my anti virus scanner on my server caught photo.scr - possible bitcorn^bitcoin
trojan.... those files are false postive? arte they included with distro^are
packages?
my anti virus scanner on my server caught photo.scr - possible bitcorn trojan.... those files are false postive? arte they included with distro packages?
my anti virus scanner on my server caught photo.scr - possible bitcorn trojan.... those files are false postive? arte they included with distro packages?
my anti virus scanner on my server caught photo.scr - possible bitcorn trojan.... those files are false postive? arte they included with distro packages?
my anti virus scanner on my server caught photo.scr - possible bitcorn trojan.... those files are false postive? arte they included with distro packages?
what files? where are they located? if they are something a user uploaded, they
may very well be infested...
info.zip and photo.scr were both added to text/file.can long ago after others reported them being crap... this was around the same time there were discussions of how to prevent guest/anonymous users from uploading...
Internetking wrote to All <=-
@TZ: 41a4
my anti virus scanner on my server caught photo.scr - possible bitcorn trojan.... those files are false postive? arte they included with
distro packages?
my anti virus scanner on my server caught photo.scr - possible
bitcorn trojan.... those files are false postive? arte they included
with distro packages?
I'm pretty sure they're viruses that bots are uploading. I usually delete all the photo.scr files that get uploaded to my BBS.
KK4QBN wrote to Internetking <=-
I banned uploads altogether. if someone wants to send me a cool file or something they can send me a message about uit first.
KK4QBN wrote to Internetking <=-
I banned uploads altogether. if someone wants to send me a cool file or something they can send me a message about uit first.
I only allow uploads to the sysop, which only I can access. Has been handy on the odd occasion for people sending me large files.
KK4QBN wrote to Internetking <=-
I banned uploads altogether. if someone wants to send me a cool file or something they can send me a message about uit first.
I only allow uploads to the sysop, which only I can access. Has been handy on the odd occasion for people sending me large files.
On 2017 Sep 12 22:39:48, you wrote to All:
my anti virus scanner on my server caught photo.scr - possible bitcorn trojan.... those files are false postive? arte they included with distro packages?
what files? where are they located? if they are something a user uploaded, they
may very well be infested...
info.zip and photo.scr were both added to text/file.can long ago after others reported them being crap... this was around the same time there were discussions of how to prevent guest/anonymous users from uploading...
Internetking wrote to All <=-
@TZ: 41a4
my anti virus scanner on my server caught photo.scr - possible bitcorn trojan.... those files are false postive? arte they included with
distro packages?
Looks like someone's uploaded a Trojan. Photo.scr is a known Trojan.
Hi Tony Langdon
Internetking wrote to All <=-
@TZ: 41a4
my anti virus scanner on my server caught photo.scr - possible bitcorn trojan.... those files are false postive? arte they included with distro packages?
Looks like someone's uploaded a Trojan. Photo.scr is a known Trojan.
is this how you put Photo.scr info.zip in text/file.can
-------------------------------------------------------------------------
; Enter filtered (disallowed) file names in this file
; Wildcard characters (*, ^, ~) are allowed and ! negates the match
; Rejection message file: text/badfile.msg
photo.scr
info.zip -------------------------------------------------------------------------
Re: Re: photo.scr
By: Sneaky to Tony Langdon on Fri Sep 15 2017 09:02 am
Looks like someone's uploaded a Trojan. Photo.scr is a known Trojan.
is this how you put Photo.scr info.zip in text/file.can
-------------------------------------------------------------------------
; Enter filtered (disallowed) file names in this file
; Wildcard characters (*, ^, ~) are allowed and ! negates the match
; Rejection message file: text/badfile.msg
photo.scr
info.zip -------------------------------------------------------------------------
do:
*.scr
info.zip
*.exe
*.js
*.html
Hi Tony Langdon
Internetking wrote to All <=-
@TZ: 41a4
my anti virus scanner on my server caught photo.scr - possible bitcorn trojan.... those files are false postive? arte they included with distro packages?
