[TUTORIAL] Disable Direct IP Access.
Posted: Mon Jan 29, 2018 8:44 pm
If you have ever used VestaCP on your server you may have noticed once you set-up a website on it, accessing your server on it's IP at port 80 will show the latest website you have added to it.
This can be very bad for a lot of reasons and here are some.
1. If you are using Cloudflare hackers may find your server's IP using Shodan.io and DDoS it.
2. If you are hosting a TOR website people may find your server's IP and report it to the police. (In case you are hosting something forbidden)
Fortunately, this can be fixed quite easily, just follow these steps.
1. Download this zip and upload the contents to "/etc/nginx/conf.d"
2. cd "/etc/nginx/conf.d"
Now you will see that there some files in the directory but the file we are looking is [YOUR SERVER IP].conf
In my case it is 92.222.36.xxx.conf
We will need to rename it because we will be replacing it,
we will rename it to 92.222.36.xxx.conf.old in case we ever want to undo this process.
3. mv 92.222.36.xxx.conf 92.222.36.xxx.conf.old
4. Now we will edit DirectAccessConfig.conf.
This is how it looks currently
5. mv DirectAccessConfig.conf 92.222.36.xxx.conf
Now we need to restart NGINX
6. service nginx restart.
And it's done.
If you have any questions please ask!
This can be very bad for a lot of reasons and here are some.
1. If you are using Cloudflare hackers may find your server's IP using Shodan.io and DDoS it.
2. If you are hosting a TOR website people may find your server's IP and report it to the police. (In case you are hosting something forbidden)
Fortunately, this can be fixed quite easily, just follow these steps.
1. Download this zip and upload the contents to "/etc/nginx/conf.d"
2. cd "/etc/nginx/conf.d"
Now you will see that there some files in the directory but the file we are looking is [YOUR SERVER IP].conf
In my case it is 92.222.36.xxx.conf
We will need to rename it because we will be replacing it,
we will rename it to 92.222.36.xxx.conf.old in case we ever want to undo this process.
3. mv 92.222.36.xxx.conf 92.222.36.xxx.conf.old
4. Now we will edit DirectAccessConfig.conf.
This is how it looks currently
Just replace [SERVER IP GOES HERE] with your IP, in my case it looks like thisserver {
listen [SERVER IP GOES HERE]:80 default;
server_name _;
return 444;
}
server {
listen [SERVER IP GOES HERE]:443 ssl default;
server_name _;
ssl on;
ssl_certificate /etc/nginx/conf.d/dummy.pem;
ssl_certificate_key /etc/nginx/conf.d/dummy.key;
return 444;
}
DirectAccessConfig.conf is the replacement for 92.222.36.xxx.conf so we will rename itserver {
listen 92.222.36.xxx:80 default;
server_name _;
return 444;
}
server {
listen 92.222.36.xxx:443 ssl default;
server_name _;
ssl on;
ssl_certificate /etc/nginx/conf.d/dummy.pem;
ssl_certificate_key /etc/nginx/conf.d/dummy.key;
return 444;
}
5. mv DirectAccessConfig.conf 92.222.36.xxx.conf
Now we need to restart NGINX
6. service nginx restart.
And it's done.
If you have any questions please ask!