Remove an IP address ban that has been errantly blacklisted by denyhosts

denyhosts-remove $IP_ADDRESS

2
2009-11-19 16:28:34

These Might Interest You

  • Blacklisted is a compiled list of all known dirty hosts (botnets, spammers, bruteforcers, etc.) which is updated on an hourly basis. This command will get the list and create the rules for you, if you want them automatically blocked, append |sh to the end of the command line. It's a more practical solution to block all and allow in specifics however, there are many who don't or can't do this which is where this script will come in handy. For those using ipfw, a quick fix would be {print "add deny ip from "$1" to any}. Posted in the sample output are the top two entries. Be advised the blacklisted file itself filters out RFC1918 addresses (10.x.x.x, 172.16-31.x.x, 192.168.x.x) however, it is advisable you check/parse the list before you implement the rules Show Sample Output


    32
    wget -qO - http://infiltrated.net/blacklisted|awk '!/#|[a-z]/&&/./{print "iptables -A INPUT -s "$1" -j DROP"}'
    sil · 2009-02-18 16:08:23 7
  • Quick shortcut if you know the hostname and want to save yourself one step for looking up the IP address separately.


    2
    ssh-keygen -R $(dig +short host.domain.tld)
    atoponce · 2012-01-19 15:08:50 0
  • Using DynDNS or a similar service not only allows access to your home machine from outside without needing to know what IP the ISP has assigned to it but it also comes in handy if you want to know your external IP address. The only purpose of the sed command is to remove the leading "host.na.me has address " part from the output. If you don't need to discard it you can simply use host $HOSTNAME


    1
    host $HOSTNAME|cut -d' ' -f4
    penpen · 2009-08-08 12:39:00 2
  • Quick shortcut if you know the hostname and want to save yourself one step for looking up the IP address separately.


    5
    ssh-keygen -R `host hostname | cut -d " " -f 4`
    flart · 2009-09-23 14:58:28 3

What Others Think

Fine. Sugsestion : to initialize the BASE_PATH variable, you could extract it from the denyhosts.conf file BASE_PATH=$(awk -F' = ' '$1 == "WORK_DIR" { print $2 }')
frans · 440 weeks and 5 days ago
frans · 440 weeks and 5 days ago
Apologize : BASE_PATH=$(awk -F' = ' '$1 == "WORK_DIR" { print $2 }' /etc/denyhosts.conf)
frans · 440 weeks and 5 days ago
The script doesn't work with actual sh. It probably should start with #!/bin/bash
agladysh · 436 weeks and 4 days ago
It will be unfortunate for anyone who uses this script, as taking it out of /etc/hosts.deny is not enough. When they start the daemon back up, they'll notice the IP get blocked again. Probably best if you read the FAQ: http://denyhosts.sourceforge.net/faq.html#3_19. You have 6 files to edit, before completely removing the IP address from denyhosts(8), and a 7th if you want to whitelist the IP.
atoponce · 344 weeks and 4 days ago
ataponce, that's not what the script does. check out atrixnet.com for more details.
linuxrawkstar · 344 weeks and 4 days ago
the script doesn't edit one file. take a look at the perl command in the script. it takes care of all the files it needs in order to really remove the lockout. thanks for your comments on the website.
linuxrawkstar · 344 weeks and 4 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: