Hi,
I installed CyberPanel the first time. I want to secure my VPS and want to do the following for that I need help as I could not find any definitive answer after searching for a longtime.
Is LFD active by default or do we have to make some setting changes to make it active?
Is there a way to block IPs that try SSH port 22 after 2-3 failed attempts?
Is there a way to block all IPs that try to log in as root users?
How to secure cyberpanel login page? Is there any rule in CSF?
Thank you, @josephgodwinke, for your quick response. I have gone through this before as well but couldn’t figure it out; that is why I have asked here in the community, as many of you have already gone through this.
I believe by referring to these documents, you are saying that this much is enough and that there is no need to worry about my questions, correct?
I mean if you had gone through the documentation some of your questions would be unecessary. Like question 1 and 2 makes me think you do not use cyberpanel at all.
You are right. This is my first install, so I am a bit more worried about safety and security. That is why I was looking for these answers. I have used UFW and Fail2ban. But CSF and LFD are new to me. I will go through the documentation in detail.
as @josephgodwinke stated you should take a deep look into documentation in any case. But because the question has very search friendly title and many will come across to it, let me explain in short those 4 questions and share a helpful previous community topic at the end:
LFD is available with the press of a button. When you complete the installation it is not by default installed, but there is default Cyberpanel CSF settings page where you can enable CSF + LFD in one click and manage them through there.
Sure there is a way to block ssh failed attempts. You can put a custom rule inside regex.custom file inside CSF settings and apply blocks per your liking. But by default CSF + LFD when you intall it there is a default limit applied to failed ssh login attempts so you are ok with that. You can change that via the settings (e.g. increase attempts or period of blocking).
Yes there is, again using regex.custom but that would bloat your IP tables too much I think. Disabling root login on server level could do the same trick.
By default access.log of Cyberpanel is $path_to_cyberpanel_directory_accesslogs(depending on your OS) e.g. /usr/local/lscp/cyberpanel/logs/access.log. You can add this file to CSF + LFD so LFD will check it for failed attempts and then add your custom rules to regex.custom just like the previous steps.
An additional topic for this point with useful info is: