Hey guys, I'm seeing a ton of random connections being opened and then closed almost straight away, some are multiple attempts within a few seconds and
they subsequently get blocked, but others are just the odd connection here
and there... does anyone else have this? is this normal or are some people unable to connect to my bbs for one reason or another?

On a side note, those connections that are multiple attempts within a few seconds are successfully getting blocked by the server as per my setup, but
I'm just looking mainly at the single attempted connections that don't seem
to get passed the connection open stage.

Thanks,
Christian.

--- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
* Origin: The Quantum Wormhole, Ramsgate, UK. bbs.erb.pw (21:1/158)

Hey guys, I'm seeing a ton of random connections being opened and then closed almost straight away, some are multiple attempts within a few seconds and they subsequently get blocked, but others are just the odd

Are those telnet connections on port 23? If so, they are mostly the result
of scans done by systems trying to find open telnet connections that
might provide attack targets.

--- Mystic BBS v1.12 A39 2018/04/21 (Raspberry Pi/32)
* Origin: The Search BBS (21:1/161)

Are those telnet connections on port 23? If so, they are mostly the result of scans done by systems trying to find open telnet connections that might provide attack targets.

Yeah, that's exactly what I thought was the case but wanted to ask just in
case something wasn't working on my BBS and people generally had issues connecting.

Thanks for the quick response.

--- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
* Origin: The Quantum Wormhole, Ramsgate, UK. bbs.erb.pw (21:1/158)

On 09/07/18, MeaTLoTioN pondered and said...

Are those telnet connections on port 23? If so, they are mostly the result of scans done by systems trying to find open telnet connection that might provide attack targets.

Yeah, that's exactly what I thought was the case but wanted to ask just
in case something wasn't working on my BBS and people generally had
issues connecting.

Thanks for the quick response.

The comments are correct, actions are 99.9% likely to be BOTs and scripts probing ports and your auto IP blocking in Mystic will be a very useful tool. It is for me :)

--- Mystic BBS v1.12 A39 2018/04/21 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Avon wrote:

On 09/07/18, MeaTLoTioN pondered and said...

Are those telnet connections on port 23? If so, they are mostly the
result of scans done by systems trying to find open telnet connection
that might provide attack targets.

Yeah, that's exactly what I thought was the case but wanted to ask just
in case something wasn't working on my BBS and people generally had
issues connecting.

Thanks for the quick response.

The comments are correct, actions are 99.9% likely to be BOTs and scripts probing ports and your auto IP blocking in Mystic will be a very useful

tool.

It is for me :)

Yup, I get them all the time.

Sep 7 16:37:43 bbs synchronet: mail 0075 SMTP Throttling suspicious
connection from: 181.214.206.84 (32 login attempts)


Asshats. :)
--- SBBSecho 3.06-Linux
* Origin: End Of The Line BBS - endofthelinebbs.com (21:2/101)

Not sure being I have never asked but one time I looked that the blacklist
and it was like 3200 lines.

So I went back to peerblock and my own block country block list. Like with
AU or a country that is blocked id someone in that country is blocked I just add them to allow list and all is good with the world again.

So for after 4 or 5 year of using it I never have to delete or look at
Mystic's blacklist being it rolls the logs but keeps the blocked countries.


http://forums.peerblock.com/

Just my two cents


|11Greg Youngblood|08 aka:|15H|07a|15v|07o|15k

--- Mystic BBS v1.12 A39 2018/04/21 (Windows/32)
* Origin: After Hours|The Villages,FL|afterhours-bbs.com (21:4/119)

On 09/07/18, MeaTLoTioN said the following...

connection here and there... does anyone else have this? is this normal
or are some people unable to connect to my bbs for one reason or another?

I just connected to your BBS fine.

However, the "send a welcome email" and read the "welcome" email didnt work - I'm guessing because new user security is lower then those mailgroups.

Also on your menu you have tqnet application, but nothing worked after that - just FYI...

...deon

--- Mystic BBS v1.12 A39 2018/04/21 (Raspberry Pi/32)
* Origin: Chinwag | MysticBBS in Docker on a Pi! (21:2/116.1)

On 09/07/18, MeaTLoTioN said the following...

Are those telnet connections on port 23? If so, they are mostly the result of scans done by systems trying to find open telnet connection that might provide attack targets.

Yeah, that's exactly what I thought was the case but wanted to ask just
in case something wasn't working on my BBS and people generally had
issues connecting.

BTW, I run telnet on 10023 for that reason. I still get probes but probably less then those on port 23.

...deon

--- Mystic BBS v1.12 A39 2018/04/21 (Raspberry Pi/32)
* Origin: Chinwag | MysticBBS in Docker on a Pi! (21:2/116.1)

However, the "send a welcome email" and read the "welcome" email didnt work - I'm guessing because new user security is lower then those mailgroups.

Thanks for the heads up... you were right, so I just changed them and now
they work fine. Thank you for finding out and helping :)

--- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
* Origin: The Quantum Wormhole, Ramsgate, UK. bbs.erb.pw (21:1/158)

Also on your menu you have tqnet application, but nothing worked after that - just FYI...

ok so it looks like I had some incorrect security levels set for new users, which everything should now be ok. If you get another chance to hop on and
take a peek, hopefully everything should work fine.

Again, thanks for the heads up. Muchly appreciated.

--- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
* Origin: The Quantum Wormhole, Ramsgate, UK. bbs.erb.pw (21:1/158)