How to blocking website

June 6, 2017 152 views
Development Debian

hi, i have shared ssh account and someone use it for illegal activity on some site, how to block the site so my member can't access on it?

1 Answer

Hi @gregoriusrahadi21

Does the user account have sudo access - or is it the user root - if that's the case, then anything could have been installed or changed, meaning your server quite possibly has been compromised. In that case I would probably recommend reinstalling the entire server and manually go thru everything you copy over.

If the user only had access to limited parts of the system, then you can remove the public key from /home/USERNAME/.ssh/authorized_keys or /root/.ssh/authorized_keys.
If you're using the same user account and the key, then you first need to generate a new key and then when you login with the new key, then you can remove the previous key.
https://www.digitalocean.com/community/tutorials/how-to-use-ssh-keys-with-putty-on-digitalocean-droplets-windows-users

by Justin Ellingwood
PuTTY is a Windows program used to establish SSH sessions with Linux servers. In this guide, we'll demonstrate how to use PuTTY to create SSH key pairs to use within the DigitalOcean interface. You can then easily create servers that you can log into without a password.
  • The user doesn't have access on root, just create in /bin/false. Just an account for SSH and VPN tunneling. But they use it for illegal activities and digitalocean often send me an complaint email

    • @gregoriusrahadi21
      Okay, simply remove the user - or the public key from /home/USERNAME/.ssh/authorized_keys. If you remove the public key, you need to disconnect the user, if the user is already connected, since SSH doesn't read the authorized_keys until next login.

      • But unfortunately I don't know who user that use it for illegal activities, so I decided to block the site that sent me a complaint

        • @gregoriusrahadi21
          Okay, if you run a VPN service for other users, then you need to log the activity for the user, so you can close down service for those users instantly.
          Remember that you're legally responsible, so if someone does bad things that ends up reported to the police, then you might get into very serious problems.
          Or you might end up being suspended from DigitalOcean.

Have another answer? Share your knowledge.