1 0 73.151.30.18 Telnet Enable 2017/6/28 02:51:43
1 0 120.144.154.169 Telnet Enable 2017/6/28 03:16:33
1 0 222.77.28.62 Telnet Root 2017/6/28 03:26:44
1 0 92.147.38.86 Telnet Enable 2017/6/28 03:27:53
1 0 195.22.127.83 SSH admin 1234 2017/6/28 03:33:15
1 0 78.166.180.206 Telnet Enable 2017/6/28 03:35:58
1 0 222.216.231.37 Telnet Root 2017/6/28 03:37:48

---
þ Synchronet þ Phoenyx Rising BBS - mybbs.com

Are these hack attempts or bots

---
þ Synchronet þ Phoenyx Rising BBS - mybbs.com

Re: Failed Login Attempts
By: Phoenyx to Phoenyx on Wed Jun 28 2017 08:28 am

Are these hack attempts or bots

Just bots, not really much they can do to our BBS's

---
þ Synchronet þ the Outwest BBS - outwestbbs.com Telnet - outwestbbs.com:23

On 2017 Jun 28 03:49:28, you wrote to All:

1 0 73.151.30.18 Telnet Enable 2017/6/28 02:51:43
1 0 120.144.154.169 Telnet Enable 2017/6/28 03:16:33
1 0 222.77.28.62 Telnet Root 2017/6/28 03:26:44
1 0 92.147.38.86 Telnet Enable 2017/6/28 03:27:53
1 0 195.22.127.83 SSH admin 1234 2017/6/28 03:33:15
1 0 78.166.180.206 Telnet Enable 2017/6/28 03:35:58
1 0 222.216.231.37 Telnet Root 2017/6/28 03:37:48

these are MIRAI... add the next section to your NAME.CAN...

----->8 snip 8<-----
;
; these are added from MIRAI infestor
;
service
supervisor
admin1
666666
888888
ubnt
tech
mother
----->8 snip 8<-----

the others are or should be in there already... there may be others in other MIRAI variants... the ones i have i pulled from the source code...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
... Jeff Smith cooks AND dances as The Frugging Gourmet!
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: Failed Login Attempts
By: Phoenyx to Phoenyx on Wed Jun 28 2017 08:28 am

Are these hack attempts or bots

Most assuredly, bots. See http://wiki.synchro.net/howto:block-hackers for details.

digital man

Synchronet "Real Fact" #86:
Stephen and Rob have a fledgling podcast at http://techdorks.net (also iTunes). Norco, CA WX: 64.5øF, 76.0% humidity, 2 mph SE wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

SSH admin
Telnet Enable

I get these too and just learned to live with them. The most annoying one is the bot that logs in as guest and is from "Shell". When these happen, I add the IP to the block list, but they just keep coming to no end..

Also, you need to lock down all your ftp file shares where people/scripts can't upload to most of them. If you do allow uploads, make sure you got good anti-virus.

Lith,
asirta.com

---
þ Synchronet þ www.asirta.com + Retro Music / Games / Gear + radio.asirta.com

Re: Failed Login Attempts
By: Digital Man to Phoenyx on Wed Jun 28 2017 08:34 am

Synchronet "Real Fact" #86:
Stephen and Rob have a fledgling podcast at http://techdorks.net (also iTunes). Norco, CA WX: 64.5øF, 76.0% humidity, 2 mph SE wind, 0.00 inches rain/24hrs

So the podcasts are going agian?
Never mind I'll go to the http://techdorks.net and see.

---
þ Synchronet þ the Outwest BBS - outwestbbs.com Telnet - outwestbbs.com:23

Re: Failed Login Attempts
By: Roadhog to Digital Man on Wed Jun 28 2017 08:31 pm

Stephen and Rob have a fledgling podcast at http://techdorks.net (also iTunes). Norco, CA WX: 64.5øF, 76.0% humidity, 2 mph SE wind, 0.00 inches rain/24hrs

So the podcasts are going agian?
Never mind I'll go to the http://techdorks.net and see.

it's really hard to do an interesting radio show. not many people are cut out for it.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

How do I lock down the FTP shares? I am using Norton AV

---
þ Synchronet þ Phoenyx Rising BBS - phoenyxbbs.ddns.net

Re: Failed Login Attempts
By: Phoenyx to Lith on Fri Jun 30 2017 05:18 am

How do I lock down the FTP shares? I am using Norton AV

Can you elaborate what you mean by "lock down"? Are you referring to the Synchronet FTP server?

digital man

Synchronet/BBS Terminology Definition #46:
SMTP = Simple Message Transfer Protocol
Norco, CA WX: 68.0øF, 76.0% humidity, 7 mph SE wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

On 2017 Jun 30 05:18:10, you wrote to Lith:

How do I lock down the FTP shares?

if you set up the guest account when you first logged in as sysop the first time, then you edit their permissions and remove the upload flag so they can only download... guest is anonymous on ftp...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
... Some daze are denser than others.
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

How do I lock down the FTP shares? I am using Norton AV

There are probably many ways to do it, but one way is to go into your Synchronet config settings under file areas, then for each file directory set your upload requirements to "Level 60" or above.

I don't know about other BBS's, but I rarely get legit uploads so I just made the decision to turn uploads off.

---
þ Synchronet þ www.asirta.com + Retro Music / Games / Gear + radio.asirta.com

Re: Failed Login Attempts
By: Lith to Phoenyx on Fri Jun 30 2017 10:36 am

I don't know about other BBS's, but I rarely get legit uploads so I just made the decision to turn uploads off.

