On 03/09/16, Doctor Who said the following...

Re: Re: SSH
By: Gryphon to Nightfox on Tue Mar 08 2016 07:56 am

Maybe, but my BBS is all I really have on my BBS machine. To go al with your argument,
there probably isn't anything really interesting an attacker would from a BBS machine
anyway.

Other than to get on to it and install rootkits and use it as a platfor run DoS attacks.

That's a very good point. I don't know just how much could be
accomplished from a regular user account, but at the very least spam

Consider how most BBSes have some sort of method for extracting uploaded
files to find and import the file_id.diz into the filebase listings. If you uploaded a file with some sort of rootkit of other malware bomb, it could potentialy be set to run on extraction.

so, somebody with a network traffic sniffer can find the clear text username/passwords of a user when he logs into a BBS, log in himself, upload a malware file, the BBS extracts the file looking for the file_id.diz, and then potentially take over the bbs machine.


Just sayin'.

Of course, if that would happen to my BBS, I'd just take it offline and reformat and start again.

--- Mystic BBS v1.12 A4 (Raspberry Pi)
* Origin: Cyberia BBS | Cyberia.Darktech.Org | Kingwood, TX