fail2ban vs sshguard vs csf

Joined
May 20, 2016
Messages
61
Best answers
0
Ratings
3
Points
0
#1
Can I use (fail2ban and csf) or (sshguard and csf) on a same server? Which one do you think is better to prevent your VPS from Brute Force Attacks or DDOS attacks?
 

LJSHost

Well-known member
Joined
Jul 5, 2016
Messages
1,031
Best answers
0
Ratings
202
Points
63
#2
I would just pick one solution as go with it. CSF is very decent, port monitoring and dynamic firewall updates in one nice very configurable little package.
You should have no problems running fail2ban along side CSF for an additional layer of security, but not much reason to do so.
 

24x7CSM

Well-known member
Joined
Sep 27, 2016
Messages
225
Best answers
0
Ratings
30
Points
28
#3
CSF is always recommended as it can be configured and optimized. A perfectly tuned CSF can mitigate DDOS attacks too at a certain level and you always have full control since its easy to administrate too.
 
Joined
Jan 13, 2017
Messages
25
Best answers
0
Ratings
1
Points
0
#4
A while back when I was talking to someone about setting up my first VPS they recommended fail2ban and csf. That's what I am planning on using unless I find out otherwise.
 

podo609

New member
Joined
Jan 17, 2017
Messages
3
Best answers
0
Points
0
#5
CSF - I am using centinmod and have no problem with sites going down.
 

eva2000

Well-known member
Joined
Jan 14, 2017
Messages
164
Best answers
0
Ratings
55 5
Points
28
#6
Indeed Centmin Mod LEMP stack auto installs and configures CSF firewall. I highly recommend CSF firewall as it has never failed me !

Been using CSF for over a decade now :)
 

DaRecordon

Well-known member
Joined
Oct 7, 2016
Messages
138
Best answers
0
Ratings
5
Points
18
#7
DaRecordon
My reseller hosting provider installed fail2ban on my hosting and i didn't see sshguard or csf is recommended there, it can depends on each provider or user.

CSF can run as well on your system but not mean it will work perfectly on other systems.
 

hostens

Well-known member
Joined
Jan 18, 2017
Messages
192
Best answers
2
Ratings
73 9
Points
28
#8
I prefer CSF mainly because of their integration with control panels and also functionality.
 

hfav

Active member
Joined
Jan 18, 2017
Messages
83
Best answers
0
Ratings
4
Points
8
#9
We use CSF and Fail2Ban.

CSF for Firewall rule
Fail2Ban for to ban user for 24 hrs.
 

LJSHost

Well-known member
Joined
Jul 5, 2016
Messages
1,031
Best answers
0
Ratings
202
Points
63
#10
LJSHost
CSF does include LFD now so not much point having multiple login failure demons imo :sad_no: CSF can do it all :D
 

hfav

Active member
Joined
Jan 18, 2017
Messages
83
Best answers
0
Ratings
4
Points
8
#11
hfav
We have been using Fail2ban for long time. We have a lot of scripts and API integrated with our billing software.

It not easy to move to LFD for us. Our Fail2ban jail.conf has a lot of iptables config for Hosting, Asterisk, SIP port etc.

We always copy CSF config to our new server and configure Fail2ban for according to server's rule (Proxy, Media, etc).
 

LJSHost

Well-known member
Joined
Jul 5, 2016
Messages
1,031
Best answers
0
Ratings
202
Points
63
#12
If you are already very integrated with Fail2Ban I understand. All solutions discussed here are great, in response to the OP each product has it's advantages and some do things better than others but overall I think all the products mentioned in this thread have balance and a best place for use depending on requirements.
 

Dewlance

Well-known member
Joined
Dec 20, 2014
Messages
102
Best answers
0
Ratings
19 1
Points
18
#14
I prefer CSF because of its so easy to use, debug and fix problems and alternative of Fail2ban is Mod_Security(For protecting attack from hackers, etc but of-course I am not comparing that both are same but just a alternative of customized rules for protecting site.)

CSF is best, They are improving it and main reason is its easy to use it comparing to any other firewall.
 
Joined
Oct 24, 2016
Messages
47
Best answers
0
Ratings
3
Points
0
#16
Yes, you can use fail2ban and csf in the same sever . Mainly for brute force attack.
 

David Beroff

Well-known member
Joined
Jun 14, 2016
Messages
981
Best answers
0
Ratings
86 1
Points
28
#20
David Beroff
I am using csf on my VPS but notifications from my hosting control are showing there are so many brute force attacks there, seem csf only can decrease number of brute force attacks without stopping it completely.
 
Joined
Oct 2, 2016
Messages
62
Best answers
0
Points
0
#17
You can install them both however, CSF should be sufficient enough. CSF can be extensively customised.
 
Joined
May 20, 2016
Messages
61
Best answers
0
Ratings
3
Points
0
#18
Indeed Centmin Mod LEMP stack auto installs and configures CSF firewall. I highly recommend CSF firewall as it has never failed me !

Been using CSF for over a decade now :)
We use CSF and Fail2Ban.

CSF for Firewall rule
Fail2Ban for to ban user for 24 hrs.
I would just pick one solution as go with it. CSF is very decent, port monitoring and dynamic firewall updates in one nice very configurable little package.
You should have no problems running fail2ban along side CSF for an additional layer of security, but not much reason to do so.
You can install them both however, CSF should be sufficient enough. CSF can be extensively customised.
After installed CSF and enabled it

Do I need to have advanced configuration to make it run better for protecting from bots and brute force attacks?
 

HostBastic

Well-known member
Joined
Nov 17, 2016
Messages
317
Best answers
1
Ratings
39 2
Points
28
#19
HostBastic
CSF Firewall comes with a login authentication failure daemon and is able to recognize most unauthorized attempts to gain access to your server. There are several applications which are supported by default such as cPanel, however you can also define your own login files. Its advisable that you perform some custom port configuration.
 
Joined
Oct 16, 2017
Messages
55
Best answers
0
Ratings
1
Points
8
#24
CSF is an excellent solution for most situations. Imunify360 from the CloudLinux team is also worth considering, can get expensive if you have a lot of servers though.
 
Last edited:
Joined
May 20, 2016
Messages
61
Best answers
0
Ratings
3
Points
0
#25
CSF Firewall comes with a login authentication failure daemon and is able to recognize most unauthorized attempts to gain access to your server. There are several applications which are supported by default such as cPanel, however you can also define your own login files. Its advisable that you perform some custom port configuration.
I am only wondering why I configure number of login fails with csf but I still see message about IP address still bypassed that.

CSF is an excellent solution for most situations. Imunify360 from the CloudLinux team is also worth considering, can get expensive if you have a lot of servers though.
I never heard about Imunify360, I will try to check it out and see how it work.
Does it only work with CloudLinux?
 
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top