CSF/LFD, DenyHosts, Fail2Ban or other?

Discussion in 'Server Security' started by Rob, Nov 10, 2011.

?

Which add-on security tools do you use?

  1. CSF/LFD

    8 vote(s)
    57.1%
  2. DenyHosts

    4 vote(s)
    28.6%
  3. Fail2ban

    5 vote(s)
    35.7%
  4. cPHulk

    2 vote(s)
    14.3%
  5. iptables

    10 vote(s)
    71.4%
  6. Other

    3 vote(s)
    21.4%
Multiple votes are allowed.
  1. Rob

    Rob Administrator Staff Member

    Messages:
    575
    Likes Received:
    233
    Trophy Points:
    43
    Do you use security add-on tools like the configserver firewall, denyhosts, fail2ban, cphulk, etc..? If so, which one(s) and why? Have you tried the others?

  2. Rob

    Rob Administrator Staff Member

    Messages:
    575
    Likes Received:
    233
    Trophy Points:
    43
    To answer my own question ;)

    I'm using and have used all of these on different servers.. my favorite right now is probably csf/lfd, but a close second is denyhosts.
  3. tomfmason

    tomfmason New Member Staff Writer

    Messages:
    22
    Likes Received:
    6
    Trophy Points:
    0
    I use a combo: IPtables, Fail2ban, and Shorewall
  4. MustangV10

    MustangV10 New Member

    Messages:
    87
    Likes Received:
    3
    Trophy Points:
    0
    I use CSF/LFD. It's got tons of features for free software, and it's development cycle is pretty good too. Some new features added recently that I like.
  5. DaReaper

    DaReaper New Member

    Messages:
    184
    Likes Received:
    3
    Trophy Points:
    0
    I use CSF/LFD on my webserver. I think it has it's own set of iptables and rules. It's very reliable when your server is under attacks like Syncflood or a Dos attack.

    However i've disabled LFD from mailing me cause i get tons of emails saying that one or the other process is using too much memory. Well i've tried to check what's causing it and fixed most of them. Some were related to php-cgi eating up a lot of memory.

    I think the Kloxo panel uses it's own kind of security for failed login attempts. I don't know if it's fail2ban but i'm guessing it does the same function.

    Additionally I also use a Rootkit scanner - chkrootkit - http://www.chkrootkit.org/
  6. ehansen

    ehansen New Member Staff Writer

    Messages:
    115
    Likes Received:
    11
    Trophy Points:
    0
    I chose iptables and fail2ban because of their integration with each other, but I have to say thank you so much for mentioning CSF/LFD. I never heard of this system/tool before but I reviewed it a little bit and am going to load it into a VM tonight and see what this bad boy can do. Its amazing at how this very powerful tool can be free.
  7. Rob

    Rob Administrator Staff Member

    Messages:
    575
    Likes Received:
    233
    Trophy Points:
    43
    Careful.. We've noticed it sometimes will hang a xenserver vps w/cent 64 on it.. couldn't figure that one out..
  8. ehansen

    ehansen New Member Staff Writer

    Messages:
    115
    Likes Received:
    11
    Trophy Points:
    0
    It wouldn't be put out into production anyways until I figured it being a valid candidate, but I'll definitely keep that in mind, especially if I decide to use it as part of my security platform. Thanks for the heads up!
  9. Rob

    Rob Administrator Staff Member

    Messages:
    575
    Likes Received:
    233
    Trophy Points:
    43
    We had probably 10 production servers running it clustered and each would lock up about twice/month at different times.

    Most ppl never see this issue..
  10. ehansen

    ehansen New Member Staff Writer

    Messages:
    115
    Likes Received:
    11
    Trophy Points:
    0
    Did you ever find the cause of the issue? I remember when I was working at a hosting company around here and there was one XenServer account that would crash the entire server...their website was using up too much memory due to poor programming on their website.
  11. Rob

    Rob Administrator Staff Member

    Messages:
    575
    Likes Received:
    233
    Trophy Points:
    43
    Nope.. when we removed csf/lfd the lockups stopped. Nothing in the logs..
  12. ehansen

    ehansen New Member Staff Writer

    Messages:
    115
    Likes Received:
    11
    Trophy Points:
    0
    Hm, weird. Could've been the same issue, who knows, lol. I'll take it into consideration though, because my server is quite underpowered performance-wise (though it does meet my needs so I can't complain).
  13. Rob

    Rob Administrator Staff Member

    Messages:
    575
    Likes Received:
    233
    Trophy Points:
    43
    We updated xenserver - testing csf/lfd on a couple boxes again to see if anything changed..
  14. Debian.VN

    Debian.VN New Member

    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    This poll should not separate CSF/LFD with iptables, because CSF/LFD is being based on iptables.
  15. Rob

    Rob Administrator Staff Member

    Messages:
    575
    Likes Received:
    233
    Trophy Points:
    43
    Well, it is separated out because some just use standalone iptables rules though :)

Share This Page