I have CSF installed on all server and since last month I am receiving attacks with 15~30Mbps traffic and with CSF enabled the server crash, I need to access with KVM and disable the CSF than the server back to respond.
I am already enable SYN flood protection but not resolved.
Changed the size of tables of conntrack and not resolved(echo 65535 > /proc/sys/net/nf_conntrack_max). The server have 1Gbps bandwidth.
Have a solution to this? CSF can block this attacks? See part of logs:
Firewall: *TCP_IN Blocked* IN=em1 OUT= MAC=00:a0:d1:eb:a5:d8:74:8e:f8:28:52:00:08:00 SRC=104.237.132.104 DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=38558 PROTO=TCP SPT=61475 DPT=0 WINDOW=512 RES=0x00 SYN URGP=0
Firewall: *SYNFLOOD Blocked* IN=em1 OUT= MAC=00:a0:d1:eb:a5:d8:74:8e:f8:28:52:00:08:00 SRC=104.237.132.104 DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=420 PROTO=TCP SPT=1866 DPT=0 WINDOW=512 RES=0x00 SYN URGP=0
Firewall: *TCP_IN Blocked* IN=em1 OUT= MAC=00:a0:d1:eb:a5:d8:74:8e:f8:28:52:00:08:00 SRC=104.237.132.104 DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=59084 PROTO=TCP SPT=14681 DPT=0 WINDOW=512 RES=0x00 SYN URGP=0
Firewall: *SYNFLOOD Blocked* IN=em1 OUT= MAC=00:a0:d1:eb:a5:d8:74:8e:f8:28:52:00:08:00 SRC=104.237.132.104 DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=19067 PROTO=TCP SPT=20818 DPT=0 WINDOW=512 RES=0x00 SYN URGP=0
Firewall: *TCP_IN Blocked* IN=em1 OUT= MAC=00:a0:d1:eb:a5:d8:74:8e:f8:28:52:00:08:00 SRC=104.237.132.104 DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=4230 PROTO=TCP SPT=26995 DPT=0 WINDOW=512 RES=0x00 SYN URGP=0
Firewall: *SYNFLOOD Blocked* IN=em1 OUT= MAC=00:a0:d1:eb:a5:d8:74:8e:f8:28:52:00:08:00 SRC=104.237.132.104 DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=65496 PROTO=TCP SPT=32956 DPT=0 WINDOW=512 RES=0x00 SYN URGP=0
Server run cpanel, cloudlinux 6.5
CSF crash the server on receiving attacks
Re: CSF crash the server on receiving attacks
Blocking IP with "csf -d" not resolve too...