denyhosts is an excellent utility to prevent brute-force SSH attacks against your server. One shortcoming it has is that it is difficult to get a blacklisted IP address back out of the, well, blacklist. Simply removing its entry from /etc/hosts.deny will not keep denyhosts from doing its job of blocking what it deemed to be a threat. So what to do? Enter this script (below). It’s yours for the taking.
Unlike other tools floating around on the interwebs, this one actually works. Upload it to your server and name it “denyhosts-remove”, place it in /usr/local/sbin, and make it executable a la chmod +x /usr/local/denyhosts-remove
Invoke it via sudo or as root with no arguments for usage instructions.
#!/bin/bash # denyhosts-remove.sh # # AUTHOR: Tommy Butler, email: $ echo YWNlQHRvbW15YnV0bGVyLm1lCg==|base64 -d # VERSION: 1.0 # # SUMMARY: # Use this script to Remove an IP address ban that has been errantly blacklisted # by denyhosts - the ubiquitous and unforgiving brute-force attack protection # service so often used on Linux boxen. # # INSTALL: # Usage: Put this script somewhere in your $PATH, and execute it as root or # with sudo. Call it directly or with an IP address argument. Multiple IP # address arguments are not supported. You'll need to `chmod +x` it first. # # LICENSE: # GNU GPL 1.0 # Copyright 2011 Tommy Butler, All rights reserved BASE_PATH="/var/lib/denyhosts"; IP=$1 if [[ "`/usr/bin/id -u`" != "0" ]]; then echo "Run this script as root or with sudo or app can't run correctly. Aborted." exit 1; fi cd $BASE_PATH if [[ "`pwd`" != "$BASE_PATH" ]]; then echo "Couldn't cd to $BASE_PATH. Abort." exit 1; fi if [[ "$IP" == "" ]]; then echo "Enter the IP address you want to un-ban" read IP fi if [[ "$IP" == "" ]]; then echo "No IP address given. Abort." exit 1; fi /etc/init.d/denyhosts stop /usr/bin/perl -pi -e "s/^.*?$IP.*\n//g" /etc/hosts.deny * /etc/init.d/denyhosts start exit $?
Are SSH attacks against servers common? Have you had these attacks?
I know that I/we are dealing with trojans such as the Win 7 2012 as a higher rate than ever.
Anyway, I have been reading some of your posts as time allows; VERY well written & informative, albeit over my head at times.
Carl
I apologize for the belated reply. Yes, SSH attacks are very common, but easy to thwart in most cases. I’m glad you’ve taken the time to look over some of my posts. I will get to adding more soon.