• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here:Home » Bypass Blocked SSH Port and Wrong iptables Rules

By Abhishek Ghosh December 20, 2015 11:39 am Updated on December 20, 2015

Bypass Blocked SSH Port and Wrong iptables Rules

Advertisement

New Users Read Bad Blogs and Later Cannot SSH. There are many sysadmins, many Senior Software Engineers exist on this Earth who deliver server security mantras via their blogs to the newbie users. Needless to say, they are neither knowledgable sysadmins nor real Senior Software Engineers. Definitely we are not pointing towards Major Hayden, we agree that security should always be applied in layers, but factually he agreed with the arguments to change the default SSH Port and he is an established coder plus Senior Software Engineer. He talks about enterprise grade setup not a mere one server running a plain website.

Editing the default security setting of GNU/Linux is very dangerous to a new user. Flaw is the sequence of workflow. Here is How to Bypass Blocked SSH Port and Wrong iptables Rules. Swear Not to Do it Again. These methods are used for penetration testing and hacking a server. We will not mention all the ways, but only one practical way, otherwise you’ll attempt to run exploit on others’ servers. Web host console may not work for keyboard mapping and deny password.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Where This Method Will Work

 

You must have installed PHP and a web server software like Nginx or Apache Running. Ideal situation is a WordPress website at the front-end – like we have complete guide to install WordPress with Nginx PHP5-FPM backend.
You must have the port of web server opened, the frontend web software login working.
Definitely you should know your IP address, root username and password.

Advertisement

---

Yes, it is possible to gain root access even with lesser factors but the above condition is normal when you edited /etc/ssh/sshd_config file to change the default SSH port and applied the wrong iptables policy. It is not normal to forget root username and password and side by side getting blocked to SSH.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Situation

 

As example, I read from somewhere to allow port 80 and port 443 and drop/block all the ports first time in life. Then I edited the /etc/ssh/sshd_config file to change the default SSH port. I restarted SSH daemon and got kicked out of the server. Thereafter I am reading this guide.

 

Swear, Loudly

 

I will never read the bad blogs.
I have understood that I am a fool.
I will never try methods in future written in the bad blogs.
I have understood that I know nothing about server security.
I have understood that Console is not like SSH.

 

Do Not Your Webhost Flush the Firewall?

 

If you request your webhost, even in unmanaged plans, the Webhosts flush the firewall policies on request by mercy for the virtual servers and cloud servers. It is kept as last option. For the unmanaged dedicated servers and colocation servers it can be very pathetic situation. For such setup cPanel or Plesk like web hosting control panel is used even for one domain. Internal network and within the server ports are widely opened.

If the above methods work, there is no need to try the next steps.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Run PHP Exploits

 

There are many PHP based Web Shells, they can not help you. As PHP is running as www-data, except few commands which can be run as if as root, nothing can be done. You can not run PHP Shell Execute function to delete /etc/ssh/sshd_config file on a standard setup. GNU/Linux is quite immune to such exploits.

Only way is to create PHP script to run FTP commands on browser via your IP address, do FTP towards localhost or 127.0.0.1, using your changed custom port, your root username, your root password. iptables will not reject such attempt. You can delete the /etc/ssh/sshd_config file, upload a fresh /etc/ssh/sshd_config file with SSH port which you kept open (port 80 or port 443) and reboot the server.

There are many WordPress plugin exists which allows to have FTP like features within WordPress like WordPress FileManager. Such plugin is good to upload or delete custom PHP script to run FTP commands on browser. Do not expect to delete /etc/ssh/sshd_config file on a standard setup via such plugin. If you can not upload custom PHP script on FTP’s public directory, then you installed WordPress with wrong permissions and file ownership.
Question is now WHERE is the custom PHP scripts to delete /etc/ssh/sshd_config file and upload a fresh /etc/ssh/sshd_config file?

