Memo, 16/05/2021: Denyhosts, OH MY GOD I GOT BANNED BY YYYYY
被歪站屏蔽的第一天, 想它. 我什么时候才能重温猫叫声?
After getting banned whenever I go ssh there would be an error message telling me that “Resource temporarily unavailable” (and 502 bad gateway whenever trying using any of the yyyyy's services.
ssh 域名 ssh: connect to host 域名 port 22: Resource temporarily unavailable
Restoring access to the services
According to @n@g.***:
iptables -L --line-numbers
Then find the rule that contains my ip and remove it.
After that is done services are accessible but sshing into the VPS still not possible
Playing around with Denyhosts
Get IP Address
The loopback device is a special, virtual network interface that your computer uses to communicate with itself.
When the network or wifi is disconnected the loopback exists so applications running on your computer can always connect to servers on the same machine.
Investigate Authentication Failures
Check Debian&Ubuntu auth.log (On CentOS it's secure log)
grep -i "failed password" /var/log/auth.log | grep "我的ip"
How to Unblock a host from Denyhosts
- Check the log (on Ubuntu and Debian)
The command fuser identifies Process IDs (PID)s that have open sockets to a file.
By running the command a couple of numbers would pop up, and we could ps and grep to see what services are using these sockets.
Say PID 6697(denyhosts) currently hasopen sockets to the auth.log file.
ps -eaf | grep -v grep | grep 6697
This is the PID for denyhosts.
service denyhosts stop fuser /var/log/auth.log
Notice no Process IDs are returned because denyhosts stopped.
fuser is a utility that identifies processes using files or sockets.
- Remove the appropriate line from the hosts.deny file
cd /etc grep -v "我的ip" hosts.deny > hosts.deny.new grep "我的ip" hosts.deny.new | wc -l mv hosts.deny hosts.deny.old mv hosts.deny.new hosts.deny
Note that “grep -v “grep” takes input line by line, and outputs only the lines in which grep does not appear. Without -v, it would output only the lines in which grep does appear....grep -v grep (or grep -v 'grep' or grep -v “grep”) often appears on the right side of a pipe whose left side is a ps command.^1“
- Remove the appropriate line from the log file
cd /var/log/ grep -v "我的ip" auth.log > auth.log.new grep "我的ip" auth.log.new | wc -l mv auth.log auth.log.old mv auth.log.new auth.log
- Remove the appropriate line from the denyhosts files
cd /etc/ grep -v "我的ip" bla> bla.new grep -v "我的ip" bla.new | wc -l mv bla bla.old mv bla.new bla
bla in the above commands be: – hosts.deny – hosts – hosts-restricted – hosts-valid – users-hosts
(root not listed as I disabled root login