With a wide range of experience in dealing with issues and problems caused either directly or indirectly by APF, I've come to the conclusion that the antidos (AD) feature of APF is much more trouble than it is worth. With it enabled, it's apparent that the iptables rules can very quickly become dangerously full. This can lead to at least two issues:

• Ethernet traffic is slowed down due to the large number of lookup checks required


• A server can be rendered unbootable

That last point is the most dangerous. I've seen several servers with around 1000 IP addresses in the firewall preventing a server from booting. IIRC, this happens because APF is taking so long to load up the iptables rules, the boot sequence basically stalls and goes no further.

Details on disabling antidos if you have it enabled follow...

» Read More

Apologies to those that had added comments. I decided to switch to different blog software that made my life easier. Please feel free to post again if you wish

Added a new page to the site that lists the latest bugs and vulnerabilities from Security Focus and the most current virus threats from ESET

I must say that I really do like NOD32 for windows-based virus scanning and we use it on our main PC's. Our servers are, of course, all protected by ClamAV which works excellently at filtering out email borne viruses

This is a new feature for visitors to ConfigServer to keep in touch with our news and views. We hope to maintain this blog on a frequent basis and will include information on:

• ConfigServer News
• ConfigServer Views
• New Application Releases
• Relevant Industry News

The New Application Releases information will be about those apps used in our cPanel Service Packages and will include configuration changes that we use as well as information about when new releases are made that we feel are useful to upgrade to.