Anti flood protection?

Scott Galambos

• June 29, 2018 10:50

How do I make my cPanel v70.0.48 server block and IP that is connected more then say 50 times to all ports? I keep getting flooded by these bots scanning for Wordpress holes. A fancy netstat command I have will show the count of the connections. eg. 42.234.2.4 = 85 etc. I simply want to automatically csf deny when an IP is greater then like 75. I would need a whitelist too though. Does anything like this exist?

• 

  Infopro

  • June 29, 2018 17:07

  I simply want to automatically csf deny when an IP is greater then like 75. I would need a whitelist too though. Does anything like this exist?

  
  Yes, in CSF. There are built in options for port scanning. ;)

  0
• 

  Scott Galambos

  • June 29, 2018 17:20

  Is this the CONNLIMIT = "" setting in csf.conf? It not necessarily port scanning I'm trying to stop, its many hits to URLs on WP sites I'm trying to mitigate. So all connections are for port 80. If I do CONNLIMIT = "40" does that mean any single IP cannot connect more then 40 times to port 80/443?

  0
• 

  Infopro

  • June 29, 2018 17:24

  I can't explain CSF any better than the readme can:
  

  0

Please sign in to leave a comment.