Before I continue with the questions I’d like to say how pleased I am with Webmin/Virtualmin. For a long time I refused the idea to try Webmin/Virtualmin (without good reason) until one day I realized that I had enough of shiny icons and scripts full of bloatware. I must say more I use your CP more I like it, now back to my few questions.
On my VPS I installed Centos 7 (fresh) and Webmin/Virtualmin, then I changed default port for Virtualmin, ssh port and removed ssh login with password and put only with keys. All of that was without any problems but then I saw under Webmin -> Network -> Linux Firewall there are still conditions/rules with ports 10000 up to 10005.
Should i remove this conditions as I changed Virtualmin default port?
Another thing i saw in Linux Firewall is new condition based on new port for Virtualmin. So for example there is now new entry “If protocol is TCP and destination port is 5074:5084” where 5074 is my new port for Virtualmin.
Should I change that in the way how it was before with original port, e.g. 5074 to 5080 each one in separate line?
Any reason why Virtualmin has opened so many ports when originally was only 6 (10000-10005)?
Changing port and way to log for SSH went all good so only question I have is there any way to disable the warning when someone try to log with password like it can be seen in this picture: http://i.imgur.com/nXyZrJU.jpg? Best would be to just drop the connection and thats it, no warning of any kind.
Last but not least, regarding of DNS and name servers. On this VPS I have only one IP and during the installation I put for name servers ns1/ns2.aaa.com. Now this is great if I want to host only one domain but its not my case and I need different name servers for each of my domain so for example domain aaa.com should have ns1/ns2.aaa.com, domain bbb.com should have ns1/ns2.bbb.com and so on.
Now with CP i used until now, when adding a new domain, I had option to insert the name servers but Virtualmin is automatically using default one (Virtualmin -> System Settings -> Server Templates -> Default Settings -> BIND).
Should I delete them from “Default Settings” and then manually add for each domain/virtual server or just leave it as it is and then after I made new virtual server edit DNS? Another option i can think is to create new template based on “default”, change name servers and then use that one when creating new virtual server. But I’m not sure if I really need to make new template(s) for 2 or 3 domains or make it simple and changing DNS after creating new virtual server is acceptable as solution.
Well I hope I didnt ask too many questions but I try to search on this forum and google without any result.
I suspect that it’s automatically adding firewall rules for several ports above 10000, as those are used for Webmin RPC. You don’t need that though unless you need another Webmin server to communicate with this one.
is there any way to disable the warning when someone try to log with password like it can be seen in this picture
Sorry – I don’t believe there is a way to prevent that error.
Should I delete them from “Default Settings” and then manually add for each domain/virtual server or just leave it as it is and then after I made new virtual server edit DNS?
If you need a different nameserver for each domain – it might be simplest to just go into Server Configuration -> DNS Records, and change the “NS” records there after the domain is created.
Another option would be to do as you mentioned, make a new Server Template, one for each of the different nameservers you’ll be using.
Does that answer your questions?
You don’t need that though unless you need another Webmin server to communicate with this one.
Because I dont need this feature that means I can delete all rules for Virtualmin, old one and new range, and just leave one where is actually new port for Virtualmin, e.g. “If protocol is TCP and destination port is 5074”?
The rest is clear and probably I will just edit name servers after I make new virtual servers. Too bad there is no way to disable that warning when someone try to log into SSH using password like in the case of brute force attack. Somehow I think less information is going out I feel more safe about my VPS.
Yup, you can delete the other Virtualmin related firewall rules.
And yeah, unfortunately, I’m not aware of a way to prevent that error message your’e seeing. Do you see a similar error when using a different SSH client?
Do you see a similar error when using a different SSH client?
I’m using PuTTY and mRemoteNG what basically is PuTTY with better UI. Either way PuTTY is most common software what people use for SSH so doesn’t matter if some other program show the error or not. But i think it would be same as this error is transmitted from the server (i guess).
What i can see right now this error only show when i try to log on SSH right port (custom in my case) but if i try to log on any other port connection drop with common error message “Network error: Connection timed out”. Basically someone would need to scan all ports to find one where is SSH and only when he try to log this message will pop out. Still better then leave it on default settings open to almost everything.
I try again to search all over the internet but didnt manage to find anything, not to mention 90+% of results is based on SSH banner or some other type of notification but nothing what i need or that i could use.
Then thinking again if someone really want to break in sooner or later he would succeed in this task. For all others they will probably move on to find easier target/victim.
I will see maybe someone else on this forum have an idea how to sort this problem (well is more nuisance then problem).