Looks like someone's uploaded a Trojan. Photo.scr is a known Trojan.
is this how you put Photo.scr info.zip in text/file.can
-------------------------------------------------------------------------
; Enter filtered (disallowed) file names in this file
; Wildcard characters (*, ^, ~) are allowed and ! negates the match
; Rejection message file: text/badfile.msg
photo.scr
info.zip ------------------------------------------------------------------------- just don't now if it needs any wildcard or is it ok as it is.
do:
*.scr
info.zip
*.exe
*.js
*.html
Looks like someone's uploaded a Trojan. Photo.scr is a known Trojan.
is this how you put Photo.scr info.zip in text/file.can
do:
*.scr
info.zip
*.exe
*.js
*.html
why *.exe... same .exe are safe like setup files to install freeware or other software?
Re: Re: photo.scr
By: Sneaky to Tony Langdon on Fri Sep 15 2017 09:02 am
; Enter filtered (disallowed) file names in this file
; Wildcard characters (*, ^, ~) are allowed and ! negates the match
; Rejection message file: text/badfile.msg
photo.scr
info.zip ------------------------------------------------------------------------- just don't now if it needs any wildcard or is it ok as it is.
Looks good to me.
yeah, i'll send you some random setup.exe for you to run... i'll tell you that it is this fantastic new ANSI viewer door that runs on all OSes and BBSes... you run it and get an ANSI door that you can use so you're happy... what you don't know is that it also installed a hidden bitcoin miner, a rootkit and an open proxy on your machine... now guess what i can do...
why *.exe... same .exe are safe like setup files to install freeware
or other software?
yeah, i'll send you some random setup.exe for you to run... i'll tell you that it is this fantastic new ANSI viewer door that runs on all OSes and
yes, that's fine... make sure you also prevent anonymous and guest from ML>uploading...
why *.exe... same .exe are safe like setup files to install freeware
or other software?
yeah, i'll send you some random setup.exe for you to run... i'll tell you that it is this fantastic new ANSI viewer door that runs on all OSes and
Some things are distributed as just an .exe setup file though.. If you're paranoid about that, then you might as well ban all uploading, because an .exe could be packaged into a .zip file etc. and it's still the same .exe.
Mark,
yes, that's fine... make sure you also prevent anonymous and guest from ML>uploading...
I've got that set...but in SCFG, if I have the Upload Requirements in
all areas to LEVEL 99 (except for Uploads to Sysop and User To User Transfers, which set set to LEVEL 50 -- I zapped the Blind Uploads
area), if the caller (Level 50 is verified user, Level 99 is Sysop)
chooses Upload, will that automatically direct it to the Sysop files
area??
Re: photo.scr
By: Daryl Stout to MARK LEWIS on Fri Sep 15 2017 12:11 pm
Mark,
yes, that's fine... make sure you also prevent anonymous and guest from ML>uploading...
I've got that set...but in SCFG, if I have the Upload Requirements in all areas to LEVEL 99 (except for Uploads to Sysop and User To User Transfers, which set set to LEVEL 50 -- I zapped the Blind Uploads
area), if the caller (Level 50 is verified user, Level 99 is Sysop) chooses Upload, will that automatically direct it to the Sysop files area??
no it wont. only if they are in that file area
Bbut you can do something like this and change the string
to your directory name
CMDKEY U
setStr "uploads"
FILE_SET_AREA
file_upload
END_CMD
KK4QBN wrote to Internetking <=-
I banned uploads altogether. if someone wants to send me a cool file or
something they can send me a message about uit first.
I only allow uploads to the sysop, which only I can access. Has been handy on the odd occasion for people sending me large files.
Everything besides my Uploads To Sysop folder has this:
Upload Requirements !GUEST
Solved a ton of problems.
Everything besides my Uploads To Sysop folder has this:
Upload Requirements !GUEST
Solved a ton of problems.
I tried !guest and it still let me upload to any dir when
I tested it in the guest account.
Bbut you can do something like this and change the string
to your directory name
CMDKEY U
setStr "uploads"
FILE_SET_AREA
file_upload
END_CMD
No, you don't need to do that. If you have an "uploads" area, that'll be the default destination for uploads if the user doesn't have upload access to their "current" area. This is documented here: http://synchro.net/docs/file_section.html#CreatingDefaultUploadDirectory
I tried !guest and it still let me upload to any dir when
I tested it in the guest account.
