Criminals on the system ! Need Help !
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 11 of 11
  1. #1
    Join Date
    Feb 2018
    Location
    Germany
    Posts
    2

    Criminals on the system ! Need Help !

    How to prevent remote access to the system ?
    How to configure the system for NO REMOTE ACCESS ?
    I am using 27 with gnome.
    Thanks for your help.

  2. #2
    Join Date
    Jul 2004
    Location
    Wake Forest, NC
    Age
    65
    Posts
    1,435

    Re: Criminals on the system ! Need Help !

    systemctl status sshd.service
    If it is active, then systemctl stop sshd.service followed by systemctl disable sshd.service

    systemctl status httpd.service (if installed)
    If it is active, then systemctl stop httpd.service followed by systemctl disable httpd.service

    Now, if you should happen to need to access your computer via ssh, then you would need to modify the /etc/ssh/sshd_config file. Look for the "Authentication" section. Change "PermitRootLogin" to "no." Below that, add a line "AllowUsers" with the parameter of your username. You would then be the only authorized user. All other attempts to connect will be denied. This is how my system is set up. If the service is disabled/stopped, then it will need to be enabled and started before it would work. Other things are to change the port on which sshd listens from port 22 to something else. If you do so, don't forget to let SELINUX know about it.
    StephenH

    "We must understand the reality that just because our culture claims certain things are true it does not mean they are!" --M. Liederbach

    http://pilgrim-wanderings.blogspot.com

  3. #3
    Join Date
    Jul 2005
    Posts
    931

    Re: Criminals on the system ! Need Help !

    Don't enable ssh server
    Don't enable vnc or rdp server
    Don't enable telnet or ftp server
    Don't enable nfs server
    Don't enable samba server
    Make sure all other software on your computer is completely bulletproof to outside hacking (web server, mail server, etc)

    Or simply pull the network cable.
    ======
    Doug G
    ======

  4. #4
    Join Date
    Feb 2005
    Location
    London, UK
    Posts
    724

    Re: Criminals on the system ! Need Help !


  5. #5
    Join Date
    Feb 2018
    Location
    Germany
    Posts
    2

    Re: Criminals on the system ! Need Help !

    Thanks for trying to help, but it is all not good enough !
    Removed SSh, Telnet, VNC and so on, put the nic permanent in the drop-zone, but the criminals access the system like there is no firewall.
    Tried some other distributions, use firewall, block ports, always the same.
    It seems to me, that there is a big, big security-hole in every linux-distri !
    Any other good ideas ?

  6. #6
    Join Date
    Dec 2013
    Location
    United Kingdom
    Posts
    6,512

    Re: Criminals on the system ! Need Help !

    if there are any incoming data packets it is because, a background check for system updates is running or you're using the web browser to access the internet or fired up an email client. no operating system out there differs in the fact ports receive data when requested by installed components or programs regardless of whether it's mac, unix based or windows.

    before jumping to irrational conclusions that criminals are accessing your system, you can check the actual state of your PC from the outside with gibson research shields up! test (use a search engine to find it, links directly seldom ever work properly). mine shows all ports as stealthed which is how it should appear.

    posting actual evidence of IP addresses gaining access to your PC and ports accessed would go further to aid members of this user forum take your claims more seriously and help you.

  7. #7
    Join Date
    Jul 2004
    Location
    Wake Forest, NC
    Age
    65
    Posts
    1,435

    Re: Criminals on the system ! Need Help !

    Because I do want to access my home system while I am away, I do have sshd enabled with sshd_config set to deny root logins and only allow my user name access and no others. I also run denyhosts. Logwatch is set to run and I see in my logs an ever expanding list of IP addresses trying to log in as root, as other users, or as unknown. Since none of these are allowed and I allow only one chance, these get added to the /etc/hosts.deny file.

