• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Bypass Blocked SSH Port and Wrong iptables Rules

By Abhishek Ghosh December 20, 2015 11:39 am Updated on December 20, 2015

Bypass Blocked SSH Port and Wrong iptables Rules

Advertisement

New Users Read Bad Blogs and Later Cannot SSH. There are many sysadmins, many Senior Software Engineers exist on this Earth who deliver server security mantras via their blogs to the newbie users. Needless to say, they are neither knowledgable sysadmins nor real Senior Software Engineers. Definitely we are not pointing towards Major Hayden, we agree that security should always be applied in layers, but factually he agreed with the arguments to change the default SSH Port and he is an established coder plus Senior Software Engineer. He talks about enterprise grade setup not a mere one server running a plain website.

Editing the default security setting of GNU/Linux is very dangerous to a new user. Flaw is the sequence of workflow. Here is How to Bypass Blocked SSH Port and Wrong iptables Rules. Swear Not to Do it Again. These methods are used for penetration testing and hacking a server. We will not mention all the ways, but only one practical way, otherwise you’ll attempt to run exploit on others’ servers. Web host console may not work for keyboard mapping and deny password.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Where This Method Will Work

 

You must have installed PHP and a web server software like Nginx or Apache Running. Ideal situation is a WordPress website at the front-end – like we have complete guide to install WordPress with Nginx PHP5-FPM backend.
You must have the port of web server opened, the frontend web software login working.
Definitely you should know your IP address, root username and password.

Advertisement

---

Yes, it is possible to gain root access even with lesser factors but the above condition is normal when you edited /etc/ssh/sshd_config file to change the default SSH port and applied the wrong iptables policy. It is not normal to forget root username and password and side by side getting blocked to SSH.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Situation

 

As example, I read from somewhere to allow port 80 and port 443 and drop/block all the ports first time in life. Then I edited the /etc/ssh/sshd_config file to change the default SSH port. I restarted SSH daemon and got kicked out of the server. Thereafter I am reading this guide.

 

Swear, Loudly

 

I will never read the bad blogs.
I have understood that I am a fool.
I will never try methods in future written in the bad blogs.
I have understood that I know nothing about server security.
I have understood that Console is not like SSH.

 

Do Not Your Webhost Flush the Firewall?

 

If you request your webhost, even in unmanaged plans, the Webhosts flush the firewall policies on request by mercy for the virtual servers and cloud servers. It is kept as last option. For the unmanaged dedicated servers and colocation servers it can be very pathetic situation. For such setup cPanel or Plesk like web hosting control panel is used even for one domain. Internal network and within the server ports are widely opened.

If the above methods work, there is no need to try the next steps.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Run PHP Exploits

 

There are many PHP based Web Shells, they can not help you. As PHP is running as www-data, except few commands which can be run as if as root, nothing can be done. You can not run PHP Shell Execute function to delete /etc/ssh/sshd_config file on a standard setup. GNU/Linux is quite immune to such exploits.

Only way is to create PHP script to run FTP commands on browser via your IP address, do FTP towards localhost or 127.0.0.1, using your changed custom port, your root username, your root password. iptables will not reject such attempt. You can delete the /etc/ssh/sshd_config file, upload a fresh /etc/ssh/sshd_config file with SSH port which you kept open (port 80 or port 443) and reboot the server.

There are many WordPress plugin exists which allows to have FTP like features within WordPress like WordPress FileManager. Such plugin is good to upload or delete custom PHP script to run FTP commands on browser. Do not expect to delete /etc/ssh/sshd_config file on a standard setup via such plugin. If you can not upload custom PHP script on FTP’s public directory, then you installed WordPress with wrong permissions and file ownership.
Question is now WHERE is the custom PHP scripts to delete /etc/ssh/sshd_config file and upload a fresh /etc/ssh/sshd_config file?

First, your FTP credentials are now :

Vim
1
2
3
4
username : root / what you use to SSH
password : your password
port : that one you applied on /etc/ssh/sshd_config, default is 22
host: 127.0.0.1

Actually, you need code yourself. We will not give such ready to use script for security reasons. You can read official website of PHP or find the whole Internet to find scripts. This is an example PHP script (same code is on GitHub as Gist) :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?php
    $conn = ftp_connect("127.0.0.1");
    ftp_login($conn, "username_here", "password_here");
    ftp_pasv($conn, true);
    ftp_chdir($conn, "/etc");
 
    $files = ftp_nlist($conn, ".");
    srand ((float)microtime()*1000000);
    shuffle($files);
 
    $filetoget = array_pop($files);
    ftp_get($conn, $filetoget, $filetoget, FTP_BINARY);
    ftp_close($conn);
?>

The above script is for testing FTP connecting for Port 22 or Port 21. You have changed the Port. Sorry, we can not help with custom PHP scripts FOR this SITUATION. Yes, it is possible gain access via Reverse PHP Shell. An ordinary hacker can not use these methods to gain access.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Success!

