Hmm seeing as I run on port 23 I get all sorts of spurious script kiddies trying to log in, expecting they're trying to log into a router or something similar, not realising they're attempting to hack a DOS implementation.

So, I went through a few phases trying to sort them out.. I've ended up with.

- Add everything possible that they seem to use to the bad usernames file,
ultimately this included the GUEST account as its a regular for attempts
by kiddies.

- Your banned name response can be anything, when I first started I used the SuperBBS manual to make it look like they found something :) Then I swapped to the middle finger image, and ban threats. This does seem to
slow some of them down a little.

- I have HAPROXY installed on the linux box to send the telnet requests to
my DOS bbs. Any linux service ought to be able to manage something
similar. I have set up fail2ban so that it'll ban anyone connecting
to HAPROXY more than 3 times in one minute. Which the scripts tend to do, and real users don't.

- fail2ban is presently only banning specific IP's for 1 year at the moment
I have had it ban for 10 minutes, 1 hour, 1 day, forever, but 1year seems
to have the most effect. I have also set it in the past to ban class c
networks based on the offending IP. I'm not sure about this one, it
seems to slow things down a treat, but there's some consternation
that this net is a bit wide and you might ban a lot of innocent
addresses. And it was such a pain to set up a second time after losing
it, I couldn't be bothered.

None of this is really new information, but it is I think the first time I've put it together in one place, and it might be of value to anyone whose bbs is linux based, or has a linux passthrough component, and the bad user list could work for anyone. I'll pop the bad names list up through the bot echo with the subject badnames

Spec


--- SuperBBS v1.17-3 (Eval)
* Origin: < Scrawled in blood at The Lower Planes > (21:3/101)

None of this is really new information, but it is I think the first time I've put it together in one place, and it might be of value to anyone whose bbs is linux based, or has a linux passthrough component, and the bad user list could work for anyone. I'll pop the bad names list up through the bot echo with the subject badnames

What I do is IP block by country, and also implement some fail2ban blocking rules. I prefer keeping my board on ports 22 and 23 for ssh and telnet (respectively).

In addition to that, I have an old frontdoor / intermail style "Press <esc> twice to login..." mod that will end connections after 15 seconds unless it detects the escape keypresses. Following that, I have a prelogin disclaimer screen that will only accept "YES" as a pre-login password (which it spells
out in the disclaimer) and otherwise just immediately ends connections. These things have worked very well. I haven't had any instances of scripts or
botnets circumventing any of that and/or tying up my telnet lines.

--- Mystic BBS v1.12 A44 2020/01/16 (Linux/64)
* Origin: monterey bbs (21:1/168)

What I do is IP block by country, and also implement some fail2ban blocking rules. I prefer keeping my board on ports 22 and 23 for ssh
and telnet (respectively).

In addition to that, I have an old frontdoor / intermail style "Press twice to login..." mod that will end connections after 15 seconds
unless it detects the escape keypresses. Following that, I have
a prelogin disclaimer screen that will only accept "YES" as a pre-login password (which it spells out in the disclaimer) and otherwise

I looked at the country IP banning at one stage too, even just banned a few outright. In the end I thought that was even less fair than banning class c addresses :) I too like to keep running on 23..

At the time I originally setup I couldn't get FD to play ball. Not only that but you can't get keys for FD for multi-node indefinately at the moment, since JOHO lost his SSD. But it does sound like like a bonus I hadn't considered. Wheee you make those users work hard :) I tried to stay out of the users face as much as possible.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Scrawled in haste at The Lower Planes (21:3/101)

On 20 Jan 2020, Spectre said the following...

Hmm seeing as I run on port 23 I get all sorts of spurious script
kiddies trying to log in, expecting they're trying to log into a router
or something similar, not realising they're attempting to hack a DOS implementation.

I've had guys try to dial in before but it's always bots. When they get to
the login screen they usually don't know what to do so they just time out.

Born too late to experience the scene.
Born just in time to see it come back.
Nodoka Hanamura - NeoCincinnati BBS SYSOP - neocinci.bbs.io

--- Mystic BBS v1.12 A44 2020/02/04 (Linux/32)
* Origin: NeoCincinnati BBS - neocinci.bbs.io:23 (21:2/106)

I've had guys try to dial in before but it's always bots. When they get to the login screen they usually don't know what to do so they just time out.

I see that too, but I try to stop them at the gate rather the hold up the node until time out.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Scrawled in haste at The Lower Planes (21:3/101)