What firewall to put the server?

Advise what firewall to put on the server, the server hangs a few sites with poor access and asterisk, everything worked 4 years, and recently the server crashed, the host has disabled it for the excess load. I think someone is breaking the server, I advise a simple solution as I am not a very advanced user in Linux.
July 8th 19 at 15:28
3 answers
July 8th 19 at 15:30
For the beginning to correctly configure IPTABLES and block access for incoming connections.
The host I recommend www.woktron.com/secure/knowledgebase/77/Installati...

I understand that this is the same iptables but with a shell? - sarah_Bashirian commented on July 8th 19 at 15:33
: From CSF did not face. Judging by the description it has a flexible system of settings and working with hosting control panels. In fact, the addition to iptables. - Henderson9 commented on July 8th 19 at 15:36
: if I don't have these panels, I won't need it. Right? - sarah_Bashirian commented on July 8th 19 at 15:39
- Integration into the panel as an extra element. The firewall works with hosting control panels, and without them. - Henderson9 commented on July 8th 19 at 15:42
July 8th 19 at 15:32
Firewall will not help in this case.

Firewall is a protection already on the server. That is, the packages went to your VDS and you know, it is necessary to you or not.

Hoster turns off if the load goes to the channel to the server. A filter channel TO the server you can't - you just will not give access to equipment data center.

Are there any solutions in this situation:

To determine whether this is DDoS or normal load.
Maybe the project has grown and it is time to move to Dedicated? There and the channel is thicker and more stock.
- If it is still DDoS, update the host if they have any partners in any firm for protection from DDoS, you can usually get a discount. Then AT the beginning of the transfer the sites to another server, say the IP firm for the DDoS protection and change the DNS records as they say. It is necessary that the attacker didn't recognize our new IP.
The projects has not increased.
Ddosить the website of city club of fans of cats makes no sense, err on the asterisk, maybe the Chinese or someone just hammer with a bust passwords.
Hoster help especially to can, small burzhuinskie... actually I don't know what server, at some point fall, they tinkered restarted Apache, network, etc., I suggested that someone can hammer, they jumped at the idea, they say, but rather, adjust firewall.. - sarah_Bashirian commented on July 8th 19 at 15:35
: If you suspect this, then Yes, you need a firewall

Just iptables deny all ports except 80, 443 and ports Aterisk (alas, I don't know what ports it uses). Transfer SSH at some distant port (30000+) and let him hang himself there.

Ban login via SSH by password and the ban on login under root. You should also look at fail2ban. - Henderson9 commented on July 8th 19 at 15:38
I looked at (top) the problem is apache2. how can I find a website attack? or where can I see the ip of those attacks? - sarah_Bashirian commented on July 8th 19 at 15:41
The IP will log access.log Apache, or access.log site, more to say - look at tuning Apache.
At the attacked website - you can try to use apachetop or make you run php using fast-cgi, and for each site to run fast-cgi from the individual user.
Then the load will see the problematic website.

Nginx in front of apache installed? - Henderson9 commented on July 8th 19 at 15:44
thank you. Understood. someone from Chile hollowed from a single IP. Blocked. Everything was adjusted, probably a student of some kind)) that ip is already in the databases lit.
Nginx is not worth it. - sarah_Bashirian commented on July 8th 19 at 15:47
Put, the burden will fall much :) - sibyl_Pur commented on July 8th 19 at 15:50
with time, we must also understand what and how - sarah_Bashirian commented on July 8th 19 at 15:53
July 8th 19 at 15:34

Find more questions by tags LinuxDebian