 

You possibly wanted to make your server secure. But, those are for advanced users and odd ways.

But, changing SSH port from Port 22 to anything has hundreds of problems. Do not do it as a new user. You can “hide” your ports in other ways (we will not discuss here).

Secondly, Port 80 and/Port Port 443 remaining open, so a hacker can run exploit in more smart way than you. That is why, we use Nginx as reverse proxy or use loadbalancer. When the main server’s IP is not the same as that of what we use to SSH, server management becomes easier. Another server in front filters out most of the attacks. As we run only Nginx not PHP, with regular monitoring of the logs like we mentioned before, is a bit difficult. Obviously, you can configure your server to use a Private Key to SSH, which is possibly better than even Port Knocking. Always keep a way for your own-self to get the access.

 

Do You Need the Atom Bomb?

 

What those fake sysadmins, fake Senior Software Engineers do not mention is to check your own SSH log using basic commands. This command filters the authentication log file (we used /var/log/auth.log for any deb GNU/Linux) for failed authentications and count the attempts :

Vim
1
grep -i fail /var/log/auth.log | wc -l

This command filters the failed login attempts (for any deb GNU/Linux) :

Vim
1
cat /var/log/auth.log | grep 'sshd.*Invalid'

This command filters the successful login attempts (for any deb GNU/Linux) :

Vim
1
cat /var/log/auth.log | grep 'sshd.*opened'

This command filters the Failed password-login attempts (for any deb GNU/Linux) :

Vim
1
grep sshd.\*Failed /var/log/auth.log

This command will show the history of received connections on ssh on the server (for any deb GNU/Linux) :

Vim
1
zgrep sshd /var/log/auth.log* | grep rhost | sed -re 's/.*rhost=([^ ]+).*/\1/' | sort -u

Last command is very important. See the screenshot :

Bypass Blocked SSH Port and Wrong iptables Rules

Report the bad IPs and specifically block them.

Tagged With bypass iptables , change root user ssh

This Article Has Been Shared 411 Times!

Facebook Twitter Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Bypass Blocked SSH Port and Wrong iptables Rules

  • Cloud Computing IaaS : Infrastructure as a Service

    Cloud Computing IaaS or Infrastructure as a Service is the lowest level in cloud computing.IT infrastructure like archive and backup services are actually IaaS.

  • Rackspace Cloud Hosting Review : Suits Everyone’s Wallet

    Rackspace Cloud Hosting Review is intended for the users who are seeking a reliable Cloud Computing Platform or a reliance elegant managed Cloud Hosting.

  • Cloud Computing, Open Source and Developers

    Cloud Computing, specially Public Cloud, can not progress without being Open Source because of the huge contribution from developers makes softwares bug free.

  • Do Not Use Host1Free Cloud Server Free or Paid

    Do Not Use Host1Free Cloud Server Free or Paid although we previously published guides. This caution is after feedback from few visitors and our experience.

  • Strategic Requirements for Including Cloud computing for Small Businesses

    Strategic requirements for including cloud computing for small businesses are not limited to choosing the provider, platform but also calculating the risks.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (22.1K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • The Cost of Doing Business as a Handyman July 1, 2022
  • Samsung Galaxy S22 Ultra: Long Term Review June 30, 2022
  • How to Make the Most of Your S Pen (S22 Ultra) June 29, 2022
  • Safe Chargers for Samsung Galaxy S22 Ultra June 27, 2022
  • How Telecoms Can Use The Cloud To Power Their 5G Network June 24, 2022

About This Article

Cite this article as: Abhishek Ghosh, "Bypass Blocked SSH Port and Wrong iptables Rules," in The Customize Windows, December 20, 2015, July 2, 2022, https://thecustomizewindows.com/2015/12/bypass-blocked-ssh-port-and-wrong-iptables-rules/.

Source:The Customize Windows, JiMA.in

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Privacy Policy.

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2022 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy