So many time login root user from china. How can I protect for root user?
CSF Firewall is installed by default on Centmin Mod installs and should be blocking such login attempts CSF Firewall - Centmin Mod - Menu based Nginx installer for CentOS servers in Login Failure Daemon logs at /var/log/lfd.log Hence, why I use CSF Firewall on all my servers and why it's installed by default with Centmin Mod LEMP stack centmin.sh also has menu option 16 to change the default SSHD port which is port 22. Pay attention to the questions asked at prompt when you run option 16 as it first asks for your default SSHD port which you enter 22 and then asks for the new SSHD port number you want. Then do not close current SSH session keep it open and open a new SSH connection using new SSHD port number to check if it works. If it doesn't work, you can then check to see if new SSHD port was added to TCP_IN line within CSF Firewall at /etc/csf/csf.conf Code: -------------------------------------------------------- Centmin Mod 1.2.3-eva2000.07 - http://centminmod.com -------------------------------------------------------- Centmin Mod Menu -------------------------------------------------------- 1). Centmin Install 2). Add Nginx vhost domain 3). NSD setup domain name DNS 4). Nginx Upgrade / Downgrade 5). PHP Upgrade / Downgrade 6). XCache Re-install 7). APC Cache Re-install 8). XCache Install 9). APC Cache Install 10). Memcached Server Re-install 11). MariaDB 5.2, 5.5, 10 Upgrade Sub-Menu 12). Zend OpCache Install/Re-install 13). Install ioping.sh vbtechsupport.com/1239/ 14). SELinux disable 15). Install/Re-install ImageMagick PHP Extension 16). Change SSHD Port Number 17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc 18). Suhosin PHP Extension install 19). Install FFMPEG and FFMPEG PHP Extension 20). NSD Re-install 21). Update - Nginx + PHP-FPM + Siege 22). Exit -------------------------------------------------------- Enter option [ 1 - 22 ] 22 --------------------------------------------------------
You could try the opposite of blocking specific ports by country outlined at https://community.centminmod.com/th...try-traffic-in-csf-firewall.17208/#post-74537 to use CC_ALLOW_PORTS to define country code and CC_ALLOW_PORTS_TCP and CC_ALLOW_PORTS_UDP to specifiy TCP and UDP port comma separated list and then that specific port needs to be removed from comma separated list TCP_IN and UDP_IN in CSF Firewall config file. I'd test on a test hourly billed VPS host like vultr, digitalocean, linode or like highly recommended Upcloud - signees also get US$25 credits to use as well and make sure all works before trying on live production server. and ensure CSF Firewall CC lookup databases are working due to recent maxmind changes at https://community.centminmod.com/th...eolite2-free-database-download-changes.18959/ but bare in mind IP geolocation info isn't always accurate. So if the database says your IP is in a country other than the one you think it is, then you will not be able to log in via root/SSH at all !
George, Your last point is scary! Thank you for the heads up. I will resort to other ways to harden root access then