On Thu, 14 Sep 2017, KenDB3 wrote:
KK4QBN wrote to Internetking <=-
I banned uploads altogether. if someone wants to send me a cool file or
something they can send me a message about uit first.
I only allow uploads to the sysop, which only I can access. Has been handy on the odd occasion for people sending me large files.
Everything besides my Uploads To Sysop folder has this:
Upload Requirements !GUEST
Solved a ton of problems.
I tried !guest and it still let me upload to any dir when
I tested it in the guest account.
Re: Re: photo.scr
By: Internetking to KenDB3 on Sat Sep 16 2017 04:01:20
I tried !guest and it still let me upload to any dir when
I tested it in the guest account.
REST NOT G
REST NOT G
There is an ARS "GUEST" keyword, which should work identically to "REST G". So "!GUEST" should work identically to "REST NOT G" or "NOT REST G".
On 2017 Sep 15 09:02:00, you wrote to Tony Langdon:
Looks like someone's uploaded a Trojan. Photo.scr is a known Trojan.
is this how you put Photo.scr info.zip in text/file.can
yes, that's fine...
make sure you also prevent anonymous and guest from
uploading...
MRO wrote to Tony Langdon <=-
nobody uses this feature but you can actually upload to a user's box if you set it up.
http://synchro.net/docs/file_section.html#CreatingSysopDirectory
http://synchro.net/docs/file_section.html#CreatingUser-to-UserDirectory
KenDB3 wrote to Tony Langdon <=-
Everything besides my Uploads To Sysop folder has this:
Upload Requirements !GUEST
Solved a ton of problems.
Also, I use Nightfox's Digital Distortion Upload Processor: http://cvs.synchro.net/cgi-bin/viewcvs.cgi/xtrn/DDUploadProcessor/
This takes care of anyone uploading from the BBS terminal interface,
but the photo.scr and info.zip virus files seem to be uploaded always
from the FTP interface. For that I run the free version of Panda
Antivirus which catches bad stuff going into the Sysop folder. Even if
it misses it, its typically not somewhere that other users can run into
it (unless a bot manages to create a user profile first and then specifically use it via FTP).
MRO wrote to Sneaky <=-
do:
*.scr
info.zip
*.exe
*.js
*.html
Internetking wrote to MRO <=-
@TZ: 41a4
Re: Re: photo.scr
By: MRO to Sneaky on Thu Sep 14 2017 06:21 pm
do:
*.scr
info.zip
*.exe
*.js
*.html
why *.exe... same .exe are safe like setup files to install freeware or other software?
mark lewis wrote to Sneaky <=-
yes, that's fine... make sure you also prevent anonymous and guest from uploading...
mark lewis wrote to Internetking <=-
yeah, i'll send you some random setup.exe for you to run... i'll tell
you that it is this fantastic new ANSI viewer door that runs on all
OSes and BBSes... you run it and get an ANSI door that you can use so you're happy... what you don't know is that it also installed a hidden bitcoin miner, a rootkit and an open proxy on your machine... now guess what i can do...
KK4QBN wrote to mark lewis <=-
Just as easy to zip it up and call it a new BBS door or some other cool application you would want someone who keeps a constant 24/7
connections.. thats one reason I just completely decided to halt
uploads all together.. that photo.scr replicates itself also.. it's
really a mess if something activates it before virus scanner gets to
it.. my old xp machine could'nt keep up with running the whole load of
the BBS and a resident scanner too, so I completely done away with uploads, then the BBS outgrew the old XP machine. It got to where it
would take 5-10 seconds to pull up a message on the website (that was
the main culprit of processing usage). it does so much better on my new configuration.
Daryl Stout wrote to MARK LEWIS <=-
@TZ: 412c
Mark,
yes, that's fine... make sure you also prevent anonymous and guest from
uploading...
I've got that set...but in SCFG, if I have the Upload Requirements in all areas to LEVEL 99 (except for Uploads to Sysop and User To User Transfers, which set set to LEVEL 50 -- I zapped the Blind Uploads
area), if the caller (Level 50 is verified user, Level 99 is Sysop) chooses Upload, will that automatically direct it to the Sysop files area??
