Now this is what I call a good job by the ip.can

@! 08:19p Blocked IP: 68.165.8.214

@! 08:19p Blocked IP: 68.165.8.214

@! 08:19p Blocked IP: 68.165.8.214

@! 08:19p Blocked IP: 68.165.8.214

@! 08:19p Blocked IP: 68.165.8.214

@! 08:19p Blocked IP: 68.165.8.214

The ones that try a spam attack are the ones that get thrown in the can.
and yes there are still some that get past my double fire wall.

---
þ Synchronet þ the Outwest BBS - outwestbbs.com Telnet - outwestbbs.com:23

Re: Bot Blocking
By: Denn Gray to All on Sun Jul 02 2017 20:35:28

The ones that try a spam attack are the ones that get thrown in the can. and yes there are still some that get past my double fire wall.

would'nt you have to open a port through your double firwewall for any traffic to get through at all? so really you firewall has no effect on Mirai, UNLESS you are running non-standard ports.

--

Tim Smith (KK4QBN)
KK4QBN BBS

---
* Synchronet * KK4QBN - kk4qbn.synchro.net - 7064229538 - Chatsworth GA USA

Re: Bot Blocking
By: KK4QBN to Denn Gray on Mon Jul 03 2017 07:00 am

The ones that try a spam attack are the ones that get thrown in the can. and yes there are still some that get past my double fire wall.

would'nt you have to open a port through your double firwewall for any traffic to get through at all? so really you firewall has no effect on Mirai, UNLESS you are running non-standard ports.

Yes there are still some open ports that they still squeeze through.

---
þ Synchronet þ the Outwest BBS - outwestbbs.com Telnet - outwestbbs.com:23

Now this is what I call a good job by the ip.can

@! 08:19p Blocked IP: 68.165.8.214

The ones that try a spam attack are the ones that get thrown in the can. DG>and yes there are still some that get past my double fire wall.

I've got a similar setup, but that LOGIN.JS deal with Synchronet
disconnects the ton of bots with "Root", "Admin", "Sysop",
etc...although those could be from one bot family.

I rarely have problem with twit callers...although one (now former)
user and Visiting Sysop REFUSED to provide his information. What a
caller, user or Sysop, does OUTSIDE THE BBS is THEIR BUSINESS...but,
they're a GUEST IN MY HOME AT LOGON.

I immediately banned and blocked him, but I don't remember who it was
now. To me, that Sysop might have been looking for user account data to
hack various BBS user accounts. It's a shame that there are even "bad
apples" among Sysops.

Daryl

---
þ OLX 1.53 þ Does the name Pavlov ring a bell?
þ Synchronet þ The Thunderbolt BBS - wx1der.dyndns.org

Re: Bot Blocking
By: Daryl Stout to DENN GRAY on Mon Jul 03 2017 11:24:00

Hi Daryl,

my name is Juergen, aka Elwood, I'm nw part of the synchronet family.
Sorry about my bad english, but I had have no training the last few years.
I have this problem too with the Bots from China, Camboida and also USA and somemore else. I have installed a big ip.can filled up with adresses from www.wizcrafts.net. Up to now the ip.can have > 3500 lines in it. I change the telnet Port to 1023, now i has calmed down. :-)

If you use a firewall, did you use a hardware firewall? Because this is the only firewall in contrast to the software firewall, that use something.

Greetz
Juergen
aka Elwood

-------------------------------------------------------
BBS.DOSNETZ.DE - TELNET on PORT 1023 - A SYNCHRONET BBS

---
þ Synchronet þ DOSNETZ BBS - TELNET 1023 - BBS.DOSNETZ.DE

Hi Daryl,

Hi, Jurgen...when I think of Elwood, I think of Dan Akroyd in the
movie "The Blues Brothers". <G>

my name is Juergen, aka Elwood, I'm nw part of the synchronet family.
Sorry about my bad english, but I had have no training the last few years.

You're doing quite well, my friend. :)

I have this problem too with the Bots from China, Camboida and also USA and E>somemore else. I have installed a big ip.can filled up with adresses from E>www.wizcrafts.net. Up to now the ip.can have > 3500 lines in it. I change the E>telnet Port to 1023, now i has calmed down. :-)

The login.js deal in sbbs\exec is taking care of those, in conjunction
with the ip.can file. So for now, I'm leaving the ports as they are.

If you use a firewall, did you use a hardware firewall? Because this is the E>only firewall in contrast to the software firewall, that use something.

