My telnet port was hammered all day yesterday, all Synch ports were busy. I added the IP to ip.can, and the board was still sluggish from rejecting all of the connections. I had to block it at my router. That was a first...

---
þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org

Re: Getting hammered
By: poindexter FORTRAN to All on Sat Jan 26 2019 11:51 am

My telnet port was hammered all day yesterday, all Synch ports were busy. I added the IP to ip.can, and the board was still sluggish from rejecting all of the connections. I had to block it at my router. That was a first...

you can use peerblock. let me know if you want my batchfile for adding ips to the list file.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Getting hammered
By: MRO to poindexter FORTRAN on Sat Jan 26 2019 06:07 pm

My telnet port was hammered all day yesterday, all Synch ports were
busy. I added the IP to ip.can, and the board was still sluggish from
rejecting all of the connections. I had to block it at my router. That
was a first...

I bought a Router that actually has DDOS protect and about 5 other protections bulit in.
works great (Thanks Netgear).


... Chuck Norris can sleep while he's awake.

---
þ Synchronet þ outwestbbs.com - the Outwest BBS

On 2019 Jan 26 11:51:32, you wrote to All:

added the IP to ip.can, and the board was still sluggish from rejecting

all

of the connections. I had to block it at my router. That was a first...

perfect example of why i say that things like this should be blocked on the perimeter which you ended up doing ;)

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
... Patience is the ability to put up with people you'd like to put down.
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

My telnet port was hammered all day yesterday, all Synch ports were busy. I >added the IP to ip.can, and the board was still sluggish from rejecting all of >the connections. I had to block it at my router. That was a first...

What was the IPA?

---
þ SLMR 2.1a þ In his hand a moving picture of the crumbling land
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Getting hammered
By: Dumas Walker to POINDEXTER FORTRAN on Sun Jan 27 2019 10:53 am

My telnet port was hammered all day yesterday, all Synch ports were busy.
I added the IP to ip.can, and the board was still sluggish from rejecting >>all of the connections. I had to block it at my router. That was a
first...

What was the IPA?

; Telnet abuse by <unknown user> on Fri Jan 25 2019 11:50 am
; Hostname: ip63.ip-144-217-57.net
144.217.57.63

---
þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org

Re: Getting hammered
By: poindexter FORTRAN to Dumas Walker on Sun Jan 27 2019 15:16:41

Re: Getting hammered
By: Dumas Walker to POINDEXTER FORTRAN on Sun Jan 27 2019 10:53 am

My telnet port was hammered all day yesterday, all Synch ports were busy. >>I added the IP to ip.can, and the board was still sluggish from rejecting >>all of the connections. I had to block it at my router. That was a >>first...

What was the IPA?

If your running your bbs to listen on port 23 then it might be good to move it to a different port.

---
þ Synchronet þ sbbs.dynu.net 2025

Re: Getting hammered
By: poindexter FORTRAN to All on Sat Jan 26 2019 11:51 am

My telnet port was hammered all day yesterday, all Synch ports were busy. I added the IP to ip.can, and the board was still sluggish from rejecting all of the connections. I had to block it at my router. That was a first...

I limit the number of connections from a single IP to ports 22 and 23 at the firewall. If someone connects more than 5 times in as many minutes, their IP is temporarily blocked for a few hours, and if they try it again it's permantently blocked.

DaiTengu

... I broke a mirror & got 7 years of bad luck; my lawyer thinks he can get me 5.

---
þ Synchronet þ War Ensemble BBS - The sport is war, total war - warensemble.com

; Telnet abuse by <unknown user> on Fri Jan 25 2019 11:50 am
; Hostname: ip63.ip-144-217-57.net
144.217.57.63

It's in my ban bucket now.

Daryl

===
þ OLX 1.53 þ LIFE: A fatal, sexually transmitted disease.
--- SBBSecho 3.06-Win32
* Origin: FIDONet: The Thunderbolt BBS - tbolt.synchro.net (1:19/33)
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

I limit the number of connections from a single IP to ports 22 and 23 at the
firewall. If someone connects more than 5 times in as many minutes, their IP D>is temporarily blocked for a few hours, and if they try it again it's D>permantently blocked.

I changed the maximum concurrent connections to 1 -- and I made the
SSH port a non-conventional value. Lord Blackfair's CAPTCHA deal is
keeping most of these bots from getting to the logon prompt. One
apparent hack attempt tried yesterday, and the BBS put a "temporary
ban" on the IP. Once I saw that in the log, it became PERMANENT.

