How to Configure the ConfigServer Firewall on GreenGeeks Hosting

When you host a website on GreenGeeks, security is a top priority. One of the most effective ways to protect your server is by installing and configuring ConfigServer Firewall (CSF). In this guide, we’ll walk you through the entire process—from checking compatibility to fine‑tuning rules—so even beginners can secure their GreenGeeks account with confidence.

Why Use ConfigServer Firewall on GreenGeeks?

• Lightweight and fast: CSF runs as a PHP extension and adds minimal overhead.
• Comprehensive protection: It blocks brute‑force attacks, port scans, and malicious IPs.
• Easy management: All settings are stored in a single configuration file, making adjustments simple.

Prerequisites

Before you begin, make sure you have the following:

1. Root or sudo access to your GreenGeeks VPS (shared hosting does not allow CSF installation).
2. SSH client (e.g., Terminal, PuTTY).
3. Basic command‑line familiarity.

Step‑by‑Step Installation

1. Connect to Your Server via SSH

ssh root@your‑server‑ip

Enter the password you received from GreenGeeks. If you use an SSH key, the login will be automatic.

2. Update System Packages

apt-get update && apt-get upgrade -y

Keeping packages current prevents compatibility issues.

3. Install Required Dependencies

apt-get install -y perl libwww-perl liblwp-protocol-https-perl

4. Download and Install CSF

cd /usr/src wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh

The script will automatically detect your kernel and set up the firewall.

5. Verify Installation

perl /usr/local/csf/bin/csf -v

You should see the current CSF version displayed.

Basic Configuration

The main settings file lives at /etc/csf/csf.conf. Open it with your favorite editor:

nano /etc/csf/csf.conf

Key options to adjust:

• TESTING = "0" – Disables testing mode, enabling the firewall.
• TCP_IN / TCP_OUT – Define which ports are allowed. GreenGeeks default web ports are 80 and 443.
• DENY_IP_LIMIT = "50" – Blocks IPs that exceed 50 connection attempts per minute.

Allow Essential Ports

TCP_IN = "20,21,22,25,53,80,443,587,993,995" TCP_OUT = "20,21,22,25,53,80,443,587,993,995"

Leave SSH (22) open only if you need remote access. For shared hosting, you might restrict it to your IP.

Enable Login Failure Detection

LF_TRIGGER = "5" LF_SSHD = "5"

After five failed SSH attempts, the offending IP will be blocked for the default period.

Applying and Testing the Rules

csf -r   # Restart CSF with new settings csf -l   # List currently blocked IPs

To ensure the firewall is active, run:

iptables -L -n

You should see chains named CSF, CSF_INPUT, and CSF_OUTPUT.

Advanced Tweaks for GreenGeeks

• Whitelist GreenGeeks Monitoring IPs: Add their ping and monitoring ranges to IGNORE_ALLOW to avoid accidental blocks.
• Enable Temporary Bans: Set CT_LIMIT = "100" and CT_PERIOD = "1800" to block aggressive crawlers for 30 minutes.
• Integrate with cPanel: If your GreenGeeks plan includes cPanel, install the CSF plugin to manage settings from the UI.

FAQ

Do I need a VPS to use CSF on GreenGeeks?

Yes. Shared hosting plans do not provide the root access required for firewall installation.

Will CSF affect website performance?

CSF is lightweight; typical sites experience less than a 1% CPU increase.

How can I view blocked IPs?

Run csf -g to search logs or csf -l to list all bans.

Can I disable CSF temporarily?

Use csf -x to disable and csf -e to re‑enable.

Conclusion & Call to Action

ConfigServer Firewall adds a robust layer of defense to your GreenGeeks server with minimal effort. Follow the steps above, customize the rules to match your traffic, and monitor the logs regularly to stay ahead of threats.

Ready to secure your GreenGeeks site? Install CSF today, and if you need personalized help, contact our support team for a free security audit.