Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted September 18, 201212 yr Hey guys... What do you people think to using APF as the security firewall on a dedicated server? I had to uninstall ConfigServer Firewall (CSF) on my Linux CentOS 6 dedicated server because it kept randomly banning my IP for some odd reason. So I uninstalled it, tried to install/download Fail2Ban but failed, it wouldn't download using the "wget" command. So I installed APF instead, seems to be working etc. But I'd like to know is APF as good as CSF and/or Fail2Ban? If not, which do you Linux dedi guru's recommend? Thanks.
September 18, 201212 yr well first I am not a guru by any definition... :smile: have not had issue with csf but had heard this happened to some. by any chance were you using the dyndns function of CSF? I did also whitelist my ip in csf and cpanel cphulk. have not tried APF so would be interested in peoples opinions too. currently using csf, mod_security (with the csf plugin) and mod_evasive (and suhosin) with no issues but always interested in anything that may be better.
September 18, 201212 yr Author Well that's it. I've whitelisted my IP but still it gets banned even with my IP in the whitelist.
September 18, 201212 yr LOL that ain't right but you knew that :) did you also add the ip to lfd csf.ignore? basically add ip in 2 spots. only time I had read about this happening (when added to both) was when there was dyndns issue ( the SECTION:Global Lists/DYNDNS/Blacklists area ) so I stayed away from that.
September 18, 201212 yr thats just odd. I had cpanel cphulk do it to me once, took me hour to figure out it wasn't csf doing it to me. since csf and apf are just front ends for iptables and apf does not do it I would suspect lfd section. as far as I can tell on cpanel servers people prefer csf due to its whm integration but for no panel people seem to have no real preference. I had been wondering about fail2ban myself though, planned to look into it this week actually.
September 18, 201212 yr Author Yeah, I've been told F2B is quite good, but when attempting to wget the download link it fails to get it. :blink:
September 18, 201212 yr Author I'm going try CSF once more, if it bans my IP randomly again I'll try F2B.
September 18, 201212 yr it should generate email for root when it bans to tell you why, that may help lead you to the root cause. I am using the preset strictest settings. are you using cpanel? if so I wonder if the strict cookie setting may be driving this.
September 18, 201212 yr CSF is what I recommend, if it bans your IP there will be a log of why, just look at the blocked list etc, it should also be whit listing the install and configure IP as well, if not you can do this manually, add it to the ignore and white list to be safe.
September 21, 201212 yr Just one important and often overlooked point - after adding your IP to the whitelist you did execute "csf -r" and "service lfd restart" to reload the config right? (Restarting csf does not restart lfd, so any changes you make don't apply to that until you seperately restart it).
September 21, 201212 yr Author I did this also, yes. At the moment all seems fine. It has not banned my IP as of yet.
Archived
This topic is now archived and is closed to further replies.