denyhosts keeps adding back my IP

Question

I am trying to unblock an IP from which I was doing some tests. I have followed the tutorials on the net:

$ sudo /etc/init.d/denyhosts stop
$ sudo vim /etc/deny.         


        

Answer 1

Adding to an old question, but on Debian Wheezy removing the IP entries did not help: within seconds of running "service denyhost start" the IP would be re-added to hosts.deny and all the files in /var/lib/denyhosts/. It turns out that DenyHosts was re-scanning /var/log/auth.log which included the failed login attempts.

After removing the IP entry from the files listed above, before you restart denyhosts, force auth.log to be archived by running (as root):

logrotate -vf /etc/logrotate.d/rsyslog

Double-check that /var/log/auth.log is empty, then restart denyhosts.

Answer 2

Just add the IP that should always have access to the file:

/etc/hosts.allow

That entry could look like:

ALL: 30.20.10.0/24

That way, even if it ends up in /etc/hosts.deny as well, the IP will still have access.

Mind the ALL before the IP, I see you forgot that with your echo statement.

References:

• http://its.virginia.edu/unixsys/sec/hosts.html
• http://linux.die.net/man/5/hosts.allow

Answer 3

This worked for me on Centos. Follow the 8 steps below and you should be good to go.

1. Stop DenyHosts

   # services denyhosts stop

2. Remove the IP address from /etc/hosts.deny

3. Edit /var/lib/denyhosts/hosts and remove the lines containing the IP address. Save the file.

4. Edit /var/lib/denyhosts/hosts-restricted and remove the lines containing the IP address. Save the file.

5. Edit /var/lib/denyhosts/hosts-root and remove the lines containing the IP address. Save the file.

6. Edit /var/lib/denyhosts/hosts-valid and remove the lines containing the IP address. Save the file.

7. Edit /var/lib/denyhosts/users-hosts and remove the lines containing the IP address. Save the file.

(optional) Consider adding the IP address to /var/lib/denyhosts/allowed-hosts

8. Start DenyHosts

   # services denyhosts start

Answer 4

You can do this in 4 commands. It automates the earlier answer from @Abdellatif with a python script, so you should thoroughly glance over the source before pasting these 4 lines into the command prompt (replacing IP_ADDRESS with the ip address):

sudo /etc/init.d/denyhosts stop
git clone  https://github.com/rsprabery/unblock.git
sudo python unblock/unblock.py <IP_ADDRESS>
sudo /etc/init.d/denyhosts start

It should work on all Ubuntu systems. And it's fast. And you don't have to edit any files. But, you are running someone else's script as sudo.

Answer 5

Nothing worked but Answer by Oleksandr Shmyheliuk

Used following two commands

iptables -L -n -v | grep 49.33.135.137

if there is output then use following command

iptables -D INPUT -s 49.33.135.137 -j DROP 

Answer 6

Ubuntu 18.04

IP_UNBLOCK='1.2.3.4'
systemctl stop denyhosts
sed -i -e "/$IP_UNBLOCK/d" /etc/hosts.deny
sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts
sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-restricted
sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-root
sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-valid
sed -i -e "/$IP_UNBLOCK/d" /var/lib/denyhosts/users-hosts
sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-root
sed -i -e "/refused connect from $IP_UNBLOCK/d" /var/log/auth.log
sed -i -e "/from $IP_UNBLOCK port/d" /var/log/auth.log
iptables -D INPUT -s "$IP_UNBLOCK" -j DROP
ufw reload
systemctl start denyhosts

and run this before you install denyhosts

echo "All:" $(last -i | grep -v '0.0.0.0' | grep 'root' | head -1 | awk '{print $3}') >> /etc/hosts.allow