1. Forum
  2. DOVE-Net
  3. Synchronet Discussion

  • Telnet Verifier

    From Mortifis@VERT/ALLEYCAT to All on Thu Feb 28 10:46:22 2019
    I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the board daily, I decided to implement a telnet verifier and restrict new users to very limited activity, especially files and message groups. It is sad that we live in an era that there are 1000:1 more attempted hack attempts and ID phishers than legitimate users :-/



    2 wrongs don't make a right, but 3 left turns will get you back on the freeway!

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
  • From MRO@VERT/BBSESINF to Mortifis on Thu Feb 28 11:46:26 2019
    Re: Telnet Verifier
    By: Mortifis to All on Thu Feb 28 2019 10:46 am

    I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the board daily, I decided to implement a telnet verifier and restrict new users to very limited activity, especially files and message groups. It is sad


    bots wont sign up to the bbs, it confuses them.

    you can make a simple bbs capcha that loads before the signup process and blocks them if they fail.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From DaiTengu@VERT/ENSEMBLE to Mortifis on Thu Feb 28 10:20:37 2019
    Re: Telnet Verifier
    By: Mortifis to All on Thu Feb 28 2019 10:46 am

    I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the board daily, I decided to implement a telnet verifier and restrict new users to very limited activity, especially files and message groups. It is sad that we live in an era that there are 1000:1 more attempted hack attempts and ID phishers than legitimate users :-/

    The telnet connections are known worms trying to hit IOT devices and certain routers. they'll try some default usernames and passwords, but would have no idea what to do if they got logged into a BBS (and that would require an account on your board with the same username/passwords they were trying).

    My BBS is hosted at a large VPS provider that's regularly scanned by all kinds of script kiddies, trojans, worms, etc. I run everything on default ports
    and I've never had any issues other than photo.scr being uploaded before file.can was a thing. That's not to say I don't have any security on my system, I temporarily block any IP that makes more than 5 connections in as many minutes, which solved the issue of all my nodes getting tied up by a bot or two.

    DaiTengu

    ... I'm not afraid of heights. I'm afraid of widths.

    ---
    þ Synchronet þ War Ensemble BBS - The sport is war, total war - warensemble.com
  • From Nightfox@VERT/DIGDIST to Mortifis on Thu Feb 28 10:05:36 2019
    Re: Telnet Verifier
    By: Mortifis to All on Thu Feb 28 2019 10:46 am

    I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the board daily, I decided to implement a telnet verifier and restrict new users to very limited activity, especially files and message groups. It is sad that we live in an era that there are 1000:1 more attempted hack attempts and ID phishers than legitimate users :-/

    Yeah, any way to robustify the system to protect against hackment is good. I have restricted a lot of the things on my BBS so that the guest account can't do them (running most of the doors, for instance), and a while ago I made a simple text-based captcha that's used when new users are applying.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From Daryl Stout@VERT to MORTIFIS on Thu Feb 28 17:10:00 2019
    I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the M>board daily, I decided to implement a telnet verifier and restrict new users M>very limited activity, especially files and message groups. It is sad that w M>live in an era that there are 1000:1 more attempted hack attempts and ID M>phishers than legitimate users :-/

    Sad, but true. Plus, I have it set to where they must Email Feedback
    To Sysop, telling where they heard about the BBS, and what they're
    looking for in it....adding "a one word message of YO! or HI! is NOT sufficient".

    They also have to do this, and the telnet email verifier within 48
    hours of initial logon, or I zap the account. If they complete it
    quickly, then I feel they want to be a part of the BBS. Otherwise, to
    me, they're not interested.

    Yet, I run the BBS for MY enjoyment...so it doesn't bother me if I'm
    not drowning in new users. Besides, with Tornado Season in Arkansas now,
    I'm going to be offline more than usual, due to storms.

    Daryl

    ===
    þ OLX 1.53 þ JavaScript: Instructions on how to make a pot of coffee.
    --- SBBSecho 3.06-Win32
    * Origin: FIDONet: The Thunderbolt BBS - tbolt.synchro.net (1:19/33)
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Daryl Stout@VERT to NIGHTFOX on Thu Feb 28 17:12:00 2019
    Yeah, any way to robustify the system to protect against hackment is good. I N>have restricted a lot of the things on my BBS so that the guest account can't N>do them (running most of the doors, for instance), and a while ago I made a N>simple text-based captcha that's used when new users are applying.

    I got the CAPTCHA from Lord Blackfair, then figured out how to create
    a different numeric string, and set up batch files to copy the deal out
    every 15 minutes around the clock.

    As for the doors, the guests get the non-game and information doors only...and read only access in message board 1.

    Daryl

    ===
    þ OLX 1.53 þ Jaywalkers will be run down, and ticketed by police.
    --- SBBSecho 3.06-Win32
    * Origin: FIDONet: The Thunderbolt BBS - tbolt.synchro.net (1:19/33)
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Ragnarok@docksud.com.ar to Mortifis on Sat Mar 2 07:03:50 2019
    El 28/2/19 a las 11:46, Mortifis escribió:
    I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the board daily, I decided to implement a telnet verifier and restrict new users to
    very limited activity, especially files and message groups. It is sad that we
    live in an era that there are 1000:1 more attempted hack attempts and ID phishers than legitimate users :-/



    2 wrongs don't make a right, but 3 left turns will get you back on the freeway!

    ---

    you must use fial2ban
  • From Plt@VERT/SBBS to Mortifis on Sat Mar 2 22:47:55 2019
    I feel sorry for you

    On 2/28/19 9:46 AM, Mortifis wrote:
    I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the >board daily, I decided to implement a telnet verifier and restrict new users to
    very limited activity, especially files and message groups. It is sad that we >live in an era that there are 1000:1 more attempted hack attempts and ID >phishers than legitimate users :-/



    2 wrongs don't make a right, but 3 left turns will get you back on the freeway!

    ---
    â–  Synchronet â–  AlleyCat! BBS - http://alleycat.synchro.net:81

    ---
    þ Synchronet þ sbbs.dynu.net 2025
  • From jpbock@VERT to alt.bbs.synchronet on Thu Mar 14 07:19:18 2019
    From Newsgroup: alt.bbs.synchronet

    On Thursday, February 28, 2019 at 12:51:06 PM UTC-5, MRO wrote:
    To: Mortifis
    Re: Telnet Verifier
    By: Mortifis to All on Thu Feb 28 2019 10:46 am

    I dislike doing it, but with 1000 bots and trojans attempting to 'hack' the
    board daily, I decided to implement a telnet verifier and restrict new users
    to very limited activity, especially files and message groups. It is sad


    bots wont sign up to the bbs, it confuses them.

    you can make a simple bbs capcha that loads before the signup process and blocks them if they fail.
    ---
    ÅŸ Synchronet ÅŸ ::: BBSES.info - free BBS services :::
    --- Synchronet 3.17c-Win32 NewsLink 1.110
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net
    Ha! It doesn't take much to confuse them. ;)
    --- Synchronet 3.17c-Win32 NewsLink 1.110
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net