The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

is CSF enough for security

Discussion in 'Security' started by adrov, Sep 23, 2009.

  1. adrov

    adrov Member

    Joined:
    Sep 20, 2009
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    I have installed CSF and tunned it up so i have score 104/113

    What can i use for bruteforce detection and blocking, does CSF do this?
     
  2. MattCurry

    MattCurry Well-Known Member

    Joined:
    Aug 18, 2009
    Messages:
    275
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Tx
    Brute Force Detection

    Hello,

    I would recommend that you use the following tutorial, I think it wold help you with your issue. Please feel free to ask if you have any other questions.

    Thank you,
    Matthew Curry
     
  3. Eric

    Eric Administrator
    Staff Member

    Joined:
    Nov 25, 2007
    Messages:
    746
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Howdy,

    The score is a nice tool that can help find things. But don't use it alone to determine if your server is secure. Diligence like always is the best method, know that there are updates and apply them in a timely fashion. Make backups, and store them off location. Read your logs now and again, or at least the logwatch emails. (if you're not getting those you might look in to that.) Find users who use the system more than others and take steps to limit them or contact them and ask them what they're doing, often times it's a configuration problem that they don't even know about.

    My two bits on the topic,
     
  4. adrov

    adrov Member

    Joined:
    Sep 20, 2009
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Can you recommend me any Bruteforce protection? Well CPHulk is too simple, i can't unblock IP, if it was blocked with CPhulk, without flushing all IP's, which means i unblock all IP's...
     
  5. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    Yes, CSF does bruteforce detection. You will have to start the lfd from the WHM --> ConfigServer Security & Firewall --> Click on lfd start.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Strange, mine goes up to 122. Are you running the latest CSF? (I must admit I'm not sure if that top score is different on other servers)

    To answer your question, you only need to read the site you got it from:

    ConfigServer Security & Firewall

    cpanelerice's advice is spot on of course. And CSF is surely a great big step in the right direction, yes.


    HTH
     
  7. Eric

    Eric Administrator
    Staff Member

    Joined:
    Nov 25, 2007
    Messages:
    746
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Howdy,

    LFD's good stuff, check it out and it might work for you. It's even pretty nice on non cPanel systems. Just a script that reads the logs and takes action. Simple but effective.
     
  8. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Regarding your subject "Is CSF enough for security?" ....

    ABSOLUTELY NOT!

    CSF is a wonderful tool and Chirpy did a fairly decent job with it and I would also go so far as to recommend it be an essential core component to the security of every hosting server but it is by no means all you should do!

    By itself, CSF is not a complete all-inclusive security solution and you should never rely on any single application or single avenue of defense as there is literally millions of other avenues of attack above and beyond what CSF alone can protect you from and more software, tweaks, system configuring, permission settings, and more is needed to get as close as you can to fully addressing the complete list of items that you should address regarding security.

    Let's put it this way. I am a professional server security advisor, that is first and foremost what I do. It takes me on average about 10 to 15 seconds to install and configure CSF on a Cpanel server. I have advanced automation tools that go deep into systems and configure thousands of items that can do in seconds and minutes what would take the vast majority of everyone hours and hours to accomplish ....

    --- Now with that given, it still takes me between 2 and 4 hours to properly secure a server if that tells you anything at all about how much needs to be updated and secured on your server to really get your server where it should be in regards to security! ;)

    Without intimate systems knowledge to be able to really go deep into the server but wanting to setup a reasonably good security solution yourself, I would recommend looking into some of the following items:

    CSF / LFD by ConfigServer.Com
    cpHulk (Part of Cpanel / Limited Use)
    Mod_Evasive by Nuclear Elephant
    Mod_GeoIP by Maxmind (Interfaces with other security applications)
    Mod_Security with ruleset from GotRoot.Com
    Portscanner (Misconfigured by default w/ Cpanel but can be improved)
    RkHunter - Root Kit Scanner
    Tripwire - Additional line of defense

    PHP setup as SuPHP w/SuHoSin installed
    Apache 2.2.13 / MySQL 5 / PHP 5.2.11 (Keeping updated is important)
    Make sure you have all system updates and patches applied

    Moving your SSH port, setting Protocol 2, and using strong passwords or certificates goes a long way as well.

    Look at disabling non-root access to commonly abused tools and commands but don't go too far. If you don't know what scripts use which programs and you disable something used by important processes, you can very much screw up your system.

    The above short list will do a lot to help with the security of your server!

    Now regarding your posted question on brute force detection, as some of the other forum members pointed out, CSF comes with a tool called LFD that does precisely what you ask and more. ;)
     
    #8 Spiral, Sep 23, 2009
    Last edited: Sep 23, 2009
  9. Luke Carrier

    Luke Carrier Active Member

    Joined:
    May 27, 2009
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    I agree with previous posters - by no means is a piece of security software (no matter how good) enough to protect your servers. You need to monitor httpd access logs, load averages, brute force attempts and the like constantly.

    CSF and LFD are fantastic additions to your security efforts, but they are not an alternative for proper server administration.
     
Loading...

Share This Page