DDoS and SYN Attack Protection with Imunify360

Issue

How to protect a server from DDoS or SYN attacks with Imunify360.

Environment

• Imunify360
• CSF
• Any OS
• Any panel

Solution

To protect against DDoS and SYN flood attacks on servers running Imunify360, CSF can be used alongside Imunify360, as integration between the two is supported.

CSF provides additional protection mechanisms against these types of attacks, including options such as PORTFLOOD, SYNFLOOD, and various CT_* connection tracking settings.

When CSF integration is enabled in the Imunify360 settings, CSF handles these network-level attacks and blocks offending IP addresses directly at the server level.

Possible recommended values could be:

CT_LIMIT = "30"

CT_INTERVAL = "60"

CT_BLOCK_TIME = "3600"

CONNLIMIT = "80;30,443;30"

SYNFLOOD = "1"
SYNFLOOD_RATE = "50/s"
SYNFLOOD_BURST = "150"

Note: SYNFLOOD may slow down legitimate traffic, delay mail, browser renderings & reloads until set high.

Useful links

• https://docs.imunify360.com/ids_integration/#csf-integration
• DoS and DDoS protection with Imunify360 
• https://support.cpanel.net/hc/en-us/articles/1500006548041-How-to-combat-SYNFLOOD-attacks-via-CSF
• https://blog.cpanel.com/how-to-survive-a-ddos-attack/ 
• https://download.configserver.com/csf/readme.txt 
• https://docs.imunify360.com/dashboard/#_3-rd-party-integration
• https://docs.cpanel.net/knowledge-base/security/additional-security-software/#configserver-security--firewall-csf 
• https://support.cpanel.net/hc/en-us/articles/37654028162071-cPanel-will-provide-its-own-fork-of-CSF-starting-Feb-25th-2026