Daryl

===
þ OLX 1.53 þ Madness takes its toll; please have exact change...
--- SBBSecho 3.06-Win32
* Origin: FIDONet: The Thunderbolt BBS - tbolt.synchro.net (1:19/33)
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: Getting hammered
By: Daryl Stout to DAITENGU on Mon Jan 28 2019 12:19 pm

I changed the maximum concurrent connections to 1 -- and I made the
SSH port a non-conventional value. Lord Blackfair's CAPTCHA deal is keeping most of these bots from getting to the logon prompt. One
apparent hack attempt tried yesterday, and the BBS put a "temporary
ban" on the IP. Once I saw that in the log, it became PERMANENT.

99.99% of the "hack attempts" are from compromised devices, or skript-kiddie malware boxes that are scanning entire IP ranges.

DaiTengu

... A crises is when you CAN'T say let's forget about the whole thing!

---
þ Synchronet þ War Ensemble BBS - The sport is war, total war - warensemble.com

Re: Getting hammered
By: MRO to poindexter FORTRAN on Sat Jan 26 2019 05:07 pm

you can use peerblock. let me know if you want my batchfile for adding ips to the list file.

I would love a copy of that batch file I have been having problems with that also mostly from the terminal service but also some from FTP and the other services. pleases send me a email i would love any insight and experince you or anyone else has. Bloody.butcher@tshbbs.synchro.net

thanks

---
þ Synchronet þ THe SLauGhTeR HoUsE BBs - tshbbs.synchro.net

Re: Getting hammered
By: DaiTengu to poindexter FORTRAN on Sun Jan 27 2019 23:10:43

Re: Getting hammered
By: poindexter FORTRAN to All on Sat Jan 26 2019 11:51 am

My telnet port was hammered all day yesterday, all Synch ports were busy. I added the IP to ip.can, and the board was still sluggish from rejecting all of the connections. I had to block it at my router. That was a first...

I limit the number of connections from a single IP to ports 22 and 23 at the firewall. If someone connects more than 5 times in as many minutes, their IP is temporarily blocked for a few hours, and if they try it again it's permantently blocked.

DaiTengu

... I broke a mirror & got 7 years of bad luck; my lawyer thinks he can get me 5.

I use to run all the services on the standard ports but found its not worth the trouble and problems it caused. The ony standard port I use now is nntp and smtp and I cut down the abuse a lot.

---
þ Synchronet þ sbbs.dynu.net 2025

Re: Getting hammered
By: BLOODY BUTCHER to MRO on Mon Jan 28 2019 01:17 pm

I would love a copy of that batch file I have been having problems with that also mostly from the terminal service but also some from FTP and the other

are you using peerblock
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

What was the IPA?

; Telnet abuse by <unknown user> on Fri Jan 25 2019 11:50 am
; Hostname: ip63.ip-144-217-57.net
144.217.57.63

Looks like it is in a block that was assigned to McGill College in Quebec
but has been subleased/sold/something to a company in Taiwan.

Thanks for sharing it, I will add it to mine also.

---
þ SLMR 2.1a þ How can I escape this irresistable grasp?
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Getting hammered
By: Plt to DaiTengu on Mon Jan 28 2019 08:36 pm

I limit the number of connections from a single IP to ports 22 and 23
at the firewall. If someone connects more than 5 times in as many
minutes, their IP is temporarily blocked for a few hours, and if they
try it again it's permantently blocked.

I use to run all the services on the standard ports but found its not worth the trouble and problems it caused. The ony standard port I use now is nntp and smtp and I cut down the abuse a lot.

I found years ago that people who may not be as techically minded have difficulty connecting to services on non-standard ports, so I like to be as user-friendly as possible.

As long as you're willing to put in a little extra work to secure things, running on standard ports should be fine.

DaiTengu

... It is impossible to please the whole world and your mother-in-law.

---
þ Synchronet þ War Ensemble BBS - The sport is war, total war - warensemble.com

Re: Getting hammered
By: MRO to BLOODY BUTCHER on Mon Jan 28 2019 20:23:21

Re: Getting hammered
By: BLOODY BUTCHER to MRO on Mon Jan 28 2019 01:17 pm

I would love a copy of that batch file I have been having problems with that also mostly from the terminal service but also some from FTP and the other

are you using peerblock

I will take a look at it, but still run the services on the none standard ports. That really cut down all the abuse on my system.

---
þ Synchronet þ sbbs.dynu.net 2025

Re: Getting hammered
By: MRO to BLOODY BUTCHER on Mon Jan 28 2019 08:23 pm

are you using peerblock

What is peer block is that part of the synchronet services or something else?

