I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the board daily, I decided to implement a telnet verifier and restrict new users to very limited activity, especially files and message groups. It is sad that we live in an era that there are 1000:1 more attempted hack attempts and ID phishers than legitimate users :-/



2 wrongs don't make a right, but 3 left turns will get you back on the freeway!

---
� Synchronet � AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Telnet Verifier
By: Mortifis to All on Thu Feb 28 2019 10:46 am

I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the board daily, I decided to implement a telnet verifier and restrict new users to very limited activity, especially files and message groups. It is sad

bots wont sign up to the bbs, it confuses them.

you can make a simple bbs capcha that loads before the signup process and blocks them if they fail.
---
� Synchronet � ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Telnet Verifier
By: Mortifis to All on Thu Feb 28 2019 10:46 am

I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the board daily, I decided to implement a telnet verifier and restrict new users to very limited activity, especially files and message groups. It is sad that we live in an era that there are 1000:1 more attempted hack attempts and ID phishers than legitimate users :-/

The telnet connections are known worms trying to hit IOT devices and certain routers. they'll try some default usernames and passwords, but would have no idea what to do if they got logged into a BBS (and that would require an account on your board with the same username/passwords they were trying).

My BBS is hosted at a large VPS provider that's regularly scanned by all kinds of script kiddies, trojans, worms, etc. I run everything on default ports
and I've never had any issues other than photo.scr being uploaded before file.can was a thing. That's not to say I don't have any security on my system, I temporarily block any IP that makes more than 5 connections in as many minutes, which solved the issue of all my nodes getting tied up by a bot or two.

DaiTengu

... I'm not afraid of heights. I'm afraid of widths.

---
� Synchronet � War Ensemble BBS - The sport is war, total war - warensemble.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Telnet Verifier
By: Mortifis to All on Thu Feb 28 2019 10:46 am

I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the board daily, I decided to implement a telnet verifier and restrict new users to very limited activity, especially files and message groups. It is sad that we live in an era that there are 1000:1 more attempted hack attempts and ID phishers than legitimate users :-/

Yeah, any way to robustify the system to protect against hackment is good. I have restricted a lot of the things on my BBS so that the guest account can't do them (running most of the doors, for instance), and a while ago I made a simple text-based captcha that's used when new users are applying.

Nightfox

---
� Synchronet � Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the M>board daily, I decided to implement a telnet verifier and restrict new users M>very limited activity, especially files and message groups. It is sad that w M>live in an era that there are 1000:1 more attempted hack attempts and ID M>phishers than legitimate users :-/

Sad, but true. Plus, I have it set to where they must Email Feedback
To Sysop, telling where they heard about the BBS, and what they're
looking for in it....adding "a one word message of YO! or HI! is NOT sufficient".

They also have to do this, and the telnet email verifier within 48
hours of initial logon, or I zap the account. If they complete it
quickly, then I feel they want to be a part of the BBS. Otherwise, to
me, they're not interested.

Yet, I run the BBS for MY enjoyment...so it doesn't bother me if I'm
not drowning in new users. Besides, with Tornado Season in Arkansas now,
I'm going to be offline more than usual, due to storms.

Daryl

===
� OLX 1.53 � JavaScript: Instructions on how to make a pot of coffee.
--- SBBSecho 3.06-Win32
* Origin: FIDONet: The Thunderbolt BBS - tbolt.synchro.net (1:19/33)

Yeah, any way to robustify the system to protect against hackment is good. I N>have restricted a lot of the things on my BBS so that the guest account can't N>do them (running most of the doors, for instance), and a while ago I made a N>simple text-based captcha that's used when new users are applying.

I got the CAPTCHA from Lord Blackfair, then figured out how to create
a different numeric string, and set up batch files to copy the deal out
every 15 minutes around the clock.

As for the doors, the guests get the non-game and information doors only...and read only access in message board 1.

Daryl

===
� OLX 1.53 � Jaywalkers will be run down, and ticketed by police.
--- SBBSecho 3.06-Win32
* Origin: FIDONet: The Thunderbolt BBS - tbolt.synchro.net (1:19/33)

El 28/2/19 a las 11:46, Mortifis escribi�:

I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the board daily, I decided to implement a telnet verifier and restrict new users

to

very limited activity, especially files and message groups. It is sad that

we

live in an era that there are 1000:1 more attempted hack attempts and ID phishers than legitimate users :-/

2 wrongs don't make a right, but 3 left turns will get you back on the

freeway!

---

you must use fial2ban

---
� Synchronet � Dock Sud BBS TLD 24 HS - http://bbs.docksud.com.ar - telnet://bbs.docksud.com.ar
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

I feel sorry for you

On 2/28/19 9:46 AM, Mortifis wrote:

I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the >board daily, I decided to implement a telnet verifier and restrict new users to
very limited activity, especially files and message groups. It is sad that we >live in an era that there are 1000:1 more attempted hack attempts and ID >phishers than legitimate users :-/

2 wrongs don't make a right, but 3 left turns will get you back on the freeway!

---
■ Synchronet ■ AlleyCat! BBS - http://alleycat.synchro.net:81

---
� Synchronet � sbbs.dynu.net 2025
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From Newsgroup: alt.bbs.synchronet

On Thursday, February 28, 2019 at 12:51:06 PM UTC-5, MRO wrote:

To: Mortifis
Re: Telnet Verifier
By: Mortifis to All on Thu Feb 28 2019 10:46 am

I dislike doing it, but with 1000 bots and trojans attempting to 'hack'

the

board daily, I decided to implement a telnet verifier and restrict new

users

to very limited activity, especially files and message groups. It is sad

bots wont sign up to the bbs, it confuses them.

you can make a simple bbs capcha that loads before the signup process and blocks them if they fail.
---
ş Synchronet ş ::: BBSES.info - free BBS services :::
--- Synchronet 3.17c-Win32 NewsLink 1.110
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Ha! It doesn't take much to confuse them. ;)
--- Synchronet 3.17c-Win32 NewsLink 1.110
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)