Share

Question

hi, i have shared ssh account and someone use it for illegal activity on some site, how to block the site so my member can’t access on it?

Answer 1

hansen June 6, 2017

Hi @gregoriusrahadi21

Does the user account have sudo access - or is it the user root - if that’s the case, then anything could have been installed or changed, meaning your server quite possibly has been compromised. In that case I would probably recommend reinstalling the entire server and manually go thru everything you copy over.

If the user only had access to limited parts of the system, then you can remove the public key from /home/USERNAME/.ssh/authorized_keys or /root/.ssh/authorized_keys.
If you’re using the same user account and the key, then you first need to generate a new key and then when you login with the new key, then you can remove the previous key.
https://www.digitalocean.com/community/tutorials/how-to-use-ssh-keys-with-putty-on-digitalocean-droplets-windows-users

Reply Report

gregoriusrahadi21 June 6, 2017

The user doesn’t have access on root, just create in /bin/false. Just an account for SSH and VPN tunneling. But they use it for illegal activities and digitalocean often send me an complaint email
Reply Report
- hansen June 6, 2017
  
  @gregoriusrahadi21
  Okay, simply remove the user - or the public key from /home/USERNAME/.ssh/authorized_keys. If you remove the public key, you need to disconnect the user, if the user is already connected, since SSH doesn’t read the authorized_keys until next login.
  
  Reply Report
  
  gregoriusrahadi21 June 6, 2017
  
  But unfortunately I don’t know who user that use it for illegal activities, so I decided to block the site that sent me a complaint
  
  Reply Report
  
  hansen June 6, 2017
  
  @gregoriusrahadi21
  Okay, if you run a VPN service for other users, then you need to log the activity for the user, so you can close down service for those users instantly.
  Remember that you’re legally responsible, so if someone does bad things that ends up reported to the police, then you might get into very serious problems.
  Or you might end up being suspended from DigitalOcean.
  
  Reply Report

Answer 2

gregoriusrahadi21 June 6, 2017

The user doesn’t have access on root, just create in /bin/false. Just an account for SSH and VPN tunneling. But they use it for illegal activities and digitalocean often send me an complaint email
Reply Report
- hansen June 6, 2017
  
  @gregoriusrahadi21
  Okay, simply remove the user - or the public key from /home/USERNAME/.ssh/authorized_keys. If you remove the public key, you need to disconnect the user, if the user is already connected, since SSH doesn’t read the authorized_keys until next login.
  
  Reply Report
  
  gregoriusrahadi21 June 6, 2017
  
  But unfortunately I don’t know who user that use it for illegal activities, so I decided to block the site that sent me a complaint
  
  Reply Report
  
  hansen June 6, 2017
  
  @gregoriusrahadi21
  Okay, if you run a VPN service for other users, then you need to log the activity for the user, so you can close down service for those users instantly.
  Remember that you’re legally responsible, so if someone does bad things that ends up reported to the police, then you might get into very serious problems.
  Or you might end up being suspended from DigitalOcean.
  
  Reply Report

Related

Question

How to blocking website

Leave a comment

Looking for something else?

Share

Share your Question

Related

Question

How to blocking website

Leave a comment

Related

question

How to open a range ports in debian?

question

Looking for a self service LDAP reset tool?

question

Resize droplet, CPU & RAM only

question

Let's Encrypt subdomain configuration best way

Looking for something else?

Almost there!