May be a stupid question, but is there a program that will add a ip address to the silent filter automaticly if say one address repeatly tries to log
in unsuccessfully in a given amount of time.
Digital Man wrote to DesotoFireflite <=-
May be a stupid question, but is there a program that will add a ip address to the silent filter automaticly if say one address repeatly tries to log
in unsuccessfully in a given amount of time.
Yes (well, the ip.can, not the silent filter): in the [Global] section
of your ctrl/sbbs.ini file, set LoginAttemptFilterThreshold to a
non-zero value.
This value defaults to 0 for a good reason however. If you're going to
use a non-zero value, I would set it to something high (like 20 or 30 attempts).
See http://wiki.synchro.net/config:sbbs.ini for details.
Yes (well, the ip.can, not the silent filter): in the [Global] section
of your ctrl/sbbs.ini file, set LoginAttemptFilterThreshold to a
non-zero value.
May be a stupid question, but is there a program that will add a ip address to the silent filter automaticly if say one address repeatly tries to log in unsuccessfully in a given amount of time. I'm tired of manualy having to add these hack attempts myself. It gets so bad at times, it ties up all 5 lines of the bbs. As always, thanks
Out of curiousity, are these "hack attempts" actually trying to login to your board, or just randomly trying to connect to your various services to
The hacks I see look like they're general hack scripts that are
just running against open telnet servers. Looking for a way in,
hoping it's a misconfigured router, server, switch, etc.
If you look thru the username/pw combo lists they try they're not looking to get into the 'BBS'.... just an auto script that found
an open telnet port and trying a pile of common admin logins.
That being said, it's annoying because it ties up ports/nodes and occassionaly appears to crash the BBS.
Tho in my case, that could've been due to me running 18mo old code.
:) Just updated today.. hopefully the crashing stops.
If you look thru the username/pw combo lists they try they're not looking to get into the 'BBS'.... just an auto script that found
an open telnet port and trying a pile of common admin logins.
yup! this is one of the reasons why anyone running servers of any type should take the time to learn about the mess that is going on out there and what they can do to protect themselves... i see way too many blaming individuals and blocking IPs that are transient... a temp block at the perimeter to stop the attack for some period of time isthe best response... drop the packets into the bitbucket and let the violating system have to wait on the timeout to take effect... this slows them
down a bit and is better than sending a reject which tells them that
there is something there and doesn't tie them up waiting on the
That being said, it's annoying because it ties up ports/nodes and occassionaly appears to crash the BBS.
Out of curiousity, are these "hack attempts" actually trying to
login to your board, or just randomly trying to connect to your
various services to
I get about 3 attempts aday trying to gain access. In the old days, I would call it war dialing. If I manually put the address into the can, it stops, till another random address comes along to start it all over again. over a weeks times, I can quite a few addresses.. None never make it in, but it's still a pain.
The hacks I see look like they're general hack scripts that are just running against open telnet servers. Looking for a way in, hoping it's
a misconfigured router, server, switch, etc. If you look thru the username/pw combo lists they try they're not looking to get into the 'BBS'.... just an auto script that found an open telnet port and trying
a pile of common admin logins.
That being said, it's annoying because it ties up ports/nodes and occassionaly appears to crash the BBS.
Tho in my case, that could've been due to me running 18mo old code. :) Just updated today.. hopefully the crashing stops.
3? like 3 attempts to connect or 3 different times where thousands of connect attempts just bombard your system bringing it to a crushing halt
3? like 3 attempts to connect or 3 different times where thousands of connect attempts just bombard your system bringing it to a crushing halt
I meant 3 times a day, I get pinged about 100 times each, sometimes more.
It just ties the system up so real callers sometimes can't get in. That is about 300 hack attempts aday, which at times, they come so fast, it takes down all 5 nodes. The clear by themselves, but like I said, it's a pain. They never get in to the bbs, just tie it up.
I get those all the time, they never completely occupy available nodes and t are on just long enough to be annoying. I only have SBBS running as a 6 node system, and I've never had someone not be able to connect because someone wa trying to "hack" my board, though more likely it's some botnet probing my IP for security issues.
Annoying, sure, and if it's crashing your BBS... well maybe you should compi the debug build of SBBS, take some crash dumps and post them to dovenet. May someone can help resolve that issue.