First, your FTP credentials are now :

Vim
1
2
3
4
username : root / what you use to SSH
password : your password
port : that one you applied on /etc/ssh/sshd_config, default is 22
host: 127.0.0.1

Actually, you need code yourself. We will not give such ready to use script for security reasons. You can read official website of PHP or find the whole Internet to find scripts. This is an example PHP script (same code is on GitHub as Gist) :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?php
    $conn = ftp_connect("127.0.0.1");
    ftp_login($conn, "username_here", "password_here");
    ftp_pasv($conn, true);
    ftp_chdir($conn, "/etc");
 
    $files = ftp_nlist($conn, ".");
    srand ((float)microtime()*1000000);
    shuffle($files);
 
    $filetoget = array_pop($files);
    ftp_get($conn, $filetoget, $filetoget, FTP_BINARY);
    ftp_close($conn);
?>

The above script is for testing FTP connecting for Port 22 or Port 21. You have changed the Port. Sorry, we can not help with custom PHP scripts FOR this SITUATION. Yes, it is possible gain access via Reverse PHP Shell. An ordinary hacker can not use these methods to gain access.

 

Bypass Blocked SSH Port and Wrong iptables Rules : Success!

 

You possibly wanted to make your server secure. But, those are for advanced users and odd ways.

But, changing SSH port from Port 22 to anything has hundreds of problems. Do not do it as a new user. You can “hide” your ports in other ways (we will not discuss here).

Secondly, Port 80 and/Port Port 443 remaining open, so a hacker can run exploit in more smart way than you. That is why, we use Nginx as reverse proxy or use loadbalancer. When the main server’s IP is not the same as that of what we use to SSH, server management becomes easier. Another server in front filters out most of the attacks. As we run only Nginx not PHP, with regular monitoring of the logs like we mentioned before, is a bit difficult. Obviously, you can configure your server to use a Private Key to SSH, which is possibly better than even Port Knocking. Always keep a way for your own-self to get the access.

 

Do You Need the Atom Bomb?

 

What those fake sysadmins, fake Senior Software Engineers do not mention is to check your own SSH log using basic commands. This command filters the authentication log file (we used /var/log/auth.log for any deb GNU/Linux) for failed authentications and count the attempts :

Vim
1
grep -i fail /var/log/auth.log | wc -l

This command filters the failed login attempts (for any deb GNU/Linux) :

Vim
1
cat /var/log/auth.log | grep 'sshd.*Invalid'

This command filters the successful login attempts (for any deb GNU/Linux) :

Vim
1
cat /var/log/auth.log | grep 'sshd.*opened'

This command filters the Failed password-login attempts (for any deb GNU/Linux) :

Vim
1
grep sshd.\*Failed /var/log/auth.log

This command will show the history of received connections on ssh on the server (for any deb GNU/Linux) :

Vim
1
zgrep sshd /var/log/auth.log* | grep rhost | sed -re 's/.*rhost=([^ ]+).*/\1/' | sort -u

Last command is very important. See the screenshot :

Bypass Blocked SSH Port and Wrong iptables Rules

Report the bad IPs and specifically block them.

Tagged With bypass iptables , change root user ssh
Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Bypass Blocked SSH Port and Wrong iptables Rules

  • iptables Basics : Chapter 1

    IPTables Basics Chapter 1 is Intended For the New Blank Cloud Server or Dedicated Server Users. It is Must to Read Before Executing Commands.

  • iptables Basics : Chapter 2, Fail2Ban

    This is Era of Automation. iptables Rules Can Be Automated With Interactive Package Fail2Ban Which iptables Basics Chapter 2 Will Explain.

  • Fix : pam_unix(sushi:auth): authentication failure SSH Flood

    If You Are Under Brute Force Attack. Here is How to Quickly Fix pam_unix(sushi:auth): authentication failure SSH Flood to Terminate Attack.

  • Join/Merge Multiple Log Files For Big Data Analysis

    Here Are The Ways To Join/Merge Multiple Log Files For Big Data Analysis, Store Them To OpenStack Based Cloud Storage And Delete Old Files.

performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • PowerAmp Settings for Higher Sound QualityOctober 4, 2023
  • Affordable Earphone/IEM for Audiophiles: HiFiMan RE-400 WaterlineOctober 2, 2023
  • What is Hardware Security Module (HSM)September 30, 2023
  • Transducer Technologies of HeadphonesSeptember 28, 2023
  • What is Analog-to-Digital Converter (ADC)September 27, 2023
PC users can consult Corrine Chorney for Security.

Want to know more about us?

Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy