Monthly Archives: November 2012

Bash one liner: rDNS of failed ssh logins

Quickly get the rDNS of each IP that failed to login to your ssh :D

grep Failed /var/log/auth.log|grep -v pronto|sed 's/.*from //;s/ port.*//'|sort -u|while read host
        host "$host"
Host not found: 2(SERVFAIL)
Host not found: 2(SERVFAIL)
Host not found: 3(NXDOMAIN)
Host not found: 3(NXDOMAIN) domain name pointer
Host not found: 3(NXDOMAIN)
Host not found: 3(NXDOMAIN)
Host not found: 2(SERVFAIL) domain name pointer
Host not found: 3(NXDOMAIN)
Host not found: 3(NXDOMAIN) domain name pointer
Host not found: 2(SERVFAIL) domain name pointer
Host not found: 3(NXDOMAIN) domain name pointer domain name pointer
Host not found: 3(NXDOMAIN)

:D    also you can replace the “host “$host”  part with:    whois “$host” > $host    and quickly whois each IP as well, I recommend doing this in it’s own DIR though.  Then just do less *   and :n  to go to next file

Breakdown on the one liner for people new to linux/bash/celery
This part is pretty self explanatory, just greping auth.log for Failed, then grep -v is an inverse grep getting rid of my user name

grep Failed /var/log/auth.log|grep -v pronto

This part using is removing everything up to and including the word ‘from’ then everything and including the word ‘port’
the sed command is acutely doing two sed actions separated via a semicolon (no need to pipe sed to sed)

sed 's/.*from //;s/ port.*//'
the original line looks like:
Nov  9 08:22:56 tasty sshd[25254]: Failed password for root from port 54268 ssh2
then end result is just ""

for more useful sed one liners check out this page
this next part just sorts the massive list, and the -u flag only shows the unique ones

sort -u


Android Socks5 proxy

As an update to my last post I was able to get a socks5 proxy going on android(with no root) with ipv6 also working via the proxy

Some reason the screenshot program screws up the colors


That IP is one of my VPS’s and as you can see, ipv6 is working  (i don’t have ipv6 at home either)

How I did it:

Start with irssi connect-bot And save a server, on the main menu area, press and hold the server, and select “Edit Port fowards” and add a new one with info like:

You don’t need the same port, but it does need to be a dynamic socks proxy


Then on firefox go to about:config

Search for “proxy” and make the following changes:

network.proxy.socks = localhost
network.proxy.socks_port = 50505  (or what ever port you used)
network.proxy.socks_remote_dns = true
network.proxy.type = 1

and boom, it should work :D to revert to no proxy make network.proxy.type = 5

ssh, socks5 proxy, and windows

I have this VPS that has an ipv6 address (yay! I’m so awesome…)
Sadly my ISP does not yet provide ipv6 (evil FiOS, but that’s a rant on it’s own), so while using linux I’m able to do simple socks5 proxy to be able to use the ipv6 awesomness, eg:

$ ssh -D 50502

firefox proxy config

Yay, I’m now browsing the web via the socks5 proxy, and when I go to I get a lovely 10/10 and I see my VPS’s ipv6 address

When I try to do this on putty via windows7 ipv6 does NOT work *sadface*

Windows7, firefox, putty, socks5, no ipv6! :(

Evil Javascript and

As someone who likes to select text as they read it, use of javascript to disable that is rather annoying.

yes I know about noscript/etc… but they shouldn’t be disabling text selection in the first place, it does nothing to protect content

…to prove it, i cloned all of and disabled that javascript

eg: (if you have JS enabled) no text selection, lame! yay, can has text selection

full site:


du -sh ./* | grep snopes
144M ./
13M ./snopes.js.tar.bz2
(text always impresses me how well it compresses)
# find|wc -l
# find -name "*.html"| wc -l
that means: 6145 total files, 5328 are html pages for the stories


you may find yourself asking “how the hell?”
simple! wget + find + xargs + sed + bored

wget \
--recursive \
--no-clobber \
--page-requisites \
--html-extension \
--convert-links \
--restrict-file-names=windows \
--no-parent \
-D \
--user=agent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1" \
<a href="" target="_blank"></a>

then to disabled that javascript

find . -name "*html" -print | xargs sed -i 's/var omitformtags/#var omitformtags/g'

^ what that does is list every file ending in: “.html” and makes it a massive list, kinda like:

# find -name "*.html"| tail

then it passes that list off to xargs, which runs the sed command on each file to comment out “var omitformtags” which in return breaks the JS that disables text selection.

took all of ~20 minutes to grab every file on via that, then a few seconds to disable that javascript on 5328 html files

this is not only a lesson in dont annoy linux geeks, but also automation and how to edit 5000+ files in seconds