Registered Users: 7415
How Cloudflare, CSF, cPHulk, and Imunify work together.
The Shield
Stops attacks before they reach your server. Handles massive DDoS and hides your real IP.
The Gatekeeper
Blocks bad IPs that touch your server ports. Stops port scans, SYN floods, and high connection rates.
The Bouncer
Protects Login Pages (cPanel, WHM, SSH, FTP). If someone guesses passwords too many times, they get locked out.
The Doctor
Scans files inside the website. Finds malware, viruses, and PHP exploits that slipped past the firewall.
| Tool | Role | Protects Against |
|---|---|---|
| Cloudflare | External Shield | Large Volumetric DDoS (GBs/sec), masking Server IP. |
| CSF / LFD | Network Firewall | Packet floods, SYN attacks, Port scanning, Bogus TCP connections. |
| cPHulk | Login Guard | Brute force on passwords (trying "admin/12345" 100 times). |
| Imunify | Antivirus/WAF | Malicious scripts, infected files, SQL injection, Web shells. |
Reviewing your core firewall settings for stability and security.
Your configuration is set to Production Mode. Below is the explanation of why these specific values are correct.
| Setting Name | Value | What it means for your server |
|---|---|---|
| TESTING | "0" (OFF) | Production Mode. If this were "1", the firewall would automatically clear all rules every 5 minutes (to prevent locking yourself out). Setting it to "0" ensures protection stays ON permanently. |
| LF_DAEMON | "1" (ON) | Login Failure Daemon. This enables the "active" part of the firewall. While CSF holds the shield, LFD watches for attackers trying to guess passwords and bans them. |
| RESTRICT_SYSLOG | "1" (ON) | Log Flood Protection. Prevents local users or hacked scripts from flooding your system logs (`syslog`), which could fill up your hard drive or hide real attack evidence. |
| SAFECHAINUPDATE | "1" (ON) | Seamless Updates. When LFD bans an IP, it updates the firewall rules. With this ON, it updates the rules "safely" without momentarily dropping legitimate connections. |
| LF_DSHIELD | "1" (ON) | Community Blocklist. Your server automatically downloads a list of "known bad IPs" from the DShield network and blocks them before they even touch you. |
LF_DSHIELD, make sure you also enable LF_SPAMHAUS (set to "1") if you want to block known spammers as well.
