What is cPFence Owl™ / DDos Protection ?

cPFence Owl Monitoring Features

cPFence Owl™ offers comprehensive monitoring features to keep your server secure and running smoothly. Our DDos protection module instantly blocks any IP with more than 100 concurrent connections to the server. It is designed to block aggressive IPs that repeatedly attempt attacks. Initially, the block is temporary, but if the same IP triggers multiple attacks, it results in a permanent block, and our IPDB is updated accordingly so all servers get the latest protection. Here are the key features and configurable settings:

Features

  1. Smart Process Monitoring:

    • Continuously monitors server processes 24/7, detecting high loads and potential threats.
    • Automatically adjusts scan speed based on server load, ensuring minimal impact on performance.
    •  
  2. Instant Malware Blocking:

    • Provides an extra layer of protection for real-time protection module by blocking common malware immediately.
    •  
  3. Automated Actions & Notifications:

    • Takes automated actions when suspicious activity is detected, such as analyzing processes or blocking IPs.
    • Sends notification emails when certain thresholds are exceeded, ensuring you are informed of critical issues.
    •  

Configurable Settings

Setting for this module can be found in the main configuration file :

/opt/cpfence/config.conf
  • Email Notifications:

    • EMAIL_RECIPIENT: Specifies the recipient email address for notifications. By default it's empty but you can set it using the command :
cpfence --set-email [email protected]

  • Owl Monitoring System


    Owl monitoring system with no CPU/RAM footprint. Highly recommended. Possible options on / off , Default is on

    CPFENCE_OWL="on"

    The cPFence Owl - Blacklisted Users

    This feature allows you to manage and optimize MySQL server resources by automatically terminating long-running queries from specified users. This is particularly useful for preventing poorly coded scripts or queries from monopolizing server resources. You can blacklist specific MySQL usernames or entire accounts by adding them to the BLACKLISTED_USERS variable in the configuration file. Additionally, you can set a maximum execution duration (MAX_EXECUTION_DURATION), defining how long a query can run before it is terminated. This feature helps maintain optimal server performance and prevents resource hogging by misbehaving scripts.

    Example Configurations :

    ==============================================================================
    # cPFence Owl - Blacklisted Users
    # ==============================================================================
    # This section configures the MySQL query termination functions within
    # the cPFence Owl module. The functions are designed to terminate long-running
    # MySQL queries for users specified in the blacklist, helping to prevent
    # poorly coded scripts and queries from monopolizing MySQL server resources.
    #
    # To identify the current MySQL usernames on your server, execute the following command as root:
    # mysql -e "SELECT user, COUNT(*) AS login_count FROM mysql.user GROUP BY user ORDER BY login_count DESC;"
    #
    # Add the usernames to the BLACKLISTED_USERS variable below, separated by |, e.g., BLACKLISTED_USERS="username1|username2"
    # You can either add a specific database username to blacklist a single database,
    # or use the account username to blacklist all databases associated with that account.
    # Specify the maximum allowed duration (in seconds) for a query or script to be considered "long":
    BLACKLISTED_USERS="Username1_|Username2_|Username3_"
    MAX_EXECUTION_DURATION="30"
  • Thresholds:

    • CPULoadAverageThreshold: Sets the CPU load average threshold to trigger notifications. Default is 80% of the detected installed CPU.
    • MEMORY_THRESHOLD: Sets the memory usage threshold. Default is 80%.
    • DISK_USAGE_THRESHOLD: Sets the disk usage threshold. Default is 80%.
    • DISK_IO_THRESHOLD: Sets the disk I/O usage threshold. Default is 80%.
    •  
  • Notification Timing:

    • time_diff_wait: Specifies the duration in seconds that resource usage must remain high before sending notifications. Default is 300 seconds (5 minutes).
    • email_send_interval: Defines the interval in seconds between subsequent notification emails to prevent excessive notifications. Default is 3600 seconds (1 hour).
    •  

cPFence Owl™ ensures seamless server operation and robust security by providing instant malware blocking and adaptive monitoring. Configure these settings in the cPFence configuration file to tailor the monitoring system to your needs.

 

  • 21 Utilizadores acharam útil
Esta resposta foi útil?

Artigos Relacionados

How to Enable / Disable cPFence Owl™ ?

cPFence Owl™ is a smart 24/7 monitoring system that provides advanced security features,...

What Is Owl AutoMySQL® and How Do I Use It?

Managing MySQL resource usage on shared hosting servers can be a daunting task, especially for...

Managing Slow Queries and Scripts Using cPFence Owl™

Note: It is now recommended to use the automatic feature instead of manual blacklisting. To learn...