Hello guys,

Just for kicks, I installed a VM with windows xp on it. I installed a BBS. ok its not synchronet but with what I discovered it doesn't matter.
So I set it up, do some tests and everything seems to work. but theres 1 tiny problem I do see that really bugs me. I see a lot of attempted connections from various IP address. My BBS refuse the connection and eventually blocks it but I wonder if its all considered normal at some point. I mean, I haven't published it so technically no one is suppose to see it and connecting to it.

thanks in advance for any reply

---
þ Synchronet þ MtlGeek - Geeks in Montreal - http://mtlgeek.com/ -

Re: a lot of attempted connection
By: Bigbangnet to All on Mon Mar 06 2017 18:44:48

tiny problem I do see that really bugs me. I see a lot of attempted connections from various IP address. My BBS refuse the connection and eventually blocks it but I wonder if its all considered normal at some

Yes, it's very common, and has been discussed at great length on this network.

point. I mean, I haven't published it so technically no one is suppose to see it and connecting to it.

These are automated systems crawling the internet looking for hosts to attack, not likely targeting anyone based on their presence on a BBS list etc.

I generally ignore it. If it bugs you or you're concerned about it, it's not really a BBS problem, so looking into standard ways of blocking hack attempts may help.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

On 2017 Mar 06 18:44:48, you wrote to All:

but theres 1 tiny problem I do see that really bugs me. I see a lot of attempted connections from various IP address. My BBS refuse the connection and eventually blocks it but I wonder if its all considered normal at some point. I mean, I haven't published it so technically no
one is suppose to see it and connecting to it.

bots scan the internet all the time... they don't case about anything other than the IP numbers and if they can connect to something on some port...

with that said, what port are you running your telnet stuff on? if it is the standard port 23, move it to another port... you can probably just change it in
your firewall's port forwarding section and forward the new port to the internal machine's 23... it won't even know that it is communicating to other external machines via a different port ;)

don't use 2023 as it is targetted by the MIRAI bot and its variants as well as two or three other ports that we don't have to worry about for BBS ops...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
... DANGER!! Mouse Driver Loaded - Call Police!
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: a lot of attempted connection
By: echicken to Bigbangnet on Mon Mar 06 2017 08:43 pm

tiny problem I do see that really bugs me. I see a lot of attempted
connections from various IP address. My BBS refuse the connection
and eventually blocks it but I wonder if its all considered normal
at some

Yes, it's very common, and has been discussed at great length on this network.

<SNIP>

The system DM implemented to auto can these bots had done wonders for me.. when I was gettign close to 10 connections at a time (ALL THE TIME) on different servers, since the auto IP ban has been put into effect, it has dwindled down to about a couple ever few minutes (not a problem)

--

Tim Smith (KK4QBN)
KK4QBN BBS

---
þ Synchronet þ KK4QBN BBS - (706)422-9538 - kk4qbn.synchro.net, Chatsworth GA US

Hello Bigbangnet!

06 Mar 17 18:44, you wrote to all:

Just for kicks, I installed a VM with windows xp on it. I installed a
BBS. ok its not synchronet but with what I discovered it doesn't

If not synchronet make sure it's got some good filtering in there. :)
My current dos BBS runs using netfoss and it's pretty darn good at keeping
the bots at bay. I run on the standard port (23) and just ignore them.

A couple times they got convinced I had somethign they wanted and it
crashed, but thankfully that doesn't happen often.

Shawn


... I often quote myself; it adds spice to my conversation.
--- GoldED+/LNX 1.1.5-b20160322
* Origin: Tiny's BBS - www.tinysbbs.com (723:1/2.3)
þ Synchronet þ thePharcyde_ telnet://bbs.pharcyde.org (Wisconsin)

Re: a lot of attempted connection
By: Bigbangnet to All on Mon Mar 06 2017 06:44 pm

Hello guys,

Just for kicks, I installed a VM with windows xp on it. I installed a BBS. ok its not synchronet but with what I discovered it doesn't matter.
So I set it up, do some tests and everything seems to work. but theres 1 tiny problem I do see that really bugs me. I see a lot of attempted connections from various IP address. My BBS refuse the connection and eventually blocks it but I wonder if its all considered normal at some point. I mean, I haven't published it so technically no one is suppose to see it and connecting to it.

it's part of running a server on the internet.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: a lot of attempted connection
By: Bigbangnet to All on Mon Mar 06 2017 06:44 pm

So I set it up, do some tests and everything seems to work. but theres 1 tiny problem I do see that really bugs me. I see a lot of attempted connections from various IP address. My BBS refuse the connection and eventually blocks it but I wonder if its all considered normal at some point. I mean, I haven't published it so technically no one is suppose to see it and connecting to it.

