Hello. I have a dedicated server. And I have linux OS with WHM. I am facing problem with the attacks on server. And i tired with blocking the ip's manually. And i installed the firewall Security & Firewall - csf v4.78. But put the security level high. But the attacks can not be stopped. i am facing this kind of attacks. How can i stopped them with this firewall. Thank You.
What kind of attacks are you getting? Just random probes, or bonafide, business impacting attacks? If they are just random probes, these things happen. The Internet is full of bots that scour the Internet looking for vulnerabilities. Otherwise, how EXACTLY are you being attacked?
That's a lot of connection for that IP. Firewalls can only protect from low end attacks, because even though you have the IP blocked, it still is accessing your server, and the server is what drops the connection. I would suggest your email your host and ask them to null route that IP, as they can do it prior to it hitting your server.
before some time i contacted with the hosting provider. theplanet they say that these are the spoof attacks. And we are not able to stop them at all. Because ip's change time to time. Is there some one that face this kind of problem and control them at all.I am not able to block them manually. In every 20 mints i got an attack. I need some serious help. If any one help me i will be very thankful to him/her. ThPlanet experts did not response for this issue. I have a firewall with high level security and some other protection modes. I have a lot of traffic. My site is one of the largest sites of the world. But this problem down the server. And some times it hang the server if we did not block them manually. So I request all the intelligent members of this forum or some expert that are handling this site give me suggestion to control it. Thanks
Have you installed mod_evasive yet? It will also help in multiple requests within a time frame, and is configurable.
Check through your CSF configuration file. I believe you can set it to automatically block IP's based on X connections over Y time. Be sure to restart CSF after making any changes.