Share

Question

hi, i have shared ssh account and someone use it for illegal activity on some site, how to block the site so my member can't access on it?

Answer 1

hansen June 6, 2017

Hi @gregoriusrahadi21

Does the user account have sudo access - or is it the user root - if that's the case, then anything could have been installed or changed, meaning your server quite possibly has been compromised. In that case I would probably recommend reinstalling the entire server and manually go thru everything you copy over.

If the user only had access to limited parts of the system, then you can remove the public key from /home/USERNAME/.ssh/authorized_keys or /root/.ssh/authorized_keys.
If you're using the same user account and the key, then you first need to generate a new key and then when you login with the new key, then you can remove the previous key.
https://www.digitalocean.com/community/tutorials/how-to-use-ssh-keys-with-putty-on-digitalocean-droplets-windows-users

How To Use SSH Keys with PuTTY on DigitalOcean Droplets (Windows users)

by Justin Ellingwood

PuTTY is a Windows program used to establish SSH sessions with Linux servers. In this guide, we'll demonstrate how to use PuTTY to create SSH key pairs to use within the DigitalOcean interface. You can then easily create servers that you can log into without a password.

Reply

gregoriusrahadi21 June 6, 2017

The user doesn't have access on root, just create in /bin/false. Just an account for SSH and VPN tunneling. But they use it for illegal activities and digitalocean often send me an complaint email
- hansen June 6, 2017
  
  @gregoriusrahadi21
  Okay, simply remove the user - or the public key from /home/USERNAME/.ssh/authorized_keys. If you remove the public key, you need to disconnect the user, if the user is already connected, since SSH doesn't read the authorized_keys until next login.
  
  gregoriusrahadi21 June 6, 2017
  
  But unfortunately I don't know who user that use it for illegal activities, so I decided to block the site that sent me a complaint
  
  hansen June 6, 2017
  
  @gregoriusrahadi21
  Okay, if you run a VPN service for other users, then you need to log the activity for the user, so you can close down service for those users instantly.
  Remember that you're legally responsible, so if someone does bad things that ends up reported to the police, then you might get into very serious problems.
  Or you might end up being suspended from DigitalOcean.

Answer 2

gregoriusrahadi21 June 6, 2017

The user doesn't have access on root, just create in /bin/false. Just an account for SSH and VPN tunneling. But they use it for illegal activities and digitalocean often send me an complaint email
- hansen June 6, 2017
  
  @gregoriusrahadi21
  Okay, simply remove the user - or the public key from /home/USERNAME/.ssh/authorized_keys. If you remove the public key, you need to disconnect the user, if the user is already connected, since SSH doesn't read the authorized_keys until next login.
  
  gregoriusrahadi21 June 6, 2017
  
  But unfortunately I don't know who user that use it for illegal activities, so I decided to block the site that sent me a complaint
  
  hansen June 6, 2017
  
  @gregoriusrahadi21
  Okay, if you run a VPN service for other users, then you need to log the activity for the user, so you can close down service for those users instantly.
  Remember that you're legally responsible, so if someone does bad things that ends up reported to the police, then you might get into very serious problems.
  Or you might end up being suspended from DigitalOcean.

How to blocking website

Leave a Comment

Share

Share your Question

How to blocking website

Leave a Comment

Related Questions

Almost there!