DDoS ( Distributed Denial of Services attacks ) as they are commonly known as, are among the most common threats that can take a website or even an entire server offline.
What is a DDoS attack?
Before checking on how to defend DDoS attack, let’s first see what it is.
DDoS tries to shutdown a business by sending huge amount of traffic to the website. With too many hits to the website, server will not be able to handle the traffic. This further causes site slowness and eventually website stops working. Also, this often causes network congestion. Thus, it can affect all the servers in the network.
So, a proper DDoS protection mechanism is really important for all server providers.
How to block DDoS attacks
The easiest way to protect a server from DDoS attacks is to use an external service, such as Cloudflare. Even the free tier of Cloudflare includes basic DDoS protection, with more sophisticated mechanisms available in the paid plans.
However, there are cases when external services can’t be used, for various reasons. Let’s see how the tools already available in cPanel WHM or Cyberpanel can limit the effect of a DDoS attack on the server.
Luckily, cPanel and Cyberpanel supports a firewall called CSF (Config Server Security & Firewall).
If you don’t have preinstalled CSF then As the root user, install CSF with these terminal commands:
cd /usr/src rm -fv csf.tgz wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf && ./install.sh
The Cpanel WHM plugin interface is found in Home >> Plugins >> ConfigServer & Firewall.
In CyberPanel interface is found in Security. Click on CSF. First time Install or Setup. After that go to Security >> Firewall
CSF is a very complex and powerful firewall, with many options. A detailed configuration walkthrough is outside of the scope of this article, but let’s see which CSF features can stop a DDoS attack.
Click on the csf tab and then scroll down and click on Firewall Configuration.
From the drop-down menu, select Connection Tracking.
The CT_LIMIT value sets a maximum limit of connections allowed from a single IP address, while CT_INTERVAL sets the number of seconds between scans.
There are many other settings that you can tweak here, for example CT_BLOCK_TIME controls the temporary ban duration (in seconds) for offending IPs.
Additional anti-DDoS mechanisms can be configured in the Port Scan Tracking section, such as Syn Flood Protection (a Layer 4 attack). You can also define custom rules for specific ports (check the CSF documentation for the correct syntax).
Improper settings can cause legitimate users to be banned or cause significant server load or network latency. It is a good idea to start with the default values and adjust them as needed.
Please also keep in mind that even the best protected websites in the world can still be vulnerable to a well-orchestrated DDoS attack. However, the steps described in this article can offer decent protection to a Cpanel and Cyberpanel server and limit the damage done by normal attacks.