• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Bypass Blocked SSH Port and Wrong iptables Rules

By Abhishek Ghosh December 20, 2015 11:39 am Updated on December 20, 2015

Bypass Blocked SSH Port and Wrong iptables Rules

Advertisement

New Users Read Bad Blogs and Later Cannot SSH. There are many sysadmins, many Senior Software Engineers exist on this Earth who deliver server security mantras via their blogs to the newbie users. Needless to say, they are neither knowledgable sysadmins nor real Senior Software Engineers. Definitely we are not pointing towards Major Hayden, we agree that security should always be applied in layers, but factually he agreed with the arguments to change the default SSH Port and he is an established coder plus Senior Software Engineer. He talks about enterprise grade setup not a mere one server running a plain website.

Editing the default security setting of GNU/Linux is very dangerous to a new user. Flaw is the sequence of workflow. Here is How to Bypass Blocked SSH Port and Wrong iptables Rules. Swear Not to Do it Again. These methods are used for penetration testing and hacking a server. We will not mention all the ways, but only one practical way, otherwise you’ll attempt to run exploit on others’ servers. Web host console may not work for keyboard mapping and deny password.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Where This Method Will Work

 

You must have installed PHP and a web server software like Nginx or Apache Running. Ideal situation is a WordPress website at the front-end – like we have complete guide to install WordPress with Nginx PHP5-FPM backend.
You must have the port of web server opened, the frontend web software login working.
Definitely you should know your IP address, root username and password.

Advertisement

---

Yes, it is possible to gain root access even with lesser factors but the above condition is normal when you edited /etc/ssh/sshd_config file to change the default SSH port and applied the wrong iptables policy. It is not normal to forget root username and password and side by side getting blocked to SSH.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Situation

 

As example, I read from somewhere to allow port 80 and port 443 and drop/block all the ports first time in life. Then I edited the /etc/ssh/sshd_config file to change the default SSH port. I restarted SSH daemon and got kicked out of the server. Thereafter I am reading this guide.

 

Swear, Loudly

 

I will never read the bad blogs.
I have understood that I am a fool.
I will never try methods in future written in the bad blogs.
I have understood that I know nothing about server security.
I have understood that Console is not like SSH.

 

Do Not Your Webhost Flush the Firewall?

 

If you request your webhost, even in unmanaged plans, the Webhosts flush the firewall policies on request by mercy for the virtual servers and cloud servers. It is kept as last option. For the unmanaged dedicated servers and colocation servers it can be very pathetic situation. For such setup cPanel or Plesk like web hosting control panel is used even for one domain. Internal network and within the server ports are widely opened.

If the above methods work, there is no need to try the next steps.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Run PHP Exploits

 

There are many PHP based Web Shells, they can not help you. As PHP is running as www-data, except few commands which can be run as if as root, nothing can be done. You can not run PHP Shell Execute function to delete /etc/ssh/sshd_config file on a standard setup. GNU/Linux is quite immune to such exploits.

Only way is to create PHP script to run FTP commands on browser via your IP address, do FTP towards localhost or 127.0.0.1, using your changed custom port, your root username, your root password. iptables will not reject such attempt. You can delete the /etc/ssh/sshd_config file, upload a fresh /etc/ssh/sshd_config file with SSH port which you kept open (port 80 or port 443) and reboot the server.

There are many WordPress plugin exists which allows to have FTP like features within WordPress like WordPress FileManager. Such plugin is good to upload or delete custom PHP script to run FTP commands on browser. Do not expect to delete /etc/ssh/sshd_config file on a standard setup via such plugin. If you can not upload custom PHP script on FTP’s public directory, then you installed WordPress with wrong permissions and file ownership.
Question is now WHERE is the custom PHP scripts to delete /etc/ssh/sshd_config file and upload a fresh /etc/ssh/sshd_config file?

