0

error in CSF after installation of IPSET

Hi,

I am having error after installation of IPSET. After installation of IPSET it gave me this error when i ran csf – r

IPSET: [ipset … | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1647851&goto=newpost

VPS Tips & Tutorials via error in CSF after installation of IPSET.

0

How to Stop a DDoS Attack with iptables on a VPS

This seems to be a relatively common issue with VPS hosting customers. There are a variety of free ways but for attacks more than between 100,000 and 500,000 packets per second (PPS), which is about 100 -500Mbps, there is nothing you can do on your end but may require a DDoS mitigation specialist or action from your uplink/data center.

Step One: iptables
iptables is, according to Wikipedia, a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.

iptables is provided by default with most Linux operating systems and with most virtual private servers, regardless of OpenVZ or Xen VPS.

Blocking SYN Flood Attacks:

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

This command will drop all SYN packets that are not new, which will mitigate and decrease the attack on your VPS. I have personally ran this on clients’ servers who were having issues and the attack does go away but the attackers usually switch to another attack.

Blocking UDP Flood Attacks:
UDP flood attacks are common against individuals and companies hosting game servers as these game servers operate on UDP ports, rather than TCP. Unfortunately, due to the sophistication of UDP attacks, there is nothing simple you can add to iptables to prevent it other than rate limiting or blocking specific packets that are required by the game server and the attackers utilize that information to make the attack worse.

If you are not running a game server and are a victim of UDP attacks, request from your hosting provider that UDP traffic to your IP address or IP addresses are blocked. Most VPS or hosting providers will be more than glad to implement preventative measures to prevent problems to their network and customers.

Blocking Fragmented Packet Attacks:

iptables -A INPUT -f -j DROP

Step Two: Install CSF Firewall
ConfigServer Firewall, better known as CSF, is a script that provides an overwhelming amount of features in a free script to prevent common denial of service attacks, SSH bruteforcing, blocking of specific country codes, etc. County code blocking, such as .in for India and .cn for China, is a controversial technique.

On one hand, if you notice all your denial of service attacks come from China a great solution would be to block Chinese IP addresses and hosts from connecting to your server. If your website or community does not have Chinese visitors or markets itself to China, blocking all Chinese traffic is a good idea.

On the other hand, some folks believe blocking countries is immoral such as how China uses a Great Firewall of China to control the flow of information. China has billions of people on the Internet and blocking all of China may block visitors from your site, which could grow your website.

Installation of ConfigServer Firewall is very simple

Installation:

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

That’s it!

What I like so much about CSF is that it pulls offending IP addresses from DShield and SpamHaus, a spam blocking company, to put those IP addresses in iptables automatically. I run CSF on a personal website of mine and the results are wonderful. CSF has blocked numerous denial of service attempts against my server and my website did not go down for a second. However, this is because of additional measures I have done with the server and I will explain further in this ongoing series about blocking denial of service attacks.

Conclusion:
iptables can prevent and block some attacks but if the attack is overwhelming, such as 100-500k PPS, there is little or nothing you can do without intervention from the network administrator at your hosting provider or hiring a DDoS mitigation company. Your hosting provider can put you behind a firewall, offer you a DDoS proxy service, or offer a network administrator to fight the attack off but these options will cost you money short and long-term.

Author’s note: This is one part of a series of articles about how to stop, mitigate or prevent denial of service attacks