WHM is running CSF Firewall and I pay my Hosting partner for a Hardware Firewall which they claim they
"provides limited protection against Denial Of Service (DoS) attacks."
A recent email generated by CSF claimed a "High 5 minute load average alert", so I checked var/log/messages.
In there, I found the line:
"TCP: Possible SYN flooding on port 80. Sending cookies."
It seems that there are a large amount of attempts to connect to Port 21 - FTP.
I have this Port disabled in CSF Firewall and allow only the two IP's I ever need to use which prevents unauthorised access. However, it doesn't stop hackers hammering away at the server many times per second and drowning it in requests.
I looked up the 200+ IP's and found they were all from the same district in China.
I do get legitimate Chinese traffic so I can't block the whole country. I have a limit of 100 IP's I can block in CSF, so I could never block this amount.
Is there anything more I should be doing as a "Responsible SysAdmin"?
"provides limited protection against Denial Of Service (DoS) attacks."
A recent email generated by CSF claimed a "High 5 minute load average alert", so I checked var/log/messages.
In there, I found the line:
"TCP: Possible SYN flooding on port 80. Sending cookies."
It seems that there are a large amount of attempts to connect to Port 21 - FTP.
I have this Port disabled in CSF Firewall and allow only the two IP's I ever need to use which prevents unauthorised access. However, it doesn't stop hackers hammering away at the server many times per second and drowning it in requests.
I looked up the 200+ IP's and found they were all from the same district in China.
I do get legitimate Chinese traffic so I can't block the whole country. I have a limit of 100 IP's I can block in CSF, so I could never block this amount.
Is there anything more I should be doing as a "Responsible SysAdmin"?