Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

Server accessed, but how?

Comments

5 comments

  • HostNoc
    HI You should take some preventive meaure to secure your server from SSH Access 1. Avoid using default ssh port 2.disable root login 3. use ssh key instead of password Regards
    0
  • kpmedia
    Not using default port. Disabling root for SSH doesn't disable for WHM. What's so special about key vs. password? Thanks for the reply, but my original questions were not addressed. Namely if the key bypasses Host Access Control (aka IP lockdown).
    0
  • cPanelWilliam
    Hello! Using an SSH key should not allow users to bypass Host Access Control rules. Can you let us know what operating system your server is using? We've had some reports of users with EL 8 servers, such as AlmaLinux 8, experiencing issues with Host Access Control rules being enforced. In those cases, we recommend users backup any custom firewall rules, then run /usr/local/cpanel/scripts/configure_firewall_for_cpanel
    , then re-create your Host Access Control rules. Note that this script would clear out any custom firewall rules, which is why I would recommend making a backup before running it.
    0
  • kpmedia
    CentOS v7.9.2009 STANDARD kvm Good to know about the key. Of course, it further narrows down possible issues. Could a compromised VPS node allow container/VPS root intrusion? I just don't know what else it could be. I'm not a newbie admin. It doesn't appear they cared about the sparse data on the server, but rather in using it to attack other servers. The hacker seems to have scrubbed sessions, but missed one. See attached. But the above seems odd, almost newbie-like, some wrong commands, having to refer to the help file. And yet, somehow accessed the VPS? I'm even starting to wonder if the host has a rogue support person, in which case I might have to move those assets elsewhere.
    0
  • cPRex Jurassic Moderator
    Could a compromised VPS node allow container/VPS root intrusion?

    Sure - if someone has access to the container, they could access any individual machine.
    0

Please sign in to leave a comment.