So I came to Virtualmin from VHCS then ICP Omega then IMSCP so I’ve been using open source control panels for a while and two things:
- This project is great, and has great people running it and a great community
- I have been plagued with CPU Spikes from time to time which I can’t explain
Well after really diving into this for about a year and with some help from support tickets I think i’ve finally arrived at the point that these are DDOS attacks
They come on fast last a day or two days or less then miaculously clear up.
The load on the server could be 1.5 to 129!!! with a 1.9 Xeon 6 cores!
So I looked into Comodo and then Cloudflare but I dont know how many of you all are using ConfigServer Security & Firewall but I recommend it highly, it works with Virtualmin.
Easy to ban IPs you can set it up to auto ban ips based on criteria. But the thing I like the most is Ban all countries explicate or implicate.
Once installed if you are under attack you can dissallow all connections except by your home country, simplly with one line in the csf.conf
Just wanted to share it with the community!
David
This a piece of that file
Maxmind GeoLite Country database http://www.maxmind.com/app/geolitecountry
and entirely relies on that service being available
Specify the the two-letter ISO Country Code(s). The iptables rules are for
incoming connections only
Additionally, ASN numbers can also be added to the comma separated lists
below that also list Country Codes. The same WARNINGS for Country Codes apply
to the use of ASNs. More about Autonomous System Numbers (ASN):
http://www.iana.org/assignments/as-numbers/as-numbers.xhtml
You should consider using LF_IPSET when using any of the following options
WARNING: These lists are never 100% accurate and some ISP’s (e.g. AOL) use
non-geographic IP address designations for their clients
WARNING: Some of the CIDR lists are huge and each one requires a rule within
the incoming iptables chain. This can result in significant performance
overheads and could render the server inaccessible in some circumstances. For
this reason (amongst others) we do not recommend using these options
WARNING: Due to the resource constraints on VPS servers this feature should
not be used on such systems unless you choose very small CC zones
WARNING: CC_ALLOW allows access through all ports in the firewall. For this
reason CC_ALLOW probably has very limited use and CC_ALLOW_FILTER is
preferred
Each option is a comma separated list of CC’s, e.g. “US,GB,DE”
CC_DENY = “”
CC_ALLOW = “”
An alternative to CC_ALLOW is to only allow access from the following
countries but still filter based on the port and packets rules. All other
connections are dropped
CC_ALLOW_FILTER = “”