which monitors incoming connections and detects very high quantities of active connections from one IP address. While CSF isn’t totally failsafe, it does a good job of preventing mild or moderate attacks.



How to Set Up CSF

CSF can be used from the command line or from specific hosting control panels, including cPanel on Linux. It’s especially useful for deployment on Dedicated servers and Virtual Private Servers (VPS), many of which have cPanel installed as part of the package. The user interface is also installed on Webmin. To enable DDoS protection without cPanel or Webmin, you’ll need to edit the CSF config file with a text editor. You must define the ports that are to be monitored; remember that not all ports will be open by default anyway. You can also optionally set a threshold for the number of IP addresses that trigger a block, and you’ll choose whether to block them permanently or for a set period of time. The portflood setting allows you limit the number of connections to any port in a specified period. It’s wise to also download IP block lists for CSF. These will effectively pre-program the firewall to block IPs that are known to be the source of problems, ensuring that your server cannot be targeted by these IPs. CSF also has a whitelist; check that your own IP address, and the IPs of any other administrator, is added here.

Getting Help

CSF is a very good firewall that is ideal for dedicated hosting and cloud environments. It is quick to deploy and easy to configure, even if you are not well versed with the command line. Below you can find a quick tutorial on how you should start the installation.

The first step is to login as the root user on the terminal. And then use the following command to download CSF:


 wget http://www.configserver.com/free/csf.tgz


Use the following command to extract the files


 tar xfz csf.tgz


Use 'cd' to open csf folder


 cd csf


Now run the CSF install typing


 sh install.sh


Edit the config file to turn off the ‘testing mode’ type 


 vi /etc/csf/csf.conf


Press ‘i’ to enable editing mode and change TESTING = “1” to 


 TESTING = “0”


Press “Esc” key to exit the text editor type


 :wq


Now save the changes made in the text editor. Enter the following command this will restart the csf:


 csf -r


CSF is now installed and running, you can now close the terminal. For more detailed information on CSF check out the CSF user documentation.







Here are 4 out of 12 reasons why you should choose SnelServer.com

Bandwidth pooling

Other providers require extra money for bandwidth you may not even need. SnelServer.com differs from other providers by providing bandwidth pooling across all your servers at no extra cost. If your other servers have plenty of bandwidth left, we allow you to pool the bandwidth to another server that requires more. This enables you to save money and you can use your dedicated server more efficiently.

Dedicated KVM over IP

SnelServer.com stands out in delivering flexibility, simplicity and convenience. All our dedicated servers come with many free features, such as dedicated KVM over IP. This feature provides technical freedom, because it enables you to control your server independently. Moreover, the unique and robust features of a dedicated KVM over IP allow you to control your server remotely 24/7 at BIOS level. With this free feature we provide more flexibility and usability on our dedicated servers. 

Application Programming Interface (API)

SnelServer.com provides a reliable and easy to implement Application Programming interface (API). Our API allows you to integrate our control panel seamlessly into your own systems. By integrating our control panel you can resell our dedicated servers under your own private brand at prices you want. We allow you to use our infrastructure and at the same time you will have a total control in providing support to your own customers. Get started on integrating our powerful API in to your business and earn money easily.

Enterprise servers

Here at Snel.com we are not using desktop machines but only the best servers from Supermicro and Dell which are designed to give you the best performance and to provide energy and space efficiency. Supermicro provides innovative and first-to market technologies and their motherboards are quality-built to maximize customer satisfaction. And Dell servers are built to accelerate performance and expandability but also to increase productivity. Our Dell servers perfectly meet to the most common requests and requirements of our customers.

VIEW MORE