    What I need to figure out is how to specify how to eliminate even the attempts from remote systems. The only way I want root access to my system is if I am logging in on the physical system itself.
    StephenH

    "We must understand the reality that just because our culture claims certain things are true it does not mean they are!" --M. Liederbach

    http://pilgrim-wanderings.blogspot.com

  8. #8
    Join Date
    Apr 2009
    Location
    central NY, USA
    Posts
    1,153

    Re: Criminals on the system ! Need Help !

    If you're already infiltrated, there's no "fix". Start over - you can trust nothing. (Sorry!)

    If, however, you're looking to prevent intrusions, Fail2ban is another good measure. I use it in conjunction with denyhosts.
    Change - the only constant.

  9. #9
    Join Date
    Jul 2005
    Age
    58
    Posts
    1,204

    Re: Criminals on the system ! Need Help !

    If your only desired access is via ssh, then use a private certificate/key combination of good strength with a good pass phrase and then turn off all password authentication for it. With that, it doesn't really matter if you still allow root access.

    PubkeyAuthentication yes
    PasswordAuthentication no

    You'll still get scripts hitting port 22 from around the world, but keep your sshd daemon patched and you should be OK. If you know in advance what IP addresses you will be doing remote access with, then you can harden your firewall to only allow access from those IPs, but really a certificate works well and fail2ban helps as well. I'm not sure about firewalld, but if you're using shorewall you can combine the fail2ban output with ipset so you don't end up with a lot of individual rules - just a big hash table that is fast to process. At work, we currently have around 37000 IP addresses that have been blacklisted in ipset due to unexpected accesses. Note that if you use fail2ban or similar and then do a shields up test, the test server that probes you will likely be black listed early so you won't get a full test.

  10. #10
    Join Date
    Jul 2005
    Age
    58
    Posts
    1,204

    Re: Criminals on the system ! Need Help !

    I'd second what lightman47 said. If you're already compromised, start over.

    If you're worried about services, probably your biggest risk is from browsing and e-mail. Set your e-mail to forbid HTML, and you're safer there (or at least set it to not automatically load remote content). For web browsing, use something like uMatrix and ghostery to reduce unexpected scripting. It'll also speed up your page load times by eliminating many ads. It'll also frustrate you with some sites because until you get things tweaked, you'll have to enable content from domains they control of a different name that serve content for them. But once things are set, those two plugins will help keep your user side safer (and that is true regardless of the OS your browser is running on). A good sandboxed browser is also a plus.

  11. #11
    Join Date
    Jul 2004
    Location
    Wake Forest, NC
    Age
    65
    Posts
    1,435

    Re: Criminals on the system ! Need Help !

    While it won't stop scanning of the system, you can change the port that sshd uses to an unused port high up in the list instead of the standard port 22. Specify it in both sshd_config and set SELINUX to recognize and allow that port also. In my case, I also commented out port 22 so it is not available.

    I also just set up public/private key authentication and turned off password authentication William Haller advised. There are some guides out there, but the Fedora documentation covers this here: Fedora 27 System Administration Guide/Infrastructure Services/OpenSSH.
    StephenH

    "We must understand the reality that just because our culture claims certain things are true it does not mean they are!" --M. Liederbach

    http://pilgrim-wanderings.blogspot.com

Similar Threads

  1. System image of Fedora 20 fails to open live system on MacBook5,1
    By rcunning14 in forum Installation, Upgrades and Live Media
    Replies: 1
    Last Post: 13th January 2014, 03:41 PM
  2. making bootable image of fedora system , and installing it on other system ?
    By focode in forum Installation, Upgrades and Live Media
    Replies: 0
    Last Post: 30th June 2010, 07:57 AM
  3. Replies: 5
    Last Post: 28th May 2010, 08:45 PM
  4. Do criminals ever offer free wifi
    By tashirosgt in forum Linux Chat
    Replies: 4
    Last Post: 29th December 2009, 05:15 PM
  5. Replies: 2
    Last Post: 20th October 2006, 01:50 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •