In sbbs.ini, I have:

LoginAttemptHackThreshold = 10
LoginAttemptFilterThreshold = 20

and then I had this in my event log:

Nov 12 06:50:24 eldritch synchronet: term 0067 Telnet connection
accepted from: 111.151.195.247 port 39052
Nov 12 06:50:24 eldritch synchronet: term 0067 Hostname: <no name>
Nov 12 06:50:24 eldritch synchronet: term Node 2 attached to local
interface 10.0.0.10 port 23
Nov 12 06:50:24 eldritch synchronet: term Node 2 06:50a Thu Nov 12 2015
Node 2
Nov 12 06:50:24 eldritch synchronet: term Node 2 Telnet <no name> [111.151.195.247]
Nov 12 06:50:40 eldritch synchronet: term Node 2 disconnected

If i go through the rest of the event log, I can see that this IP
address connects and disconnects more than 20 times, so I am thinking I misunderstand how LoginAttemptFilterThreshold works maybe?

Also is it logged when an IP address is added to ip.can automatically?

Thansk!

Mindless Automaton
---
þ Synchronet þ Eldritch Clockwork BBS - eldritch.darktech.org

Re: LoginAttemptFilterThreshold
By: Mindless Automaton to DOVE-Net.Synchronet_Discussion on Thu Nov 12 2015 09:24 am

In sbbs.ini, I have:

LoginAttemptHackThreshold = 10
LoginAttemptFilterThreshold = 20

and then I had this in my event log:

Nov 12 06:50:24 eldritch synchronet: term 0067 Telnet connection
accepted from: 111.151.195.247 port 39052
Nov 12 06:50:24 eldritch synchronet: term 0067 Hostname: <no name>
Nov 12 06:50:24 eldritch synchronet: term Node 2 attached to local
interface 10.0.0.10 port 23
Nov 12 06:50:24 eldritch synchronet: term Node 2 06:50a Thu Nov 12 2015
Node 2
Nov 12 06:50:24 eldritch synchronet: term Node 2 Telnet <no name> [111.151.195.247]
Nov 12 06:50:40 eldritch synchronet: term Node 2 disconnected

If i go through the rest of the event log, I can see that this IP
address connects and disconnects more than 20 times, so I am thinking I misunderstand how LoginAttemptFilterThreshold works maybe?

There was no login attempted, so the LoginAttempt... settings don't have an effect.

Also is it logged when an IP address is added to ip.can automatically?

Yes. If you look in your ip.can, it'll have comments to that effect as well (if/when any IPs are automatically added).

digital man

Synchronet "Real Fact" #19:
Michael Swindell was directly responsible for Synchronet's commercial success. Norco, CA WX: 66.6øF, 13.0% humidity, 9 mph WSW wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

On 11/13/2015 3:29 AM, Digital Man wrote:

Re: LoginAttemptFilterThreshold
> If i go through the rest of the event log, I can see that this IP
> address connects and disconnects more than 20 times, so I am thinking I
> misunderstand how LoginAttemptFilterThreshold works maybe?

There was no login attempted, so the LoginAttempt... settings don't have an effect.

yeah, thats where my mind was headed, connection is not login.

> Also is it logged when an IP address is added to ip.can automatically?

Yes. If you look in your ip.can, it'll have comments to that effect as well (if/when any IPs are automatically added).

Actually I was thinking in syslog some note about that ip being added to ip.can. No big deal though, just check ip.can.


Off topic, I noticed on the todolist that the firefox ftp sorting issue
fixed itself so it can be dropped. :)

Thanks!

Mindless Automaton
---
þ Synchronet þ Eldritch Clockwork BBS - eldritch.darktech.org

Re: Re: LoginAttemptFilterThreshold
By: Mindless Automaton to Digital Man on Fri Nov 13 2015 08:53 am

> Also is it logged when an IP address is added to ip.can automatically?

Yes. If you look in your ip.can, it'll have comments to that effect as well (if/when any IPs are automatically added).

Actually I was thinking in syslog some note about that ip being added to ip.can. No big deal though, just check ip.can.

It'll be in the log output "as well".

Off topic, I noticed on the todolist that the firefox ftp sorting issue fixed itself so it can be dropped. :)

Okay, thanks.

digital man

Synchronet "Real Fact" #30:
The Synchronet IRC server (ircd) was written in JS by Randy Sommerfeld (Cyan). Norco, CA WX: 77.9øF, 11.0% humidity, 6 mph SW wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net