That seems to happen with anything online. If it's public, someone will end up seeing it. There are web crawlers & things that go looking for web sites (which is how Google & other search engines find web sites to appear in their search engines), and hackers do the same things.

One time I did something similar - I created a new email address and didn't use it for anything, and eventually I started getting spam emails at that address. Unfortunately, that's just the way it works.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com

El 06/03/17 a las 20:44, Bigbangnet escribió:

Hello guys,

Just for kicks, I installed a VM with windows xp on it. I installed a BBS. ok its not synchronet but with what I discovered it doesn't matter.
So I set it up, do some tests and everything seems to work. but theres 1 tiny problem I do see that really bugs me. I see a lot of attempted connections from
various IP address. My BBS refuse the connection and eventually blocks it but I
wonder if its all considered normal at some point. I mean, I haven't published
it so technically no one is suppose to see it and connecting to it.

thanks in advance for any reply

---
þ Synchronet þ MtlGeek - Geeks in Montreal - http://mtlgeek.com/ -

Yes are usual... i use fail2ban on linux.

Ragnarok wrote to Bigbangnet <=-

@VIA: VERT/DOCKSUD
@TZ: ff4c
El 06/03/17 a las 20:44, Bigbangnet escribi<:

Hello guys,

Just for kicks, I installed a VM with windows xp on it. I installed a BBS.

ok

its not synchronet but with what I discovered it doesn't matter.
So I set it up, do some tests and everything seems to work. but theres 1

tiny

problem I do see that really bugs me. I see a lot of attempted connections

fro

m

various IP address. My BBS refuse the connection and eventually blocks it

but

I

wonder if its all considered normal at some point. I mean, I haven't

published

it so technically no one is suppose to see it and connecting to it.

thanks in advance for any reply

---
= Synchronet = MtlGeek - Geeks in Montreal - http://mtlgeek.com/ -

Yes are usual... i use fail2ban on linux.

If I may interject:

I definitely agree about fail2ban, if you are using a *nix environment.

Look at a sampling of your logs. See if you can group the originating IPs into comon groups and find out where they are attacking from, and on what ports.

Block the ports you do not need using whichever firewall you are using.

Disable unneeded services.

Block routinely attacking addresses. If they are from a foreign country, you can get firewall rules that block entire countries.

Unless you are running an international commerce site, blocking an entire country will do you no harm.

Thanks,
Jay

... What is mind? No matter! What is matter? Never mind! - Homer S.
--- MultiMail/Linux v0.49
þ Synchronet þ JAYSCAFE - jayscafe.jayctheriot.com

Re: Re: a lot of attempted co
By: Jazzy_J to Bigbangnet on Sat Mar 11 2017 02:23:00

Ragnarok wrote to Bigbangnet <=-

@VIA: VERT/DOCKSUD
@TZ: ff4c
El 06/03/17 a las 20:44, Bigbangnet escribi<:

Hello guys,

Just for kicks, I installed a VM with windows xp on it. I installed a BBS

ok

its not synchronet but with what I discovered it doesn't matter.
So I set it up, do some tests and everything seems to work. but theres 1

tiny

problem I do see that really bugs me. I see a lot of attempted connection

fro

m

various IP address. My BBS refuse the connection and eventually blocks it

but

I

wonder if its all considered normal at some point. I mean, I haven't

published

it so technically no one is suppose to see it and connecting to it.

thanks in advance for any reply

---
= Synchronet = MtlGeek - Geeks in Montreal - http://mtlgeek.com/ -

Yes are usual... i use fail2ban on linux.

If I may interject:

I definitely agree about fail2ban, if you are using a *nix environment.

Look at a sampling of your logs. See if you can group the originating IPs i comon groups and find out where they are attacking from, and on what ports.

Block the ports you do not need using whichever firewall you are using.

Disable unneeded services.

Block routinely attacking addresses. If they are from a foreign country, yo can get firewall rules that block entire countries.

Unless you are running an international commerce site, blocking an entire country will do you no harm.

Thanks,
Jay

... What is mind? No matter! What is matter? Never mind! - Homer S.

I'll have to look into that and other methods if I can. but what I could try to do is isolate my server to my router. that way even if they hack me they wont have access beyond my server. But that...idk where to start so I'll start with google I guess and pick up from there. I know certain routers can have some kind of guest acces which gives them Internet access but no network...internally I mean so its possible to do a server but not communicate outside its server itself...so not to my PC for example. thanks for all the input

---
þ Synchronet þ MtlGeek - Geeks in Montreal - http://mtlgeek.com/ -