Just as easy to zip it up and call it a new BBS door or some other cool K>application you would want someone who keeps a constant 24/7 connections..
thats one reason I just completely decided to halt uploads all together.. tha K>photo.scr replicates itself also.. it's really a mess if something activates
processor that scans uploads with a virus scanner. I know virus scanners N>aren't totally perfect, but it would be a way to filter out potentially bad N>uploads.
http://synchro.net/docs/file_section.html#CreatingDefaultUploadDirectory
Rob,
http://synchro.net/docs/file_section.html#CreatingDefaultUploadDirectory
Finally found it...mis-typed the URL (blush!).
I've set the upload requirements to all areas to LEVEL 99 (Sysop). The only exception is to upload to Sysop and user to user transfer -- those
are at LEVEL 50 (verified user).
KK4QBN wrote to Internetking <=-
REST NOT G
Uploads to the sysop is the middle ground solution. You can always move legit files from there to wherever, if someone uploads something useful to other users. As for scanning, I have no concerns about the BBS (are there any Linux/ARM viruses in the wild?), but having a virus scanner would be useful for protecting users, if I was to handle a large number of files. Will have to see if ClamAV or similar is available for the Pi. :)
Doing away with uploads is a reasonable policy these days, given that the Internet is a much bigger file repository than our BBSs could ever be. Just worth keeping around a few harder to get files. :)
thats one reason I just completely decided to halt uploads all
together.. tha photo.scr replicates itself also.. it's really a mess
if something activates
I use the IOBit Malware Fighter, and have never required uploads. But,
I might consider suspending them, except for "users I can trust". I'm
not sure how to do the logistics for that, unless possibly with a
special "account flag"...like I have with the Ham Radio items.
I use the IObit Malware Fighter now...and it's regularly updated.
Years ago, I had used McAfee's SCAN...then F-Prot...among others. But, I don't think there's a "command line scanner" anymore.
... Blessed are the young, for they shall inherit the national debt.
KK4QBN wrote to Tony Langdon <=-
I do have an uploads to sysop feature back now that most of my services are on my linux machine.. so that maybe one day some inspiring software author may upload a brand new door that would rival the likes of BRE, LORD, and some of the other favorites.. would be nice.
I beieve i've actually seen photo,scr replicate also.. all I used to
have left was one upload directory, and found that file in multiple directorys after being away from the system a few days.
I beieve i've actually seen photo,scr replicate also.. all I used to
have left was one upload directory, and found that file in multiple
directorys after being away from the system a few days.
it cannot replicate just sitting there... self-replication requires that it is executed and if you had done that, then you would have had an infestation to clean up... more likely is that someone found another way to upload it to those other areas... your logs should be able to tell you more...
KK4QBN wrote to Tony Langdon <=-
that was very informative :)
I don't have user to user. People who want to do that nowadays can use TL>services like wetransfer.com for free (for files up to 2GB)..
Okay. But what about the "uploads" directory?
I've wondered if a lot of virus and trojans are put out by the very people wh K>sell the antivirus software.
I've wondered if a lot of virus and trojans are put out by the very
people wh sell the antivirus software.
I have wondered about that myself. But, there are so many anti-virus programs...and most will fight with another one, if you have more than
one on your system...it thinks the other one is a virus as well!!
Daryl Stout wrote to TONY LANGDON <=-
With all the security issues, I may end up removing that. Do you
still have to have the separate category to "Upload To Sysop"?? Or do
all new files automatically go to the Sysop area??
Also, I was getting slammed on SSH by improper logons, so I changed
the port. Verified Users In Good Standing who want to know what it is
will have to Email Feedback To Sysop to get that info...I'm not going
to post it in the echo.
KK4QBN wrote to Daryl Stout <=-
Yeah, I believe because they have to be intergrated into your system so deeply, like scanning and making changes to your registry, etc.. I
could see another AV picking one up as a virus... It's the chicken or
There is one possible exception - Windows Defender. Because Microsoft created both it and the OS (Windows), it's possible for them to makle them play nicely, and not have to resort to hacking Windows to work properly.
I use the IObit Malware Fighter now...and it's regularly updated.
Years ago, I had used McAfee's SCAN...then F-Prot...among others. But, I don't think there's a "command line scanner" anymore.