I think half the fun it watching "people" try to connect. Your board is connected to a "fairly" large network, assuming you've chosen to make your board accessable to "THE INTERNET"... (<DrEvil>"Lasers"</DrEvil>) Shit's gon
3? like 3 attempts to connect or 3 different times where thousands
of connect attempts just bombard your system bringing it to a
crushing halt and crushing any hopes of your users being able to
connect, forcing you to literally rip your network connection out of
the wall or face a full blown system crash?
If it's 3... like just 3 random connects from some IP address, do an
IP lookup, it's probably just someone running some random script
that pokes around the net for systems and tries to figure out what
they are.
I mean come on my throw me a bone, are you watching someone running
some crazy password hacking script,
or is it just some bot trying to relay spam emails through your
SMTP service?
From what you've described it doesn't sound like much of a pain.
I think half the fun it watching "people" try to connect.
Your board is connected to a "fairly" large network, assuming
you've chosen to make your board accessable to "THE INTERNET"... (<DrEvil>"Lasers"</DrEvil>) Shit's gonna happen, enjoy it, back up
your files, and plug your security holes when they come up.
3? like 3 attempts to connect or 3 different times where thousands
of connect attempts just bombard your system bringing it to a
crushing halt
I meant 3 times a day, I get pinged about 100 times each, sometimes more. It just ties the system up so real callers sometimes can't get in. That is about 300 hack attempts aday, which at times, they come so fast, it takes down all 5 nodes. The clear by themselves, but like I said, it's a pain. They never get in to the bbs, just tie it up.
yeah that was kindof the whole point. :) No sense running a BBS that only I can get to via localhost. :) Tho I do provide a dialup... still makes me wonder why anyone uses it. (I get like 5 - 15 calls/week on it!).
I mean come on my throw me a bone, are you watching someone running
some crazy password hacking script,
that would be noticible... especially if it were using brute force or possibly a list from publicized breeches...
or is it just some bot trying to relay spam emails through your
SMTP service?
that's slightly different than BBS logins, isn't it?
Just a 2 cents worth. I once had my cable go down and was out a few days. When I came back up, my IP address changed to one that was so wonderfully listed as a proxy server. So many hits per minute, it just shut my system down. I finally had to change the ip address and that did the trick. That was a drastic attack. The current ones going on are not anywhere near as bad, but if it really starts killing your bbs, maybe You could think about changing the IP address. Depending on what kind You have of course.
That seems excessive, how is your system setup on the net? Cable/DSL? Provider? Are you behind a router with port forwarding or are you "exposed"? Using a synchro.net DynDNS or some other DNS setup? Got your own domain? Who's your host?
What also shocks me is that you have callers trying to get in at the same time as these hack attempts and they've contacted you to let you know that they can't get online. Wish I could get that kind of traffic.
LOL, wish I did have that kind of traffic. Let me rephrase... I assume it's blocking inbound bbs calls, as the bot activity is tying up all 5 nodes at times.
yeah that was kindof the whole point. :) No sense running a BBS that onlyI used to play around with some cool stuff using Winserver. Was neat (Probably could do similiar using synchronet, don't see why not...) I'd run a BBS on one computer, another BBS on another computer, totally different software, totally different users, menus, message areas, files, etc. And when you connect via telnet to winserver, it'd allow you to telnet out to the other BBS's via a telnet command to the local IP address that was only visable via inside the network. All BBS's where setup on port 23, but could only be accessed from the winserver setup (which was the only computer open on the router).
I can get to via localhost. :) Tho I do provide a dialup... still makes
me wonder why anyone uses it. (I get like 5 - 15 calls/week on it!).
The hacks I see look like they're general hack scripts that are just
running against open telnet servers. Looking for a way in, hoping it's
a misconfigured router, server, switch, etc. If you look thru the username/pw combo lists they try they're not looking to get into the 'BBS'.... just an auto script that found an open telnet port and trying
a pile of common admin logins.
I get about 3 attempts aday trying to gain access. In the old days, I would call it war dialing. If I manually put the address into the can,
3? like 3 attempts to connect or 3 different times where thousands of connec attempts just bombard your system bringing it to a crushing halt and crushin any hopes of your users being able to connect, forcing you to literally rip
From what you've described it doesn't sound like much of a pain.
I meant 3 times a day, I get pinged about 100 times each, sometimes more. It just ties the system up so real callers sometimes can't get in. That is abou
Sysop: | MCMLXXIX |
---|---|
Location: | Prospect, CT |
Users: | 325 |
Nodes: | 10 (0 / 10) |
Uptime: | 06:35:48 |
Calls: | 510 |
Messages: | 220571 |