1. Forum
  2. Fsxnet Message
  3. FSX MYS

  • Mystic Pi BBS Back up after short outage

    From bcw142@21:1/145 to All on Wednesday, September 27, 2017 13:30:08
    Had quite a battle with the fidopoll.bsy flag from 00:40am this morning. Finally got it solved after a reboot and forcing it off. It was still there after a reboot, so stopped everything and killed it, then restarted:
    drwxrwxrwx 2 pi pi 4096 Sep 27 11:12 .
    drwxr-xr-x 36 pi pi 4096 Sep 27 02:07 ..
    -rw-r--r-- 1 pi pi 0 Sep 27 00:40 fidopoll.bsy
    -rw-r--r-- 1 pi pi 4 Sep 27 11:12 mis2.bsy
    -rw-r--r-- 1 pi pi 4 Sep 27 11:12 mis.bsy
    -rw-r--r-- 1 pi pi 0 Sep 27 10:59 mutil.bsy
    -rwxrwxrwx 1 pi pi 0 Sep 3 10:48 nodeinfo.now
    -rw-r--r-- 1 pi pi 0 Sep 27 02:07 qwkmail.out
    pi@npie:/mystic $ ./fidopoll killbusy
    FIDOPOLL is already running.
    pi@npie:/mystic $ sudo killall mis mis2
    pi@npie:/mystic $ ps aux | grep fido
    pi 4524 0.0 0.2 4272 1856 pts/0 S+ 11:30 0:00 grep --color=auto fido
    pi@npie:/mystic $ s
    pi 4638 4636 0 11:31 pts/0 00:00:00 grep mis
    total 8
    drwxrwxrwx 2 pi pi 4096 Sep 27 11:29 .
    drwxr-xr-x 36 pi pi 4096 Sep 27 02:07 ..
    -rw-r--r-- 1 pi pi 0 Sep 27 00:40 fidopoll.bsy
    -rw-r--r-- 1 pi pi 0 Sep 27 10:59 mutil.bsy
    -rwxrwxrwx 1 pi pi 0 Sep 3 10:48 nodeinfo.now
    -rw-r--r-- 1 pi pi 0 Sep 27 02:07 qwkmail.out
    pi@npie:/mystic $ sudo rm -rf sem*/fidopoll.bsy
    pi@npie:/mystic $ sudo rm -rf sem*/mutil.bsy
    pi@npie:/mystic $ s
    pi 4737 4735 0 11:32 pts/0 00:00:00 grep mis
    total 8
    drwxrwxrwx 2 pi pi 4096 Sep 27 11:32 .
    drwxr-xr-x 36 pi pi 4096 Sep 27 02:07 ..
    -rwxrwxrwx 1 pi pi 0 Sep 3 10:48 nodeinfo.now
    -rw-r--r-- 1 pi pi 0 Sep 27 02:07 qwkmail.out

    OK, that's done it. Proof:

    pi@npie:/mystic $ ./fidopoll killbusy

    FIDOPOLL Version 1.12 A35

    Purging .BSY files for all echomail nodes...

    Time to restart and see what happens.
    Just restarted mis & mis2 and everything was fine except the attackers tying
    up more and more nodes. So created a script for /root:
    #!/bin/bash
    # block
    #cd /mystic
    #sudo rm $2.zone #kill old list
    #sudo -i #become root
    ipset -N $1 hash:net
    wget -P . http://www.ipdeny.com/ipblocks/data/countries/$2.zone
    for i in $(cat $2.zone ); do ipset -A $1 $i; done
    iptables -A INPUT -p tcp -m set --match-set $1 src -j DROP
    iptables -L #only for feedback to you

    Found I had to do the first three commands manually, then:
    block china cn
    block russia ru
    block india in

    All blocked, only one node being attacked for now ;)

    --- Mystic BBS v1.12 A35 (Raspberry Pi/32)
    * Origin: Mystic Pi BBS bcw142.zapto.org (21:1/145)