Yeah, I believe because they have to be intergrated into your system
so deeply, like scanning and making changes to your registry, etc..
I could see another AV picking one up as a virus... It's the chicken
or
There is one possible exception - Windows Defender. Because Microsoft created both it and the OS (Windows), it's possible for them to makle them play nicely, and not have to resort to hacking Windows to work properly.
Rob,
Okay. But what about the "uploads" directory?
I gathered that has to exist...but does that still need to show up on
the menu for users to upload to??
Or is it automatic??
Years ago, I had used McAfee's SCAN...then F-Prot...among others. But, I don't think there's a "command line scanner" anymore.
Yes, actually, there are still command-line scanners. I'm currently using ClamAV on my BBS machine because it includes a command-line virus scanner.
I used to use AVG on my BBS machine, although I think I switched because AVG removed the command-line scanner. I wouldn't be surprised if other anti-virus programs have a command-line scanner though. I'd think a
surprised if other anti-virus programs have a command-line scanner
though. I'd think a
all you need is a resident one that deletes the files and is silent and yhou'll be good.
surprised if other anti-virus programs have a command-line scanner
though. I'd think a
all you need is a resident one that deletes the files and is silent and yhou'll be good.
I think you've mentioned that before. I didn't think that would remove it from Synchronet's file database though (it would still list the file but it would report it as missing), but I think you said the anti-virus would delete the file before Synchronet adds it to its database?
and for someone to buy AV products for an android device is just stupid.
Yes, actually, there are still command-line scanners. I'm currently using N>ClamAV on my BBS machine because it includes a command-line virus scanner. I N>used to use AVG on my BBS machine, although I think I switched because AVG N>removed the command-line scanner. I wouldn't be surprised if other anti-viru N>programs have a command-line scanner though. I'd think a command-line scanne N>would still be a reasonably in-demand feature, so I doubt many would remove i
Correct, but you cannot set the "upload requirements" for the directory beyo DM>their level or they won't be able to upload there.
Or is it automatic??
It is, if you have it setup correctly.
The other side of that coin is that Windows has undocumented features N>(Microsoft probably did that deliberately) so that 3rd-party software N>developers sometimes have a hard time developing certain types of software fo N>Windows. Microsoft of course knows those undocumented features, so they can N>more easily make software that's integrated into Windows.
KenDB3 wrote to Tony Langdon <=-
Everything besides my Uploads To Sysop folder has this:
Upload Requirements !GUEST
Solved a ton of problems.
Yep, that works well. :)
Also, I use Nightfox's Digital Distortion Upload Processor: http://cvs.synchro.net/cgi-bin/viewcvs.cgi/xtrn/DDUploadProcessor/
This takes care of anyone uploading from the BBS terminal interface, but the photo.scr and info.zip virus files seem to be uploaded always from the FTP interface. For that I run the free version of Panda Antivirus which catches bad stuff going into the Sysop folder. Even if it misses it, its typically not somewhere that other users can run into it (unless a bot manages to create a user profile first and then specifically use it via FTP).
I'd probably have to run something like ClamAV, being on Linux, if I wanted to scan for viruses. Not likely to encounter anything that would harm my system, but it would be to protect the users. However, files are not a big part of my system, currently all of my files come in via file echoes anyway.
On Thu, 14 Sep 2017, KenDB3 wrote:
KK4QBN wrote to Internetking <=-
I banned uploads altogether. if someone wants to send me a cool file or
something they can send me a message about uit first.
I only allow uploads to the sysop, which only I can access. Has been handy on the odd occasion for people sending me large files.
Everything besides my Uploads To Sysop folder has this:
Upload Requirements !GUEST
Solved a ton of problems.
I tried !guest and it still let me upload to any dir when
I tested it in the guest account.
KK4QBN wrote to Tony Langdon <=-
Windows 10 with defender by far is the best windows on my picklist if I need windows for a project.
Nightfox wrote to Tony Langdon <=-
The other side of that coin is that Windows has undocumented features (Microsoft probably did that deliberately) so that 3rd-party software developers sometimes have a hard time developing certain types of
software for Windows. Microsoft of course knows those undocumented features, so they can more easily make software that's integrated into Windows.
