Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to open a range ports in debian? Question Question
Looking for a self service LDAP reset tool? Question Question

Question

How to blocking website

Posted June 6, 2017 2.3k views
DebianDevelopment

hi, i have shared ssh account and someone use it for illegal activity on some site, how to block the site so my member can’t access on it?

Add a comment
gregoriusrahadi21
By:
gregoriusrahadi21

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to open a range ports in debian? Question Question
Looking for a self service LDAP reset tool? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
hansen June 6, 2017

Hi @gregoriusrahadi21

Does the user account have sudo access - or is it the user root - if that’s the case, then anything could have been installed or changed, meaning your server quite possibly has been compromised. In that case I would probably recommend reinstalling the entire server and manually go thru everything you copy over.

If the user only had access to limited parts of the system, then you can remove the public key from /home/USERNAME/.ssh/authorized_keys or /root/.ssh/authorized_keys.
If you’re using the same user account and the key, then you first need to generate a new key and then when you login with the new key, then you can remove the previous key.
https://www.digitalocean.com/community/tutorials/how-to-use-ssh-keys-with-putty-on-digitalocean-droplets-windows-users

Reply Report
  • gregoriusrahadi21 June 6, 2017

    The user doesn’t have access on root, just create in /bin/false. Just an account for SSH and VPN tunneling. But they use it for illegal activities and digitalocean often send me an complaint email

    Reply Report
    • hansen June 6, 2017

      @gregoriusrahadi21
      Okay, simply remove the user - or the public key from /home/USERNAME/.ssh/authorized_keys. If you remove the public key, you need to disconnect the user, if the user is already connected, since SSH doesn’t read the authorized_keys until next login.

      Reply Report
      • gregoriusrahadi21 June 6, 2017

        But unfortunately I don’t know who user that use it for illegal activities, so I decided to block the site that sent me a complaint

        Reply Report
        • hansen June 6, 2017

          @gregoriusrahadi21
          Okay, if you run a VPN service for other users, then you need to log the activity for the user, so you can close down service for those users instantly.
          Remember that you’re legally responsible, so if someone does bad things that ends up reported to the police, then you might get into very serious problems.
          Or you might end up being suspended from DigitalOcean.

          Reply Report

Related

Looking for something else?

Ask a new question Search for more help