BTW, is it normal for a lot of (what I assume to be) bots from random places (lots of IPs from russia, for example) to telnet into my BBS system and try to login as root? Some of them even throw random UNIX commands at the login prompt, so I assume they are trying to get acess into unprotected unix shells (who the hell uses telnet on a unix shell anyway).
It seems to be harmless since none of those commands will actually work on a BBS but, it is annoying.
add the IP address to your ip.can file. I've heard of some scripts for Synchronet that will automatically add an IP address to your ip.can if it detects repeated logins, etc., but I don't remember offhand which scripts will do that for you.
It's fairly common, yes. They are probably bots/scripts trying to do something malicious. I agree they are probably harmless since those commands won't work on a BBS, but if you want to block one of them, you can add the IP address to your ip.can file. I've heard of some scripts for Synchronet that will automatically add an IP address to your ip.can if it detects repeated logins, etc., but I don't remember offhand which scripts will do that for you.
Yeah, I suspected as much. Well, I guess this shouldn't be a problem. It's kinda hilarious to see the bots trying to login as "cd /tmp || cd /var/run||" on a BBS.
I've got the same thing going on here, After looking into it a bit further some of these 'scripts' are attempting to login to do a Brute force on a DVR player, by logging in as "xc5311" (*shrug*)
I've got the same thing going on here, After looking into it a bit further s of these 'scripts' are attempting to login to do a Brute force on a DVR play by logging in as "xc5311" (*shrug*)
The only time it pisses me off is when they tie up ALL nodes of the BBS.
Re: Random people acessing
By: Oshogun to Nightfox on Tue Apr 26 2016 12:20 am
I've got the same thing going on here, After looking into it a bit further some of these 'scripts' are attempting to login to do a Brute force on a DVR player, by logging in as "xc5311" (*shrug*)
The only time it pisses me off is when they tie up ALL nodes of the BBS.
-Ktulu
Yeah, I suspected as much. Well, I guess this shouldn't be a problem. It's kinda hilarious to see the bots trying to login as "cd /tmp || cd /var/run||" on a BBS.
It is halarious, Since I closed all ports except the ones I use on my BBS PC the number of bot related hits have gone down considerably.
Before I closed ports I watched several times as all 10 nodes were being hi all at the same time, since closing ports down I see 1 node once in awhile being sniffed by a sniff bot.
It is halarious, Since I closed all ports except the ones I use on my BBS PC the number of bot related hits have gone down considerably.
Before I closed ports I watched several times as all 10 nodes were being hit all at the same time, since closing ports down I see 1 node once in awhile being sniffed by a sniff bot.
Yeah I just got the xc3511 too D:
Re: Random people acessing
By: Oshogun to Ktulu on Wed Apr 27 2016 11:50 am
Yeah I just got the xc3511 too D:
Googled:
How to reset a DVR to factory settings, and I found this:
To reset password use telnet access with login "root" and password "xc3511". Then go to "/mnt/mtd/Config/" (cd /mnt/mtd/Config/) directory and delete all files "Account" (use "rm -f Account*" command). After reboot DVR will accept empty password for admin.
I still think it's funny. Damn amateurs. LOL!
-Ktulu
Now I just feel like making a "root/xc3511" account with no privileges on the bbs just to see what they do when they get access :')
I have noticed this too. They always seem to try to log in as "root". Of
course, they never get in. But in 2 or 3 days, over 2000 attempts to login like that.. I just ignore them.
I keep thinking, one could run a script at the top of their login script to "You have 10 seconds to press Esc twice." where it just disconnects after 10 seconds without two escape key presses.. similar to the old dialers, but this time to disconnect the bots before they even get to a login prompt.
I keep thinking, one could run a script at the top of their login script to "You have 10 seconds to press Esc twice." where it just disconnects after 10 seconds without two escape key presses.. similar to the old dialers, but thi time to disconnect the bots before they even get to a login prompt.
I have noticed this too. They always seem to try to log in as "root". Of
course, they never get in. But in 2 or 3 days, over 2000 attempts to login like that.. I just ignore them.
I keep thinking, one could run a script at the top of their login script to "You have 10 seconds to press Esc twice." where it just disconnects after
10 seconds without two escape key presses.. similar to the old dialers, but this time to disconnect the bots before they even get to a login prompt.
Seems like that could add an unnecessary hassle, since most of these bots probably won't be able to do anything anyway (you probably don't have a user named 'root', and the commands they try to use won't do anything). Several years ago, I added a login matrix to my BBS, and I figure that should also keep most of the bots out since these bots don't know how to use a login matrix. I suppose that only works with telnet though; bots could still try to log in via SSH.
i have a capcha script that blocks everybody and then removes them and whitelists their ip once they solve it. it blocks a lot but there's an unlimited amount of attackers.
unlimited amount of attackers.
I thought PeerBlock had a function like that, but didn't see it when I looked the last time.
Why not a Script with 3 connections in 5 min , and block the ip for 30 min
or indefinitly , also a Block DNS server to detect bad ip
Curious on this though, is there any method either witnin SBBS or with another software package that can block an IP address from even getting through?
Or maybe when they login with the account send about a 2GB text listing of movies to their screen then hangup.
peerblock does that, if you add the ip address to a custom list.
Yeah, you can add an IP address to the file ip.can to have Synchronet block the IP address from getting through. If you use the Windows version of Synchronet, one way to edit your ip.can is from sbbsctrl, go to BBS > Filters > IP address filter.
Another thing you could do is if your router supports iptables, you could add a line to your router's iptables configuration to block the IP address. Then your router would block it so the request wouldn't have to go to your Synchronet BBS.
