Tut: Change VestaCP port through SSH Command line

[nsuro]

Yes I think that is a good idea. Thanks you too.:)
I have tested this out and seems to work.

Change 8383 to whatever port your using.

Code: Select all

sed -i 's/8083;/8383;/' /usr/local/vesta/bin/v-add-firewall-chain

Then you have to reload or restart the fail2ban service

Code: Select all

systemctl reload fail2ban.service

iptables should now show the new port.

Code: Select all

iptables -L -nv

Code: Select all

....
    0     0 fail2ban-VESTA  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8383
....

[ivcha92]

Another solution, use SSH key on root user.
All our servers which were using SSH keys on root user were not hacked. And setting up SSH keys is easy too.

I was using key on SSH and got hacked

[dsystem]

I do not think changing the door is a solution. Almost every day CSF detects and blocks IPs that my server scans


Example of an IP automatically blocked by CSF:

Code: Select all

Time:        Wed Apr 11 00:21:03 2018 -0300
IP:          37.147.233.113 (RU/Russian Federation/37-147-233-113.broadband.corbina.ru)
Connections: 115
Blocked:     Temporary Block

Connections:
tcp: 37.147.233.113:37135 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:53751 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:58249 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:54043 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:37401 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:49963 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:38474 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:60819 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:39805 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:62545 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:41666 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:45207 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:65276 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:52311 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:52040 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:65080 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:46359 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:60568 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:62656 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:51533 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:39721 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:60941 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:35270 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:60306 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:53210 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:39626 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:50036 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:39005 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:33328 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:57000 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:56175 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:54903 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:42985 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:40053 -> 69.197.146.10:80 (TIME_WAIT)
tcp: 37.147.233.113:45930 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:48976 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:56347 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:37561 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:63648 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:37458 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:37779 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:51638 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:37231 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:63840 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:61572 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:46420 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:42674 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:62980 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:58921 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:34675 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:36903 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:59967 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:47214 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:60412 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:41987 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:37284 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:48717 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:58673 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:45722 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:59136 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:51650 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:36620 -> 69.197.146.10:443 (FIN_WAIT1)
tcp: 37.147.233.113:35643 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:60205 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:55077 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:48764 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:40556 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:38479 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:46127 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:64119 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:45025 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:63461 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:44797 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:43453 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:48549 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:63717 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:59111 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:45336 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:36756 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:56793 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:54297 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:48417 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:54434 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:41165 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:33883 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:48357 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:57416 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:63438 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:39307 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:34456 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:56299 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:40165 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:60363 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:43667 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:40588 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:55553 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:46005 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:55291 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:48836 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:46674 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:34007 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:40707 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:64358 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:39065 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:35704 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:38292 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:58668 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:40805 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:40677 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:56279 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:52200 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:48271 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:39354 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:54877 -> 69.197.146.10:443 (TIME_WAIT)
tcp: 37.147.233.113:56863 -> 69.197.146.10:443 (TIME_WAIT)

[dpeca]

https://github.com/serghey-rodin/vesta/ ... 777aaad493

i made automatically reading correct vesta port number... so no need to modify source code of vesta...
i hope it will be included in next update.

[BartMan__X]

I had suggested PORT selection and "admin" name selection as variable while we install VestaCP, the very first screen that asks for FQDN, or can be passed as an argument to the Advanced install script. Lets see if Vesta Dev team can implement that anytime soon.

thats all i want