Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - urantian

Pages: [1]
1
CSF Firewall / Re: Still Get SSH Login Attempts with PW Auth Disabled
« on: March 13, 2024, 02:21:46 AM »
Thank you.  I found a few other references.  So far, I haven't received any other alerts.

2
CSF Firewall / Re: Still Get SSH Login Attempts with PW Auth Disabled
« on: March 11, 2024, 06:14:13 PM »
I removed the SSH port number from the TCP_IN and TCP_OUT ports list in csf.conf, and confirmed I can still connect.  Hopefully, that will stop them.

Thank you,

Michael

3
CSF Firewall / Re: Still Get SSH Login Attempts with PW Auth Disabled
« on: March 10, 2024, 03:13:03 AM »
I prefer to receive LFD notifications, to know what's going on.  I have "PermitRootLogin" set to "no", and the number of attempts set to "1" before blocking the IP.

However, I would like to know how hackers are still able to attempt a login at all, if I have PasswordAuthentication set to "no" and PubkeyAuthentication set to "yes".

Thank you,

Michael

4
CSF Firewall / Re: Still Get SSH Login Attempts with PW Auth Disabled
« on: March 09, 2024, 03:58:15 PM »
I changed the port number for SSH long ago, and only recently disabled password authentication.  But, even with the port number changed, I don't see how they are reaching a login prompt if they find it.

Thank you,

Michael


5
CSF Firewall / Still Get SSH Login Attempts with PW Auth Disabled
« on: March 09, 2024, 01:30:06 AM »
Greetings,

I have PasswordAuthentication disabled and PubkeyAuthentication enabled in my sshd_config file.  As expected, I can log in with a key file, but not with a password.

However, I continue to receive LFD alert emails of attempted password logins.  Fortunately, I have the number of attempts before blocking the IP set to 1:

"Mar  8 11:45:52 server sshd[21937]: Invalid user ubuntu from 113.194.225.168 port 35078"

When I attempt to log in with a password externally to my public IP, it fails as expected:
"No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)"

How are some hackers still able to reach the login prompt?

Thank you,

Michael

6
Updates / Re: Automatic YUM Updates?
« on: February 21, 2024, 04:42:41 AM »
Thank you for the clarification.

Michael

7
Updates / Re: Automatic YUM Updates?
« on: February 19, 2024, 03:45:42 AM »
Thank you for your reply!  Did you install "yum-cron", or are you using just YUM?  It seems like the latter, where you are simply adding the YUM update to the daily jobs.

Michael

8
Updates / Automatic YUM Updates?
« on: February 18, 2024, 01:59:07 AM »
Is there a way to configure CWP Pro to automatically perform YUM updates, instead of starting them manually?

I found a way to configure a YUM cron to automatically install updates, but I don't know if this would have a conflict with CWP.  The link is below.

https://www.howtoforge.com/tutorial/how-to-setup-automatic-security-updates-on-centos-7/

Michael

9
How to / Re: Preventing Access to wp-login and xmlrpc.php
« on: February 05, 2024, 04:33:30 AM »
Thank you for the feedback.  I actually installed WordFence a couple of days ago, and am working on learning about it, and configuring it.  Therefore, I did not know that it can already manage these issues.  However, I have always liked (Rick) rolling my own solutions, when possible.  I learn a lot that way, too.  Thanks again.

10
How to / Preventing Access to wp-login and xmlrpc.php
« on: February 05, 2024, 02:43:48 AM »
I was receiving numerous alerts each day regarding attempts to break into my WP sites.  At first, I renamed the wp-login.php file to something else, however I would still receive the alerts with 301 or 302 errors, since hackers or bots try to access the usual file.  I decided to do something more.  I re-created the wp-login.php file, however the file now contains this script:

<?php
$ipaddress = getenv("REMOTE_ADDR") ;
$username =  get_current_user() ;
$comment = $username . " wp-login" ;
shell_exec("sudo /usr/sbin/csf -d $ipaddress $comment" );
header("Location: https://www.youtube.com/watch?v=BBJa32lCaaY/");
?>

The script gets the calling IP address, site owner, and file name, and then executes the CSF Deny function.  The username and file name are included as a comment, so I can know which site and file were accessed.  Then, the page sends them off to be Rick Rolled.  This way, they never have a chance to try logging in, and the IP address is immediately blocked, preventing them from trying again.  However, for this to work, the site owner username must be in the Wheel group with NOPASSWORD enabled.  I still continue getting numerous break-in attempts each day, but the page never needs to load.  Instead, it goes straight to Youtube.

In addition, as I understand, the xmlrpc.php file is no longer necessary, but is vulnerable to hacking exploits.  Therefore, I put the same script in that file too, and have it set to add that file name in the DENY comments.

So far, this method is working very well, and I no longer need to be concerned with people trying to log in or access that xmlrpc file.

11
CentOS-WebPanel GUI / Re: Cannot Open User Panel
« on: January 18, 2022, 12:33:52 AM »
I looked in /root/.my.cnf, and found that the password variable was apparently still set to the original value.  I simply updated it with the password I had used earlier via phpMyAdmin.  This allowed root to log into mySQL without prompting for a password.

Next, I ran "/scripts/cwpsrv_rebuild_user_conf", which then enabled me to access the user panels via CWP.

However, there were a couple of errors from running that rebuild script:

Code: [Select]
** (pkttyagent:27182): WARNING **: 16:36:20.768: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
Redirecting to /bin/systemctl reload cwp-phpfpm.service

** (pkttyagent:27200): WARNING **: 16:36:20.832: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)

I cannot determine whether this is causing some other issue.

Michael

12
CentOS-WebPanel GUI / Re: Cannot Open User Panel
« on: January 17, 2022, 04:40:26 PM »
Thank you.  I appear to have a bad configuration with MySQL.  At some point, during the CWP installation, I changed the root password via phpMyAdmin, and it is was not reflected in the shell:

[root@server backup]# mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

I can get in if I have it prompt for a password:

[root@server backup]# mysql -u root -p
Enter password:
MariaDB [(none)]>

However, the cwpsrv_rebuild_user_conf script cannot run as-is.

# /scripts/cwpsrv_rebuild_user_conf
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

Is there a way to correct this, and not make it prompt for a password?

Michael

13
CentOS-WebPanel GUI / Cannot Open User Panel
« on: January 16, 2022, 11:14:21 PM »
When I attempt to open the panel for any of the user accounts, from the CWP "List Users" page, the result is "404 Not Found".  Also, if I try to log in from [hostname]:2083, I get a 500 server error.  How can this be corrected?

Michael

14
Information / Re: Paid Invoice Not Reflected in Account
« on: January 03, 2022, 03:50:42 AM »
I am posting an update about this, to say it is resolved.  I was finally able to cancel the payment.  Today, I successfully upgraded to CWP Pro, after making the payment via PayPal.  I'm not sure, but there might be a disconnect somewhere, preventing payments via Skrill from being reflected on the CWP account website.  At least, this is what happened in my case.  So now, I have a fully-working control panel.

15
Information / Paid Invoice Not Reflected in Account
« on: December 17, 2021, 10:01:52 PM »
After opening a CWP account, I went through the process of paying for a Pro license.  After a few failed attempts, I finally was able to make the payment.  I also received a confirmation.  However, the payment was not reflected in my account, nor on my CWP installation.  I submitted a ticket to Billing.  Today, I received a late payment notice, and found that my account was apparently removed.  My credit card shows the transaction.  So, I registered again, and opened another ticket with Billing, but there has been no response.  I hope by posting here, I will be able to reach someone.

Thank you.

Pages: [1]