portlogs of my BBS (Mystic BBS) I have noticed that i have had an inmense
flood of IP's blocked by hacking attempts, at first I it seemed something specific but this was repetead day after day, usually from various IP's try
to login with words like MIRAI,Busybox, Android, shell, etc.

Any Ideas what's happend?

Best.

Patricio Rodriguez (aka.Folk3n30)

--- Mystic BBS v1.12 A33 (Windows/64)
* Origin: Mastodont BBS [mastodontbbs.hopto.org] - (21:2/126)

telnet portlogs of my BBS (Mystic BBS) I have noticed that i have had an inmense flood of IP's blocked by hacking attempts, at first I it seemed something specific but this was repetead day after day, usually from various IP's try to login with words like MIRAI,Busybox, Android, shell, etc.
Patricio Rodriguez (aka.Folk3n30)

I've seen the same type of think on my BBS. Once thing I've done is to edit the badcountry.txt in mystic/data and weed out a lot of the countries I know a lot of Hacks come from. i.e. China, Africa, Russia so the system will automatically block those countries.

If you do that, then these instances may decrease....

Gary Crunk
Another F-ing BBS
anotherbbs.bbsindex.com

--- Mystic BBS v1.12 A33 (Windows/32)
* Origin: Another F-ing BBS (21:2/105)

On 06/12/17, Folk3n30 said the following...

Hi all, I want to ask a question, for a couple of days reviewing the telnet portlogs of my BBS (Mystic BBS) I have noticed that i have had an inmense flood of IP's blocked by hacking attempts, at first I it seemed something specific but this was repetead day after day, usually from various IP's try to login with words like MIRAI,Busybox, Android, shell, etc.

That's the bad part of being a Sysop these days. Unfortunately there's a lot of people that dedicate time trying to find over the Internet systems
that grant free access to these users and they transform them into bots (many of them are set-top-boxes).
There's no way to stop it completely, but you can:

- Block a few countries where this kind of access is more often, like Russia, China, India, Bangladesh, etc... Take a look at your log files and
you will see.
- Transfer your telnet server to a different port, like 2323 or 8000.
- Put these users into a file called THRASHCAN.DAT, that will block them right away;
- Create these users into your system and block them.
- Suppress ASCII-terminal access to your system
- Allow only SSH-based logins

Certainly our friends here can contribute with suggestions. Personally I have blocked a few countries and put these users into the thrashcan file and
I am surviving.

----
Regards from Nighthawk - AKA Flavio Bessa
Sysop of Saturn's Orbit BBS - Rio de Janeiro, Brazil
fcbessa@gmail.com - saturnsorbit.hopto.org

--- Mystic BBS v1.12 A34 (macOS/64)
* Origin: Chiron, orbiting Saturn - Chile (21:1/146.1)