The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question about server load and PORTFLOOD setting in CSF/LFD

Discussion in 'Security' started by Bdzzld, Jul 21, 2009.

  1. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Hi,

    Can someone please clearify if the following setting in CSF/LFD :

    Code:
    PORTFLOOD = "80;tcp;20;5"
    instead of the default one :

    Code:
    PORTFLOOD = ""
    
    will cause a noticable increase in server load? And further more if this increase in server load (if any) is neglectable when the increase in safety is taken into account?

    Thanks.
     
  2. nikey

    nikey Member

    Joined:
    Aug 15, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    I've noticed no load and I've gone as low as

    Code:
    PORTFLOOD = "80;tcp;10;5"
     
  3. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Hi,

    Thanks for being the first to answer.

    That means you'll only allow ten connections per IP-address per five seconds. I'm not sure what type of server you're using but ain't that a bit low?

    I myself was thinking about :

    Code:
    PORTFLOOD = "80;tcp;20;1"
    
    (20 connections per IP-address per second to the httpd server)
     
  4. nikey

    nikey Member

    Joined:
    Aug 15, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    right now im running 25:5 to combat a 50k request per-second GET flood. it blocked most of it, but left another 10% of the attack for me to mitigate manually for a few hours.
     
  5. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Hi Nikey,

    According to the documentation CSF does only count 20 hits at max :

    http://www.configserver.com/free/csf/readme.txt
    So I guess evey value above 20 won't work...
     
  6. nikey

    nikey Member

    Joined:
    Aug 15, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    i must have missed that... right now im running 20:3 which seems to do a pretty good job. imo, 20:1 just seems way too lose and would allow GET based floods through the firewall. I found 20:5 a good tight setting for heavy attacks.
     
  7. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Hi Nikey,

    May I ask you what kind of services you're using the server CSF/LFD is installed on for?

    Thanks.
     
  8. nikey

    nikey Member

    Joined:
    Aug 15, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Webhosting. So far I've not noticed any issues with the 20:3 settings. However, I'm thinking 20:5 might work alright as well. right now i've been toying with the settings a lot since im under a 75k per-second get flood.
     
  9. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    Old thread this from a google find, Is the limit on CSF still in place or has this been changed.

    I mean

    Or does the values have to be lower than 20 ? Such as:

    as I was using:

    Till I seen your port about limits....
     
  10. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Indeed a very old thread. Maybe it's better to ask the author of CSF/LFD yourself on its corresponding forum instead?
     
Loading...

Share This Page