I have the Windows Firewall, and protection from IObit Software. I
also recently got a new router, and I have greatly modified the wi-fi
and router passwords to basically "gibberish"...but I have to use a
password manager, or I'll never remember them!!

Years ago, when I ran GT Power software under dial-up only (did that
for 13 years) one user had high ascii characters in his password, along
with letters, numbers, and symbols, and I think he had it as 25
characters. But, instead of a password manager, he had a keyboard macro
to use...one press, and it entered his name and password, and he was
logged on!!

Daryl

---
þ OLX 1.53 þ Birds of a feather flock to a newly washed car.
þ Synchronet þ The Thunderbolt BBS - wx1der.dyndns.org

Re: Bot Blocking
By: Daryl Stout to ELWOOD on Tue Jul 04 2017 08:24:00

Hi Daryl,

Hi, Jurgen...when I think of Elwood, I think of Dan Akroyd in the
movie "The Blues Brothers". <G>

YESS! thats why I got this username. Look at this lod FAQ and nodelist from the TORNADO BBS -> http://www.faqs.org.ru/softw/bbssoft/tornado.htm
4. Node, that was my old BBS running the great Tornado BBS ;-)

The login.js deal in sbbs\exec is taking care of those, in conjunction with the ip.can file. So for now, I'm leaving the ports as they are.

But what does login.js exactly? Is the file counting the login-attemtps?
And after counting (10 times per second) and write the ip-adress in ip.cam?
I open Port 25 for the purpose of Internet-Mail and a few secons later I have seen this in the mail-server log:
-----------------------------------snipp
7.4 09:49:32p 1208 SEND connecting to port 25 on w0088581.kasserver.com [85.13.139.169]
7.4 09:49:33p 1208 SEND message transfer complete (1159 bytes, 36 lines)
7.4 09:49:33p 0000 SEND Auto-exempting: <neo67@linuxmintusers.de>
7.4 09:49:59p 1504 SMTP Connection accepted on port 25 from: 77.65.25.162 port 59022
7.4 09:49:59p 1504 SMTP Hostname: d25-162.icpnet.pl
7.4 09:49:59p 1480 SMTP Connection accepted on port 25 from: 77.65.25.162 port 55043
7.4 09:49:59p 1480 SMTP Hostname: d25-162.icpnet.pl
7.4 09:50:00p 1504 Socket closed by peer on receive
7.4 09:50:00p 1504 SMTP Session thread terminated (3 threads remain, 6 clients served)
7.4 09:50:00p 1480 !SMTP ILLEGAL RELAY ATTEMPT from <> [77.65.25.162] to whisper0144@outlook.com
7.4 09:50:00p 1480 SMTP Session thread terminated (2 threads remain, 7 clients served)
7.4 09:50:00p 1400 SMTP Connection accepted on port 25 from: 77.65.25.162 port 60659
7.4 09:50:00p 1400 SMTP Hostname: d25-162.icpnet.pl
7.4 09:50:01p 1400 !SMTP UNKNOWN USER: 'info' (password: info)
7.4 09:50:06p 1400 SMTP Session thread terminated (2 threads remain, 8 clients served)
7.4 09:50:06p 2024 SMTP Connection accepted on port 25 from: 77.65.25.162 port 53104
7.4 09:50:06p 2024 SMTP Hostname: d25-162.icpnet.pl
7.4 09:50:06p 2024 !SMTP UNKNOWN USER: 'postmaster' (password: postmaster)
7.4 09:50:11p 2024 SMTP Session thread terminated (2 threads remain, 9 clients served)
7.4 09:50:11p 1724 SMTP Connection accepted on port 25 from: 77.65.25.162 port 52367
--------------------------------------------------------- snipp
So, you are able to block 77.65.25.162 ;-)
It is a miracle, how fast the scrips are doing their job. %-)

I have the Windows Firewall, and protection from IObit Software. I
also recently got a new router, and I have greatly modified the wi-fi

A hardware firewall is duty.
I prefer "Watchguard" appliance. Because they have to seperate IP Zones.

I'm happy to be part of the synchronet family!

THX & greetz
Juergen
aka Elwood
BBS-Internet-Mail: elwood@bbs.dosnetz.de ------------------------------------------------
Synchronet BBS.DOSNETZ.DE - Telnet via Port 1023 ------------------------------------------------

---
þ Synchronet þ DOSNETZ BBS - TELNET 1023 - BBS.DOSNETZ.DE