Install and configure CSF firewall

How to download and install csf firewall on linux/cPanel server.

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

CSF will get install in /etc/csf directory. Once installation is done you need to edit csf.conf file from this directory.

vi /etc/csf/csf.conf

then find keyword TESTING by default testing mode is enabled . When this is enabled csf will turn off automatically after 5 mins. So you need to disable it by setting TESTING to 0.

change line number 11. (If you are using vi editor then hit command vi /etc/csf/csf.conf > ESC key > hit key / > type ^TESTING This will find line starting with word TESTING)

TESTING = “1”  to TESTING = “0”

Then restart csf using command

csf -r

In case you are using cPanel server you will need open FTP passive port range 30000:50000 in TCP_IN section.

Search keyword ^TCP_IN (Line starting with word TCP_IN)

Add FTP passive port range at end of the following line.

Change from 
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
to
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,30000:50000"

Restart csf using command

csf -r

Change rdp port number

How to change Remote desktop port ie. RDP port on windows server.

Hacker do have brute force script which try to access windows server using standard RDP port which is 3389. If you check logs on your windows server you will find Unauthorized persons tried to access server using standard RDP port hundreds of times from different country some times their attempt is more than 10000+ times in a day.

To secure server it is recommended to change standard port from 3389 to something else like 32000. You can choose any port which is not in use from range 1-65000.

 

How to change Remote desktop port. Start > Run > regedit > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\ > On right hand side search for PortNumber . Right click on portnumber > Modify > select decimal > It will show you default port 3389 . Change it to something else like 32000 and click okay.

 

Then go to start > Search  > Control panel > Windows firewall > On left hand side > Click on Advance Setting > Right click on Inbound Rules (Left hand side panel) > New Rule > Port > Check TCP and Specific port >  put 32000 > Next > check “Allow the connection > Next > Next > Name rule like Custom RDP port > Hit Finish.

Now more remote desktop connection application from start > Remote desktop connection > Enter Computer as Server-IP:32000. If your server IP is 10.10.10.32 then put Computer as 10.10.10.32:32000 > Hit connect.

 

 

Block sites without firewall on windows

Block web sites without firewall on windows.

Here, we will learn on how to block web sites for your personal computer ie. outgoing traffic to a site. Make sites inaccessible via your window server/PC.

Here server either it is linux or windows has a hosts file. It map hostname to IP address. Suppose abc.com has IP 10.10.10.10 and you don’t this site accessible using particular server.

You need to open hosts file using text editor as administrator.

Steps to open hosts file as administrator.

Click on windows > Start > search > notepad > Right click on notepad > Run as administrator.

Then click on file > open > Go to C:\Windows\System32\drivers\etc\hosts

Add following line in it.

127.0.0.1 abc.com

This will route abc.com to 127.0.0.1 for your server/PC. Since no such site hosted on your PC (127.0.0.1 referred as your local IP) it will not load.