I would suggest CSF and I can help you - the install process is easy and it watches everything.
And if you later have more servers you can configure it to cluster and block i.p.'s across your cluster.
It notifies you of ssh access, sudo su access.
I have directories that should never change (web) it watches them - if potential hack does occur I know in real time.
It beats LxGuard every time. I have LxGuard set to 5 - CSF to 10. CSF always blocks the i.p. before LxGuard. I think it deals with when and how frequent it reads the logs.
Memory is minimal - processes are minimal. (although it is running so it does take a small footprint)
If you need help let me know. There are some rules for csf.pignore Kloxo specific so you don't get a million emails about "suspicious process".
I learnt most from hours of research and trial and error. But I know that CSF blocks about 10 i.p.'s a day (temporary blocks) for port scanning. (10 hits on ports not available)
I am interested in this one <!-- s;) --><!-- s;) -->
Do you have any tutorial?
Hi Christopher,
I have Kloxo-MR on Nginx.
1. Can you help me with CSF? Your tutorial link is dead.
2. In this thread, MRatwork stated that "All my servers not use IPTables/CSF because I think if using nginx-proxy we already have protect by nginx. Kloxo-MR panel (also Kloxo) have lxguard to protect ssh and ftp port."
On webhosting talk people say that you better have a good firewall if you disable IPtables. My IPtables are enabled and websites are on Cloudflare but that didn't prevent ddos attack.
I want to do everything I can to prevent ddos, especially after reading Mratwork's post at
http://forum.mratwork.com/kloxo-mr-technical-helps/help-fix-admin-misconfiguration-to-protect-real-ip-address-on-cloudflare/msg27943/#msg279433. Can you use CSF as as 'GUI for SSH' like Webmin?
FYI: I'm a total newbie to ssh and I'd like to run commands and fix problems myself (with forum users help). Mratwork told me that I have no ssh access because SolusVM java applet is not updated to use for ssh: "Latest java applet used by Kloxo-MR as the same as java applet by Virtualizor. Old java applet is 'sshterm-applet' and the new one is 'jcterm'. Only SolusVM able to change this applet in their product."