---
þ Synchronet þ THe SLauGhTeR HoUsE BBs - tshbbs.synchro.net

Re: Getting hammered
By: Dumas Walker to POINDEXTER FORTRAN on Mon Jan 28 2019 08:16 pm

What was the IPA?

; Telnet abuse by <unknown user> on Fri Jan 25 2019 11:50 am
; Hostname: ip63.ip-144-217-57.net
144.217.57.63

Looks like it is in a block that was assigned to McGill College in Quebec

it's ovh

Thanks for sharing it, I will add it to mine also.

it wont help you any.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

MRO wrote to poindexter FORTRAN <=-

you can use peerblock. let me know if you want my batchfile for adding ips to the list file.

Yes, please!



... Have you ever asked a question you weren't supposed to ask?
--- MultiMail/XT v0.51
þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org

Looks like it is in a block that was assigned to McGill College in Quebec

it's ovh

OVH???

---
þ SLMR 2.1a þ "Stamp Collection?? Ha-Ha!" - Nelson
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Getting hammered
By: Dumas Walker to MRO on Wed Jan 30 2019 05:20 pm

Looks like it is in a block that was assigned to McGill College in Quebec

it's ovh

OVH???

YES.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

On 30 Jan 19 23:30, you wrote to Dumas Walker:

Looks like it is in a block that was assigned to McGill

College in

Quebec

it's ovh

OVH???

YES.

Unlikely.

... Artificial Intelligence: No match for natural stupidity.
--- GoldED+/LNX 1.1.5-b20130515
* Origin: Quinn's Rock - Live from Paul's Xubuntu desktop! (3:640/1384)
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: Getting hammered
By: BLOODY BUTCHER to MRO on Tue Jan 29 2019 09:32 pm

Re: Getting hammered
By: MRO to BLOODY BUTCHER on Mon Jan 28 2019 08:23 pm

are you using peerblock

What is peer block is that part of the synchronet services or something else?

I found peerblock and i have it working and it is cutting back on a lot of it but still having issues. I would love to have a copy of that bathfile please. :)

BLOODY BUTCHER

---
þ Synchronet þ THe SLauGhTeR HoUsE BBs - tshbbs.synchro.net

Re: Getting hammered
By: BLOODY BUTCHER to MRO on Thu Jan 31 2019 12:01 pm

I found peerblock and i have it working and it is cutting back on a lot of it but still having issues. I would love to have a copy of that bathfile please. :)

just put the ip addresses into your .p2p file.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Looks like it is in a block that was assigned to McGill College in Quebec

it's ovh

OVH???

YES.

Sorry, what is OVH is what I am asking?

---
þ SLMR 2.1a þ "Now who's laughing?! Now who's laughing?!" - Pagans
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Getting hammered
By: MRO to BLOODY BUTCHER on Thu Jan 31 2019 04:08 pm

Re: Getting hammered
By: BLOODY BUTCHER to MRO on Thu Jan 31 2019 12:01 pm

I found peerblock and i have it working and it is cutting back on a
lot of it but still having issues. I would love to have a copy of that
bathfile please. :)

just put the ip addresses into your .p2p file.

I have been doing that. I was wondering if there was a way we could batch file or somehow have synchronet the software itself or away SysOps could share the problem IP's with others..I know there is an updated file on vert for blacklisted ips but i thought that was to do with spam or is it also for the other services..??

BLOODY BUTCHER

---
þ Synchronet þ THe SLauGhTeR HoUsE BBs - tshbbs.synchro.net

Re: Getting hammered
By: MRO to BLOODY BUTCHER on Thu Jan 31 2019 04:08 pm

Re: Getting hammered
By: BLOODY BUTCHER to MRO on Thu Jan 31 2019 12:01 pm

I found peerblock and i have it working and it is cutting back on a
lot of it but still having issues. I would love to have a copy of that
bathfile please. :)

just put the ip addresses into your .p2p file.

I have been doing that. I was wondering if there was a way we could batch file or somehow have synchronet the software itself or away SysOps could share the problem IP's with others..I know there is an updated file on vert for blacklisted ips but i thought that was to do with spam or is it also for the other services..??

BLOODY BUTCHER

I was looking for that today as well, but couldn't find it. you can download a very extensive, and FREE blacklist from https://myip.ms/info/api/API_Dashboard.html and click on Blacklist/ IP Database and download both Lastest Blacklisted IP text file and Web crawler text file and merge them into your ip.can file. I have scripts on my Linuxbox that does it automagically.

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81