CSF/LFD, DenyHosts, Fail2Ban or other?

Discussion in 'Server Security' started by Rob, Nov 10, 2011.

?

Which add-on security tools do you use?

  1. CSF/LFD

    8 vote(s)
    57.1%
  2. DenyHosts

    4 vote(s)
    28.6%
  3. Fail2ban

    5 vote(s)
    35.7%
  4. cPHulk

    2 vote(s)
    14.3%
  5. iptables

    10 vote(s)
    71.4%
  6. Other

    3 vote(s)
    21.4%
Multiple votes are allowed.
  1. Rob

    Rob Administrator Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    608
    Likes Received:
    271
    Do you use security add-on tools like the configserver firewall, denyhosts, fail2ban, cphulk, etc..? If so, which one(s) and why? Have you tried the others?

     
  2. Rob

    Rob Administrator Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    608
    Likes Received:
    271
    To answer my own question ;)

    I'm using and have used all of these on different servers.. my favorite right now is probably csf/lfd, but a close second is denyhosts.
     
  3. tomfmason

    tomfmason New Member Staff Writer

    Joined:
    Nov 3, 2011
    Messages:
    22
    Likes Received:
    6
    I use a combo: IPtables, Fail2ban, and Shorewall
     
  4. MustangV10

    MustangV10 New Member

    Joined:
    Nov 11, 2011
    Messages:
    87
    Likes Received:
    3
    I use CSF/LFD. It's got tons of features for free software, and it's development cycle is pretty good too. Some new features added recently that I like.
     
  5. DaReaper

    DaReaper New Member

    Joined:
    Jan 14, 2012
    Messages:
    183
    Likes Received:
    4
    I use CSF/LFD on my webserver. I think it has it's own set of iptables and rules. It's very reliable when your server is under attacks like Syncflood or a Dos attack.

    However i've disabled LFD from mailing me cause i get tons of emails saying that one or the other process is using too much memory. Well i've tried to check what's causing it and fixed most of them. Some were related to php-cgi eating up a lot of memory.

    I think the Kloxo panel uses it's own kind of security for failed login attempts. I don't know if it's fail2ban but i'm guessing it does the same function.

    Additionally I also use a Rootkit scanner - chkrootkit - http://www.chkrootkit.org/
     
  6. ehansen

    ehansen New Member Staff Writer

    Joined:
    Jan 5, 2012
    Messages:
    115
    Likes Received:
    12
    I chose iptables and fail2ban because of their integration with each other, but I have to say thank you so much for mentioning CSF/LFD. I never heard of this system/tool before but I reviewed it a little bit and am going to load it into a VM tonight and see what this bad boy can do. Its amazing at how this very powerful tool can be free.
     
  7. Rob

    Rob Administrator Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    608
    Likes Received:
    271
    Careful.. We've noticed it sometimes will hang a xenserver vps w/cent 64 on it.. couldn't figure that one out..
     
  8. ehansen

    ehansen New Member Staff Writer

    Joined:
    Jan 5, 2012
    Messages:
    115
    Likes Received:
    12
    It wouldn't be put out into production anyways until I figured it being a valid candidate, but I'll definitely keep that in mind, especially if I decide to use it as part of my security platform. Thanks for the heads up!
     
  9. Rob

    Rob Administrator Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    608
    Likes Received:
    271
    We had probably 10 production servers running it clustered and each would lock up about twice/month at different times.

    Most ppl never see this issue..
     
  10. ehansen

    ehansen New Member Staff Writer

    Joined:
    Jan 5, 2012
    Messages:
    115
    Likes Received:
    12
    Did you ever find the cause of the issue? I remember when I was working at a hosting company around here and there was one XenServer account that would crash the entire server...their website was using up too much memory due to poor programming on their website.
     
  11. Rob

    Rob Administrator Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    608
    Likes Received:
    271
    Nope.. when we removed csf/lfd the lockups stopped. Nothing in the logs..
     
  12. ehansen

    ehansen New Member Staff Writer

    Joined:
    Jan 5, 2012
    Messages:
    115
    Likes Received:
    12
    Hm, weird. Could've been the same issue, who knows, lol. I'll take it into consideration though, because my server is quite underpowered performance-wise (though it does meet my needs so I can't complain).
     
  13. Rob

    Rob Administrator Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    608
    Likes Received:
    271
    We updated xenserver - testing csf/lfd on a couple boxes again to see if anything changed..
     
  14. Debian.VN

    Debian.VN New Member

    Joined:
    Jun 18, 2013
    Messages:
    6
    Likes Received:
    0
    This poll should not separate CSF/LFD with iptables, because CSF/LFD is being based on iptables.
     
  15. Rob

    Rob Administrator Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    608
    Likes Received:
    271
    Well, it is separated out because some just use standalone iptables rules though :)
     

Share This Page