Join the community today
Register Now

Login root from china

Discussion in 'System Administration' started by karistuck, Sep 16, 2014.

  1. karistuck

    karistuck Member

    43
    2
    8
    Jun 1, 2014
    대한민국
    Ratings:
    +3
    Local Time:
    1:02 AM
    1.5.8
    So many time login root user from china.


    How can I protect for root user?
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,340
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    CSF Firewall is installed by default on Centmin Mod installs and should be blocking such login attempts CSF Firewall - Centmin Mod - Menu based Nginx installer for CentOS servers

    in Login Failure Daemon logs at /var/log/lfd.log

    Hence, why I use CSF Firewall on all my servers and why it's installed by default with Centmin Mod LEMP stack :D

    centmin.sh also has menu option 16 to change the default SSHD port which is port 22. Pay attention to the questions asked at prompt when you run option 16 as it first asks for your default SSHD port which you enter 22 and then asks for the new SSHD port number you want. Then do not close current SSH session keep it open and open a new SSH connection using new SSHD port number to check if it works. If it doesn't work, you can then check to see if new SSHD port was added to TCP_IN line within CSF Firewall at /etc/csf/csf.conf

    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.07 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu                  
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2, 5.5, 10 Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Re-install ImageMagick PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Exit
    --------------------------------------------------------
    Enter option [ 1 - 22 ] 22
    --------------------------------------------------------
     
  3. runos

    runos Member

    57
    17
    8
    Dec 17, 2019
    Ratings:
    +22
    Local Time:
    12:02 AM
    1.17.6
    10
    Is there a way to configure CSF to only allow root login from specific country? Thanks :)
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,340
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You could try the opposite of blocking specific ports by country outlined at https://community.centminmod.com/th...try-traffic-in-csf-firewall.17208/#post-74537 to use CC_ALLOW_PORTS to define country code and CC_ALLOW_PORTS_TCP and CC_ALLOW_PORTS_UDP to specifiy TCP and UDP port comma separated list and then that specific port needs to be removed from comma separated list TCP_IN and UDP_IN in CSF Firewall config file. I'd test on a test hourly billed VPS host like vultr, digitalocean, linode or like highly recommended Upcloud - signees also get US$25 credits to use as well and make sure all works before trying on live production server.

    and ensure CSF Firewall CC lookup databases are working due to recent maxmind changes at https://community.centminmod.com/th...eolite2-free-database-download-changes.18959/

    but bare in mind IP geolocation info isn't always accurate. So if the database says your IP is in a country other than the one you think it is, then you will not be able to log in via root/SSH at all !
     
  5. runos

    runos Member

    57
    17
    8
    Dec 17, 2019
    Ratings:
    +22
    Local Time:
    12:02 AM
    1.17.6
    10
    George,

    Your last point is scary! Thank you for the heads up. I will resort to other ways to harden root access then :)