Curious on this though, is there any method either witnin SBBS or with another software package that can block an IP address from even getting through?
Mystic has an autoblocker 4 attempts in 20 seconds blocks ip.
Re: Re: Random people acessing
By: Patch to Nightfox on Sun May 01 2016 04:05 pm
Curious on this though, is there any method either witnin SBBS or with another software package that can block an IP address from even getting through?
Mystic has an autoblocker 4 attempts in 20 seconds blocks ip.
BTW, is it normal for a lot of (what I assume to be) bots from random places >(lots of IPs from russia, for example) to telnet into my BBS system and try to >login as root? Some of them even throw random UNIX commands at the login >prompt, so I assume they are trying to get acess into unprotected unix shells >(who the hell uses telnet on a unix shell anyway).
It seems to be harmless since none of those commands will actually work on a >BBS but, it is annoying.
I use an application called PeerBlock which connects to known anti-spam servers, downloads lists and implements that on the network.
are they still using those blocklists meant for email spam as a general block list?
I really don't have to much of a problem since I block all ports except the ones needed by synchronet, you can also block country ips such as China and Russia.
why dont use the program PEERBLOCK ?
I use an application called PeerBlock which connects to known anti-spam servers, downloads lists and implements that on the network.
I really don't have to much of a problem since I block all ports except the ones needed by synchronet, you can also block country ips such as China and Russia.
why dont use the program PEERBLOCK ?
Under Windows, you can block blacklisted IPs/Bots from your computer who is running the BBS.
PeerBlock is open source. i use it on my bbs as well.
I just looked up Peerblock and all it would do is let me see the forums. Found a download link and it just took me back to the forums again.
Is there a download link somewhere else?
Re: Re: Random people acessing
By: Jeff Friend to Goose on Wed May 04 2016 16:30:22
Hi Jeff,
here i got a download link for you. http://filehippo.com/de/download_peerblock/
Greetings
Mike
Yes, I was able to download it from my favorite freeware download site:Thanks for that. I found it last night at download.com as well.
www.freewarefiles.com/PeerBlock_program_53440.html
PeerBlock is open source. i use it on my bbs as well.
I just looked up Peerblock and all it would do is let me see the forums. Found a download link and it just took me back to the forums again.
Is there a download link somewhere else?
That happened to me to day after I started running my BBS. I used noip.com and somehow it was made visible to spammers trying to hack in. After changing my url and using Synchronet's IP forward service, that hasn't happened.
Re: Re: Random people acessing
By: Goose to Jeff Friend on Wed May 04 2016 11:56 am
Re: Re: Random people acessing
By: Jeff Friend to Goose on Wed May 04 2016 16:30:22
Hi Jeff,
here i got a download link for you. http://filehippo.com/de/download_peerblock/
Greetings
Mike
Thanks Mike, I eventually found it at download.com or what ever it is called.
Jeff
Is there a download link somewhere else?
maybe you have to be logged in. i see what you mean.Interesting, I created an account, logged in, had the account approved and got the same results.
Interesting, I created an account, logged in, had the account approved and got the same results.
Oh well, I have it now from elswhere, so all good.
that's too bad, that must be recent.Yes, they either put in some form of adware or they say "free download", but then to actually download, they demand you setup an account, which gives them your email address. But wiat, there's more, they then ask to verify you are a real person by giving them your credit card details.
be careful, some of those free download sites have a wrapper that is adware whatnot.
Curious on this though, is there any method either witnin SBBS or with another software package that can block an IP address from even getting through?
I thought PeerBlock had a function like that, but didn't see it when I looked the last time.
Mro wrote to Nightfox <=-
add the IP address to your ip.can file. I've heard of some scripts for Synchronet that will automatically add an IP address to your ip.can if it detects repeated logins, etc., but I don't remember offhand which scripts will do that for you.
and the jasman has a script that blocks 'em all
Hey Mr jasman, any chance of a copy of said script? Is it Windows or Linux based (or Javascript for Synchro?)..?
I've even got some spare Bitcoin I could contribute lol..
Mro wrote to Sampsa <=-
it's really ugly and i made it myself in 2 mins.
here's what it does:
+ checks the ip with whitelist.can passes user through if they are whitelisted
+ writes the ip to a blacklist.can right away
+ shows challenge code
+ asks them if they are sure twice.
+ hangs up if they fail.
+ if they PASS, the ip address is removed from blacklist.can and the ip
is added to whitelist.can
Ah ok, mind sharing the source? I'm sure I can wrap my head around Baja..
sampsa
It's fairly common, yes. They are probably bots/scripts trying to do somethi N>malicious. I agree they are probably harmless since those commands won't wor N>on a BBS, but if you want to block one of them, you can add the IP address to N>your ip.can file. I've heard of some scripts for Synchronet that will N>automatically add an IP address to your ip.can if it detects repeated logins, N>etc., but I don't remember offhand which scripts will do that for you.
and that helps weed out a lot of these "root logons". Once the weather
calms down here (been a very stormy spring), I'll get a config file from him, and implement it over here.
Seems like that could add an unnecessary hassle, since most of these bots probably won't be able to do anything anyway (you probably don't have a user named 'root', and the commands they try to use won't do anything).
Several years ago, I added a login matrix to my BBS, and I figure that should also keep most of the bots out since these bots don't know how to use a login matrix. I suppose that only works with telnet though; bots could still try to log in via SSH.
| Sysop: | MCMLXXIX |
|---|---|
| Location: | Prospect, CT |
| Users: | 325 |
| Nodes: | 10 (0 / 10) |
| Uptime: | 59:55:02 |
| Calls: | 508 |
| Messages: | 220066 |