Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CSF Issues / SYN Floods - Input Please

Discussion in 'Security' started by Bigstack14, Apr 3, 2013.

  1. Bigstack14

    Bigstack14 Member

    Nov 23, 2010
    Likes Received:
    Trophy Points:
    Ok So over the past weeks my server has been getting pounded with SYN floods. At one point I saw a server load in the 6,600+ range in top.. (dont ask me how ssh was still working but it was slow as hell maybe nginx was helping)

    Anyway I have had no luck in blocking these attacks myself so im turning to the community for help. I will list and post up what I have done..

    I AM STUCK AT THIS POINT my server is online for 10 minutes then gets hit again. Any help would be AMAZING.

    For starters im on CentOS 5 64x ... and I run the NginxCP addon... and have the csf firewall installed below is what I have done.

    *side node would hardware ddos like cisco guard stop this?

    CSF config file.. Long so Ill attach it -> View attachment csf con.txt

    I also have made changes to the as its not as long as the CSF ill just post it (I added the bottom part)

    # Kernel sysctl configuration file for Red Hat Linux
    # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
    # sysctl.conf(5) for more details.
    # Controls IP packet forwarding
    net.ipv4.ip_forward = 0
    # Controls source route verification
    net.ipv4.conf.default.rp_filter = 1
    # Do not accept source routing
    net.ipv4.conf.default.accept_source_route = 0
    # Controls the System Request debugging functionality of the kernel
    kernel.sysrq = 0
    # Controls whether core dumps will append the PID to the core filename
    # Useful for debugging multi-threaded applications
    kernel.core_uses_pid = 1
    # Controls the use of TCP syncookies
    net.ipv4.tcp_syncookies = 1
    # Controls the maximum size of a message, in bytes
    kernel.msgmnb = 65536
    # Controls the default maxmimum size of a mesage queue
    kernel.msgmax = 65536
    # Controls the maximum shared segment size, in bytes
    kernel.shmmax = 68719476736
    # Controls the maximum number of shared memory segments, in pages
    kernel.shmall = 4294967296
    # Custom Edits for hardening
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    net.ipv4.tcp_fin_timeout = 15
    net.ipv4.tcp_keepalive_time = 1800
    net.ipv4.tcp_window_scaling = 0
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.tcp_max_tw_buckets = 1440000
  2. caisc

    caisc Well-Known Member

    Oct 5, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    I never heard of load at levels - 6,600+
    Just curious to know your server config.
  3. gopkris2005

    gopkris2005 Well-Known Member

    Jan 9, 2007
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    1,In CSF firewall, there is option available to prevent SYN Floods attack. You have not enabled it. Please enable in CSF config SYNFLOOD = "1"
    2, disable ping in CSF firewall ICMP ICMP_IN = "0"
    3, You have open many ports in your server, try to disable unwanted ports in TCP_IN = , TCP_OUT =

    If possible, past last few lines of /var/log/messages
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice