Memo, 16/05/2021: Denyhosts, OH MY GOD I GOT BANNED BY YYYYY

#建站合集SysAdmin

前情提要

被歪站屏蔽的第一天, 想它. 我什么时候才能重温猫叫声?

因为自己作死, 前段时间不光是ssh不上,歪站所有的服务我pc端现在都连不上:毛象、博客、论坛。

被屏蔽得彻彻底底干干净净.


After getting banned whenever I go ssh there would be an error message telling me that “Resource temporarily unavailable” (and 502 bad gateway whenever trying using any of the yyyyy's services.

ssh 域名
ssh: connect to host 域名 port 22: Resource temporarily unavailable  

Restoring access to the services

According to @n@g.***:

After that is done services are accessible but sshing into the VPS still not possible

Playing around with Denyhosts

Get IP Address
ifconfig -a

ifconfig -a

The loopback device is a special, virtual network interface that your computer uses to communicate with itself.

When the network or wifi is disconnected the loopback exists so applications running on your computer can always connect to servers on the same machine.

Investigate Authentication Failures

Check Debian&Ubuntu auth.log (On CentOS it's secure log)

grep -i "failed password" /var/log/auth.log | grep "我的ip"
How to Unblock a host from Denyhosts
  1. Check the log (on Ubuntu and Debian)
fuser /var/log/auth.log

The command fuser identifies Process IDs (PID)s that have open sockets to a file.

By running the command a couple of numbers would pop up, and we could ps and grep to see what services are using these sockets.

Say PID 6697(denyhosts) currently hasopen sockets to the auth.log file.

ps -eaf | grep -v grep | grep 6697

ps then grep

This is the PID for denyhosts.

service denyhosts stop
fuser /var/log/auth.log

Notice no Process IDs are returned because denyhosts stopped.

fuser is a utility that identifies processes using files or sockets.

  1. Remove the appropriate line from the hosts.deny file
cd /etc
grep -v "我的ip" hosts.deny > hosts.deny.new
grep "我的ip" hosts.deny.new | wc -l
mv hosts.deny hosts.deny.old
mv hosts.deny.new hosts.deny

Note that “grep -v “grep” takes input line by line, and outputs only the lines in which grep does not appear. Without -v, it would output only the lines in which grep does appear....grep -v grep (or grep -v 'grep' or grep -v “grep”) often appears on the right side of a pipe whose left side is a ps command.^1

  1. Remove the appropriate line from the log file
cd /var/log/
grep -v "我的ip" auth.log > auth.log.new
grep "我的ip" auth.log.new | wc -l
mv auth.log auth.log.old
mv auth.log.new auth.log
  1. Remove the appropriate line from the denyhosts files
cd /etc/
grep -v "我的ip" bla> bla.new
grep -v "我的ip" bla.new | wc -l
mv bla bla.old
mv bla.new bla

bla in the above commands be: – hosts.deny – hosts – hosts-restricted – hosts-valid – users-hosts

(root not listed as I disabled root login

完结撒花★,°:.☆( ̄▽ ̄)/$:.°★