Blocking All SSH / Reccurring Hacks
Posted: 16 Apr 2016, 09:16
I have been running Plesk web hosting for years behind a firewall appliance. Before that we were rooted often enough. Now we've added cPanel and almost instantly 100/100 strong passwords are hacked. cPanel knows nothing 
We installed APF/BFD and they got right around it. We installed CSF and they got around it because we had not blocked SSH. We seem to think that they are getting in from cPanel. Maybe not. We're running Centos 7.2 with OpenVZ containers now with CSF in each container. I've got to reinstall everything. :-(
How do I add a command in CSF command line to block all SSH and Telnet? We'll add exceptions to the Allowed file.
I miss having a hardware firewall but it isn't in the cards at the moment. Any suggestions are very welcome. I didn't even get a chance to work on Mod_Sec, if it would have stopped the entry. How the heck can they get in so quick? For reference here's where were at:
Thank you for your help.
We installed APF/BFD and they got right around it. We installed CSF and they got around it because we had not blocked SSH. We seem to think that they are getting in from cPanel. Maybe not. We're running Centos 7.2 with OpenVZ containers now with CSF in each container. I've got to reinstall everything. :-(How do I add a command in CSF command line to block all SSH and Telnet? We'll add exceptions to the Allowed file.
I miss having a hardware firewall but it isn't in the cards at the moment. Any suggestions are very welcome. I didn't even get a chance to work on Mod_Sec, if it would have stopped the entry. How the heck can they get in so quick? For reference here's where were at:
Code: Select all
Linux ***** 3.10.0-229.7.2.vz7.9.22 #1 SMP Thu Jan 14 18:21:17 MSK 2016 x86_64 x86_64 x86_64 GNU/Linux