In sbbs.ini, I have:
LoginAttemptHackThreshold = 10
LoginAttemptFilterThreshold = 20
and then I had this in my event log:
Nov 12 06:50:24 eldritch synchronet: term 0067 Telnet connection
accepted from: 111.151.195.247 port 39052
Nov 12 06:50:24 eldritch synchronet: term 0067 Hostname: <no name>
Nov 12 06:50:24 eldritch synchronet: term Node 2 attached to local
interface 10.0.0.10 port 23
Nov 12 06:50:24 eldritch synchronet: term Node 2 06:50a Thu Nov 12 2015
Node 2
Nov 12 06:50:24 eldritch synchronet: term Node 2 Telnet <no name> [111.151.195.247]
Nov 12 06:50:40 eldritch synchronet: term Node 2 disconnected
If i go through the rest of the event log, I can see that this IP
address connects and disconnects more than 20 times, so I am thinking I misunderstand how LoginAttemptFilterThreshold works maybe?
Also is it logged when an IP address is added to ip.can automatically?
Re: LoginAttemptFilterThreshold
> If i go through the rest of the event log, I can see that this IP
> address connects and disconnects more than 20 times, so I am thinking I
> misunderstand how LoginAttemptFilterThreshold works maybe?
There was no login attempted, so the LoginAttempt... settings don't have an effect.
> Also is it logged when an IP address is added to ip.can automatically?
Yes. If you look in your ip.can, it'll have comments to that effect as well (if/when any IPs are automatically added).
> Also is it logged when an IP address is added to ip.can automatically?
Yes. If you look in your ip.can, it'll have comments to that effect as well (if/when any IPs are automatically added).
Actually I was thinking in syslog some note about that ip being added to ip.can. No big deal though, just check ip.can.
Off topic, I noticed on the todolist that the firefox ftp sorting issue fixed itself so it can be dropped. :)
Sysop: | MCMLXXIX |
---|---|
Location: | Prospect, CT |
Users: | 325 |
Nodes: | 10 (0 / 10) |
Uptime: | 09:40:50 |
Calls: | 510 |
Messages: | 220574 |