I also saw a bizarre hostname slam the system...
I.DareYou.ToHit.This
where did you see this? do you still have the log section for it??
this one is chinese from some broadband connection...
I also saw a bizarre hostname slam the system...
I.DareYou.ToHit.This
where did you see this? do you still have the log section for it??
In the terminal server window...repeatedly trying to logon via telnet. It would connect, disconnect, then reconnect, etc. The IP address was 185.55.218.52 -- it's in the block list.
This morning, the BBS was getting repeatedly slammed by 182.100.67.76
via SSH. It tried to getg in for over an hour before it quit. Yet,
because it was in the ip.can file, it was blocked from connecting to
the BBS.
this one is chinese from some broadband connection...
I figured how to add the host names to block some countries...such as:
Italy *.it
Mexico *.mx
Russia *.ru
France *.fr
Four others -- *.tr, *.br, *.hinet.net, and telefonia.Intercable.Net
are blocked, but I'm not sure where they came from.
The countries I had listed in Peerblock included Belgium, Bolivia,
Brazil, China, Colombia, Croatia, Czech Republic, Ecuador, Egypt, Fuji (wondered if that should've been Fiji), Germany, Hong Kong, Honduras, Hungary, India, Italy, Japan, Kazakhstan, Malaysia, Mexico, Nepal, Paraguay, Philippones, Poland, Romania, Russia, Serbia, Singapore,
Spain, Sweden, Thailand, Turkey, Ukraine, United Kingdom, and
Zimbabwe.
that requires a domain lookup... all i gotta do is change my domain and your block will be ineffective... if reverse DNS lookups are disabled as i suggested above, these won't work any more... i don't know that sbbs has an option to disable DNS lookups on inbound connections but it really should...
I do have a legitimate user from the UK, and another from Germany.
Daryl
always have average of 15 banned ip's at my fail2ban
Sysop: | MCMLXXIX |
---|---|
Location: | Prospect, CT |
Users: | 325 |
Nodes: | 10 (0 / 10) |
Uptime: | 09:34:58 |
Calls: | 510 |
Messages: | 220574 |