Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - urantian

Pages: [1]
1
CSF Firewall / Still Get SSH Login Attempts with PW Auth Disabled
« on: March 09, 2024, 01:30:06 AM »
Greetings,

I have PasswordAuthentication disabled and PubkeyAuthentication enabled in my sshd_config file.  As expected, I can log in with a key file, but not with a password.

However, I continue to receive LFD alert emails of attempted password logins.  Fortunately, I have the number of attempts before blocking the IP set to 1:

"Mar  8 11:45:52 server sshd[21937]: Invalid user ubuntu from 113.194.225.168 port 35078"

When I attempt to log in with a password externally to my public IP, it fails as expected:
"No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)"

How are some hackers still able to reach the login prompt?

Thank you,

Michael

2
Updates / Automatic YUM Updates?
« on: February 18, 2024, 01:59:07 AM »
Is there a way to configure CWP Pro to automatically perform YUM updates, instead of starting them manually?

I found a way to configure a YUM cron to automatically install updates, but I don't know if this would have a conflict with CWP.  The link is below.

https://www.howtoforge.com/tutorial/how-to-setup-automatic-security-updates-on-centos-7/

Michael

3
How to / Preventing Access to wp-login and xmlrpc.php
« on: February 05, 2024, 02:43:48 AM »
I was receiving numerous alerts each day regarding attempts to break into my WP sites.  At first, I renamed the wp-login.php file to something else, however I would still receive the alerts with 301 or 302 errors, since hackers or bots try to access the usual file.  I decided to do something more.  I re-created the wp-login.php file, however the file now contains this script:

<?php
$ipaddress = getenv("REMOTE_ADDR") ;
$username =  get_current_user() ;
$comment = $username . " wp-login" ;
shell_exec("sudo /usr/sbin/csf -d $ipaddress $comment" );
header("Location: https://www.youtube.com/watch?v=BBJa32lCaaY/");
?>

The script gets the calling IP address, site owner, and file name, and then executes the CSF Deny function.  The username and file name are included as a comment, so I can know which site and file were accessed.  Then, the page sends them off to be Rick Rolled.  This way, they never have a chance to try logging in, and the IP address is immediately blocked, preventing them from trying again.  However, for this to work, the site owner username must be in the Wheel group with NOPASSWORD enabled.  I still continue getting numerous break-in attempts each day, but the page never needs to load.  Instead, it goes straight to Youtube.

In addition, as I understand, the xmlrpc.php file is no longer necessary, but is vulnerable to hacking exploits.  Therefore, I put the same script in that file too, and have it set to add that file name in the DENY comments.

So far, this method is working very well, and I no longer need to be concerned with people trying to log in or access that xmlrpc file.

4
CentOS-WebPanel GUI / Cannot Open User Panel
« on: January 16, 2022, 11:14:21 PM »
When I attempt to open the panel for any of the user accounts, from the CWP "List Users" page, the result is "404 Not Found".  Also, if I try to log in from [hostname]:2083, I get a 500 server error.  How can this be corrected?

Michael

5
Information / Paid Invoice Not Reflected in Account
« on: December 17, 2021, 10:01:52 PM »
After opening a CWP account, I went through the process of paying for a Pro license.  After a few failed attempts, I finally was able to make the payment.  I also received a confirmation.  However, the payment was not reflected in my account, nor on my CWP installation.  I submitted a ticket to Billing.  Today, I received a late payment notice, and found that my account was apparently removed.  My credit card shows the transaction.  So, I registered again, and opened another ticket with Billing, but there has been no response.  I hope by posting here, I will be able to reach someone.

Thank you.

Pages: [1]