KenDB3 wrote to Tony Langdon <=-
Actually, I use ClamAV with the Upload Processor, and have been for a while. It works rather well.
For anyone else reading this thread who is on Win32/Win64, they have Windows versions available here: http://www.clamav.net/downloads#otherversions
The other side of that coin is that Windows has undocumented
features (Microsoft probably did that deliberately) so that
3rd-party software developers sometimes have a hard time developing
Either way, Microsoft has the advantage, since they know their own software better than anyone else. :)
Nightfox wrote to Tony Langdon <=-
Either way, Microsoft has the advantage, since they know their own software better than anyone else. :)
Even if it's an unfair advantage. :)
I beieve i've actually seen photo,scr replicate also.. all I used to
have left was one upload directory, and found that file in multiple
directorys after being away from the system a few days.
it cannot replicate just sitting there... self-replication requires
that it is executed and if you had done that, then you would have had
an infestation to clean up... more likely is that someone found
another way to upload it to those other areas... your logs should be
able to tell you more...
well.. I believe when the system was updating the filelist (addfiles)
it replicated.. there would be no other possible way for it to move
from the only upload directory I had to the root directory of the
drive my BBS was on.. and I did'nt execute this file in any manners whatsoever..
My SSH is on an odd port anyway, sshd got in first. ;)
mark lewis wrote to Tony Langdon <=-
we specifically configure sshd to a port other than the default on all systems... in the case of max's system, she elected to leave sbbs' ssh
on the default port but it is easily moved, as well...
I added photo.scr to my file.can file years ago, and deleted all of
the copies of it - someone uploaded it to all of my bases.
The files are gone, but they still show up in the file listings. Is
there a quicker way to remove the file listing than logging on and
going to each base individually?
I added photo.scr to my file.can file years ago, and deleted all of
the copies of it - someone uploaded it to all of my bases.
The files are gone, but they still show up in the file listings. Is
there a quicker way to remove the file listing than logging on and
going to each base individually?
The files are gone, but they still show up in the file listings. Is
there a quicker way to remove the file listing than logging on and
going to each base individually?
The files are gone, but they still show up in the file listings. Is
there a quicker way to remove the file listing than logging on and
going to each base individually?
use delfiles to get rid of offline files
Re: photo.scr
By: MRO to poindexter FORTRAN on Sun Sep 22 2019 18:23:02
The files are gone, but they still show up in the file listings. Is there a quicker way to remove the file listing than logging on and going to each base individually?
use delfiles to get rid of offline files
i cannot seem to get it to run cleanly on my system... it appears to not read/use the $SBBSCTRL environment var...
it also seems to want to work only
in the current directory... in other words, when i start it from my $HOME directory, it tries to walk through the directories in there instead of those in sbbs/data/dirs... changing to sbbs/data/dirs and then running it seems to only do the first listed area... in all cases, i've followed the wiki and tried with the following command line...
/sbbs/exec/delfiles * /off /rpt
for example:
user@machine:~$ cd /sbbs/data/dirs
user@machine:/sbbs/data/dirs$ /sbbs/exec/delfiles * /off /rpt
DELFILES Version 1.01 (Linux) - Removes files from Synchronet Filebase
Scanning Main BBS Related
sbbs@southeaststar:/sbbs/data/dirs$
and that's it... it isn't walking through all the areas like the wiki seems to indicate it should do...
it's not documented).user@machine:/sbbs/data/dirs$ /sbbs/exec/delfiles * /off /rpt
'*' is special in bash. Try using "\*" or the "-all" option instead (I know,
Digital Man wrote to poindexter FORTRAN <=-
Use the ;OFFLINE sysop command.
I added photo.scr to my file.can file years ago, and deleted all of
the copies of it - someone uploaded it to all of my bases.
The files are gone, but they still show up in the file listings. Is
there a quicker way to remove the file listing than logging on and
going to each base individually?
Sysop: | MCMLXXIX |
---|---|
Location: | Prospect, CT |
Users: | 324 |
Nodes: | 10 (0 / 10) |
Uptime: | 119:44:48 |
Calls: | 499 |
Messages: | 218389 |