ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    VitalPBX how to manually unban yourself from the command line

    IT Discussion
    vitalpbx fail2ban command line cli how to
    4
    9
    2.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by JaredBusch

      It is not uncommon to lock yourself out of things when you are exploring them new.

      VitalPBX is no exception. It uses fail2ban and there are some simple commands you need to know how to use from the command line to get yourself back in.

      Log in to the console of your VM where ever it is hosted, switch to root and use the fail2ban-client status command.

      This will list all of the jails that are currently set up.

      [root@vpbx ~]# fail2ban-client status
      Status
      |- Number of jail:	11
      `- Jail list:	apache-auth, apache-badbots, apache-modsecurity, apache-overflows, apache-shellshock, asterisk-vpbx, dropbear, recidive, sshd, sshd-ddos, vitalpbx-gui
      

      You can then look at the jails individually. The fail2ban-client command does not have a way to list everything at once, if you want to get into that, you are looking at parsing the iptables rules with grep.

      To look at a single jail, you simply add that jail name after status.
      I have no hits on ssh because I have it restricted with a Vultr firewall.

      [root@vpbx ~]# fail2ban-client status sshd
      Status for the jail: sshd
      |- Filter
      |  |- Currently failed:	0
      |  |- Total failed:	0
      |  `- Journal matches:	_SYSTEMD_UNIT=sshd.service + _COMM=sshd
      `- Actions
         |- Currently banned:	0
         |- Total banned:	0
         `- Banned IP list:	
      

      On the other hand, asterisk.....
      And yes, my IP was in there because I messed up something.

      root@vpbx ~]# fail2ban-client status asterisk-vpbx
      Status for the jail: asterisk-vpbx
      |- Filter
      |  |- Currently failed:	6
      |  |- Total failed:	183
      |  `- File list:	/var/log/asterisk/fail2ban
      `- Actions
         |- Currently banned:	9
         |- Total banned:	10
         `- Banned IP list:	185.53.88.253 102.165.52.90 77.247.110.17 212.83.129.111 102.165.52.107 77.247.110.127 102.165.51.161 185.53.88.210 77.247.110.19
      

      To clear a ban, is simple enough fail2ban-client set asterisk-vpbx unbanip ip.to.un.ban

      [root@vpbx ~]# fail2ban-client set asterisk-vpbx unbanip 185.53.88.253
      185.53.88.253
      

      It is important to note for beginners. It does not matter which service you get an IP banned for. The ban is for the IP. This mean once on the list for any service, the IP is blocked from hitting the system for any service.

      DashrenderD 1 Reply Last reply Reply Quote 2
      • DashrenderD
        Dashrender @JaredBusch
        last edited by

        @JaredBusch said in VitalPBX how to manually unban yourself from the command line:

        It is important to note for beginners. It does not matter which service you get an IP banned for. The ban is for the IP. This mean once on the list for any service, the IP is blocked from hitting the system for any service.

        Do you have to use the service that banned it to unban it?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said in VitalPBX how to manually unban yourself from the command line:

          Do you have to use the service that banned it to unban it?

          That's unrelated to what he mentioned. Fail2ban is the service that does the banning. The service you are banned for are things like httpd, asterisk, etc.

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @scottalanmiller
            last edited by

            @scottalanmiller said in VitalPBX how to manually unban yourself from the command line:

            @Dashrender said in VitalPBX how to manually unban yourself from the command line:

            Do you have to use the service that banned it to unban it?

            That's unrelated to what he mentioned. Fail2ban is the service that does the banning. The service you are banned for are things like httpd, asterisk, etc.

            What he meant was the jail. That would be my fault for being unspecific.

            Yes @Dashrender, you need to specify the jail.

            Look at my unbanip example.

            DashrenderD 1 Reply Last reply Reply Quote 0
            • DashrenderD
              Dashrender @JaredBusch
              last edited by

              @JaredBusch said in VitalPBX how to manually unban yourself from the command line:

              @scottalanmiller said in VitalPBX how to manually unban yourself from the command line:

              @Dashrender said in VitalPBX how to manually unban yourself from the command line:

              Do you have to use the service that banned it to unban it?

              That's unrelated to what he mentioned. Fail2ban is the service that does the banning. The service you are banned for are things like httpd, asterisk, etc.

              What he meant was the jail. That would be my fault for being unspecific.

              Yes @Dashrender, you need to specify the jail.

              Look at my unbanip example.

              I did - that's why I asked the question, do you have to use a specific jail to unban or can you use any jail to unban? The reason I ask is because you said - once any jail bans you - you're ban for all jails.

              I'm assuming yes, you have to use the specific jail that has you listed as banned. but I'm asking anyhow.

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • CloudKnightC
                CloudKnight
                last edited by

                Handy one for white listing a IP is to edit the jail.conf file and add: ignoreip = 127.0.0.1/8 - (Replace this with your IP)

                JaredBuschJ 1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @Dashrender
                  last edited by

                  @Dashrender said in VitalPBX how to manually unban yourself from the command line:

                  I'm assuming yes, you have to use the specific jail that has you listed as banned. but I'm asking anyhow.

                  Yes because that is where it will find it listed to unban.

                  1 Reply Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @CloudKnight
                    last edited by JaredBusch

                    @StuartJordan said in VitalPBX how to manually unban yourself from the command line:

                    Handy one for white listing a IP is to edit the jail.conf file and add: ignoreip = 127.0.0.1/8 - (Replace this with your IP)

                    Never, ever, do this.

                    Work within the product that you are using. Never go around it like this.

                    By doing this, you lose all accountability within the product for how it is configured.

                    Just like FreePBX, VitalPBX has a specific location within the GUI to whitelist things. You do it there. I simply had not done it yet as I was only testing the solution fairly randomly.

                    CloudKnightC 1 Reply Last reply Reply Quote 2
                    • CloudKnightC
                      CloudKnight @JaredBusch
                      last edited by

                      @JaredBusch fair enough, I haven't used the product itself as of yet and wasn't aware it had whitelisting inside the product, if this was specific to just fail2ban then that method would be suitable, but in this case I agree with you, my mistake.

                      1 Reply Last reply Reply Quote 0
                      • 1 / 1
                      • First post
                        Last post