I used to allow uploads until some idiot uploaded a virus to every folder.
I still allow uploads to the sysop but it's rare that anyone uploads files.
I prefer to upload most of the content anyways.

---
þ Synchronet þ the Outwest BBS - outwestbbs.com Telnet - outwestbbs.com:23

Denn Gray wrote to Lith <=-

I used to allow uploads until some idiot uploaded a virus to every
folder. I still allow uploads to the sysop but it's rare that anyone uploads files. I prefer to upload most of the content anyways.

Yep, I only allow uploads to the sysop as well for the same reasons.


... Degeneration and evolution are not the same thing.
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (3:633/410)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Tony,

I used to allow uploads until some idiot uploaded a virus to every folder. I still allow uploads to the sysop but it's rare that anyone uploads files. I prefer to upload most of the content anyways.

Yep, I only allow uploads to the sysop as well for the same reasons.

Same here...Level 99 for uploads. I don't require uploads, so if they
want to leech my files area, go for it. But, I note in the "files
comment", and in the File Section Policy the following:

"This file passed the IObit Malware Virus Scan. But, for your safety,
you should rescan the file before use. Neither the BBS, or its Sysops,
will be liable for any damages or incompatibilities for this file".

That reminds me of the comment in the "So You Want To Be A Sysop?"
bulletin over here...this one "hapless user" can't figure out why the
GIF file won't run on his computer. :P

Daryl

---
þ OLX 1.53 þ What happens to an 18 hour bra after 18 hours??
þ Synchronet þ The Thunderbolt BBS - wx1der.dyndns.org

Daryl Stout wrote to TONY LANGDON <=-

Same here...Level 99 for uploads. I don't require uploads, so if they want to leech my files area, go for it. But, I note in the "files comment", and in the File Section Policy the following:

Yeah, I was never a believer in upload/download ratios, good way to end up with a board full of not so useful files back then, today, a good way to be a virus distributor. I don't have much, but leeches can take what's there. :) I do find uploads to the sysop a useful feature. That one has user level (20) upload permission, but sysop only (90) view and download permissions. I have had the odd person want to send me a file that way since I've been back online.

That reminds me of the comment in the "So You Want To Be A Sysop?" bulletin over here...this one "hapless user" can't figure out why the
GIF file won't run on his computer. :P

Oh dear. ;)


... Today has been a long year!!!!!!!!!!
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (3:633/410)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: Failed Login Attempts
By: Phoenyx to Lith on Fri Jun 30 2017 05:18:10

How do I lock down the FTP shares? I am using Norton AV

Norton has nothing to do with it.

What do you mean by "Lock down" do not allow guest access to keep googlebot from crawling?

REST NOT G on access requirements or download requirements.

I put it on my download restrictions to allow everyone to see most of my file areas, but they are not able to download without being a signed up user.


I've locked anyone from being able to upload to any directory by adding the same to upload restrictions. left a directory where people can upload only to me.

--

Tim Smith (KK4QBN)
KK4QBN BBS

---
* Synchronet * KK4QBN - kk4qbn.synchro.net - 7064229538 - Chatsworth GA USA

Re: Re: Failed Login Attempts
By: Tony Langdon to Daryl Stout on Sun Jul 02 2017 07:54 am

Tony,

Another funny one was where the "twit" asked questions...one was "Why can't I have access to your adult files area?? I need it for a sex education class research project!!". My response?? "Nice try, but no dice". <G>

Daryl

---
þ Synchronet þ The Thunderbolt BBS - wx1der.dyndns.org

Re: Failed Login Attempts
By: Phoenyx to Phoenyx on Wed Jun 28 2017 08:28 am

Are these hack attempts or bots

Does anyone really put time into hacking BBS's anymore? This is all IOT worm and scanner bs.

...darkwing!

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Daryl Stout wrote to Tony Langdon <=-

Another funny one was where the "twit" asked questions...one was "Why can't I have access to your adult files area?? I need it for a sex education class research project!!". My response?? "Nice try, but no dice". <G>

ROFL, like we used to ask if there were any pracs in sex ed... There never were LOL.


... hAS ANYONE SEEN MY cAPSLOCK KEY?
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (3:633/410)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: Failed Login Attempts
By: Darkwing to Phoenyx on Sun Jul 02 2017 11:03 pm

Are these hack attempts or bots

Does anyone really put time into hacking BBS's anymore? This is all IOT worm and scanner bs.

i have had people login manually and try shit.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Failed Login Attempts
By: Mro to Darkwing on Sat Jul 08 2017 08:24:23

Does anyone really put time into hacking BBS's anymore? This is all
IOT worm and scanner bs.

i have had people login manually and try shit.

Same here.. I had someone using the emulated dos shell one time and they really thought they were formatting my system.

and long ago, I was running my BBS on freeBSD and made the mistake of seting up pico as a message editor (was setting it up for sysop use only and forgot to fix the acces). someone actually gained access to my system like that.. I watched to see what they were doing with my finger on the kill switch (just being curious) and they were just studyng the file structure of the BBS, never openeded anything that could be personal or did anything malicious. I opened up chat with them and thanked them for showing me my errors, and not taking advantage of the situation. :-)

--

Tim Smith (KK4QBN)
KK4QBN BBS

---
* Synchronet * KK4QBN - kk4qbn.synchro.net - 7064229538 - Chatsworth GA USA