I love DigitalOcean as a host for my little blog and as part of moving domains and getting everything setup, I activated the WP – fail2ban plugin. Here’s what the plugin does

fail2ban is one of the simplest and most effective security measures you can implement to prevent brute-force attacks

https://wordpress.org/plugins/wp-fail2ban/

Forget Password – Get Locked Out

As is the rite of passage, I had forgotten my login credentials but didn’t want to admit it. I tried a number of combinations and after about 5 attempts, I could no longer access the login page. At first I hadn’t the faintest idea what was going on but then it dawned on me that I had just blocked myself by getting my own IP banned. So if you’re hosting your wordpress site on DigitalOcean and if you are one of those unlucky souls that got your own IP banned and locked out, I hope this helps you out.

Step 0: Access your DigitalOcean Console

To do this, we’re going to login to our DigitalOcean droplet console (depending on your initial setup, you’re going to SSH in OR login to DigitalOcean -> Click on your droplet -> select Access from the droplet options -> Launch Recovery Console

Step 1: Confirm your Ban

Now that we have access to the console, let’s check if our IP has been banned. To do this we first type the following command in to the shell

iptables -n -L

If you see your IP in here, that’s confirmation that you banned yourself. Look above where your IP is listed and get the value of the ‘Chain’ it’s listed under.

Note: If you don’t know what your IP address is, use a tool like whatsmyipaddress.com

Note 2: If you can’t see the entire results and need to scroll up, you can do that with Shift + Fn + Up Arrow (on a Mac)

Step 2: fail2ban version + status

Now let’s make sure we know what version of fail2ban we are working with.

fail2ban-client --version
>>Fail2Ban v0.11.1

You should get some type of response output with a version number. As of writing this, mine was Fail2Ban v0.11.1

Now let’s check status

fail2ban-client status
>>
|- Number of jail:	X
 - Jail list: <jailname1>, <jailname2>, <jailname3>

Here you’ll see some output related to how many jails were created. Remember the chain value we got from Step 1, let’s use that to get a little bit more granular.

fail2ban-client status <jailname>

You should get some output here. Pay particular attention to the “Actions” section. Your IP should be listed here, which is further confirmation of your ban AND that you are looking at right place.

Step 3: Unban Yourself

Now it’s time to give us the all clear. To do this type this into the console

fail2ban-client set <jailname> unbanip <ipaddress>

You should get some output (as long as don’t get an error here you should be fine) that confirms actions were executed.

Step 4: Breathe a Sigh of Relief

At this point you can start up a new browser tab and check the login page again and voila you should be able to see everything as normal.

Conclusion

If you end up banning your own IP with the fail2ban plugin, you can follow the steps and get yourself unbanned. Hopefully, now that you’ve been unbanned, you create a better password – one that you can remember and avoid having to repeat this ever again!

Ref: https://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban/475117

Show CommentsClose Comments

Leave a comment