First, your FTP credentials are now :

Vim
1
2
3
4
username : root / what you use to SSH
password : your password
port : that one you applied on /etc/ssh/sshd_config, default is 22
host: 127.0.0.1

Actually, you need code yourself. We will not give such ready to use script for security reasons. You can read official website of PHP or find the whole Internet to find scripts. This is an example PHP script (same code is on GitHub as Gist) :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?php
    $conn = ftp_connect("127.0.0.1");
    ftp_login($conn, "username_here", "password_here");
    ftp_pasv($conn, true);
    ftp_chdir($conn, "/etc");
 
    $files = ftp_nlist($conn, ".");
    srand ((float)microtime()*1000000);
    shuffle($files);
 
    $filetoget = array_pop($files);
    ftp_get($conn, $filetoget, $filetoget, FTP_BINARY);
    ftp_close($conn);
?>

The above script is for testing FTP connecting for Port 22 or Port 21. You have changed the Port. Sorry, we can not help with custom PHP scripts FOR this SITUATION. Yes, it is possible gain access via Reverse PHP Shell. An ordinary hacker can not use these methods to gain access.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Success!

 

You possibly wanted to make your server secure. But, those are for advanced users and odd ways.

But, changing SSH port from Port 22 to anything has hundreds of problems. Do not do it as a new user. You can “hide” your ports in other ways (we will not discuss here).

Secondly, Port 80 and/Port Port 443 remaining open, so a hacker can run exploit in more smart way than you. That is why, we use Nginx as reverse proxy or use loadbalancer. When the main server’s IP is not the same as that of what we use to SSH, server management becomes easier. Another server in front filters out most of the attacks. As we run only Nginx not PHP, with regular monitoring of the logs like we mentioned before, is a bit difficult. Obviously, you can configure your server to use a Private Key to SSH, which is possibly better than even Port Knocking. Always keep a way for your own-self to get the access.

 

Do You Need the Atom Bomb?

 

What those fake sysadmins, fake Senior Software Engineers do not mention is to check your own SSH log using basic commands. This command filters the authentication log file (we used /var/log/auth.log for any deb GNU/Linux) for failed authentications and count the attempts :

Vim
1
grep -i fail /var/log/auth.log | wc -l

This command filters the failed login attempts (for any deb GNU/Linux) :

Vim
1
cat /var/log/auth.log | grep 'sshd.*Invalid'

This command filters the successful login attempts (for any deb GNU/Linux) :

Vim
1
cat /var/log/auth.log | grep 'sshd.*opened'

This command filters the Failed password-login attempts (for any deb GNU/Linux) :

Vim
1
grep sshd.\*Failed /var/log/auth.log

This command will show the history of received connections on ssh on the server (for any deb GNU/Linux) :

Vim
1
zgrep sshd /var/log/auth.log* | grep rhost | sed -re 's/.*rhost=([^ ]+).*/\1/' | sort -u

Last command is very important. See the screenshot :

Bypass Blocked SSH Port and Wrong iptables Rules

Report the bad IPs and specifically block them.

Tagged With bypass iptables , change root user ssh

This Article Has Been Shared 871 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Bypass Blocked SSH Port and Wrong iptables Rules

  • Cloud Computing IaaS : Infrastructure as a Service

    Cloud Computing IaaS or Infrastructure as a Service is the lowest level in cloud computing.IT infrastructure like archive and backup services are actually IaaS.

  • Rackspace Cloud Hosting Review : Suits Everyone’s Wallet

    Rackspace Cloud Hosting Review is intended for the users who are seeking a reliable Cloud Computing Platform or a reliance elegant managed Cloud Hosting.

  • Cloud Computing, Open Source and Developers

    Cloud Computing, specially Public Cloud, can not progress without being Open Source because of the huge contribution from developers makes softwares bug free.

  • Do Not Use Host1Free Cloud Server Free or Paid

    Do Not Use Host1Free Cloud Server Free or Paid although we previously published guides. This caution is after feedback from few visitors and our experience.

  • Strategic Requirements for Including Cloud computing for Small Businesses

    Strategic requirements for including cloud computing for small businesses are not limited to choosing the provider, platform but also calculating the risks.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • The Importance of Voice and Style in Essay Writing April 1, 2023
  • What Online Casinos Have No Deposit Bonus in Australia March 30, 2023
  • Four Foolproof Tips To Never Run Out Of Blog Ideas For Your Website March 28, 2023
  • The Interactive Entertainment Serving as a Tech Proving Ground March 28, 2023
  • Is it Good to Run Apache Web server and MySQL Database on Separate Cloud Servers? March 27, 2023

About This Article

Cite this article as: Abhishek Ghosh, "Bypass Blocked SSH Port and Wrong iptables Rules," in The Customize Windows, December 20, 2015, April 1, 2023, https://thecustomizewindows.com/2015/12/bypass-blocked-ssh-port-and-wrong-iptables-rules/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT