• Question about hackers

    From Havok@1:103/705 to All on Sun Nov 12 11:27:32 2023
    Question about hackers.

    Too bad for me I got about 25 to 35 scambags probing my system everyday
    one even masks his ip address. I did a lookup and the IP came up as no record.

    So let me ask what is the best settings so they go to the ipcan right
    away? I find the default settings are not enough.

    Thanks...


    -*|04Hav|12o|04k|07*-

    ---
    þ Synchronet þ Anarchy BBS - The Villages,FL
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Havok on Sun Nov 12 12:41:10 2023
    Re: Question about hackers
    By: Havok to All on Sun Nov 12 2023 11:27 am

    Question about hackers.

    Too bad for me I got about 25 to 35 scambags probing my system everyday
    one even masks his ip address. I did a lookup and the IP came up as no record.

    So let me ask what is the best settings so they go to the ipcan right
    away? I find the default settings are not enough.

    Are they causing any actual harm? If not, then your best settings is to just ignore them and go about your day. Many sysops spend far too much time worried about automated scripts (almost never a human hacker) rattling their door knobs. Life's too short, don't sweat it.
    --
    digital man (rob)

    Rush quote #66:
    He's old enough to know what's right, but young enough not to choose it
    Norco, CA WX: 84.7øF, 11.0% humidity, 0 mph ENE wind, 0.00 inches rain/24hrs --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From nelgin@1:103/705 to Havok on Mon Nov 13 01:01:26 2023
    On Sun, 12 Nov 2023 11:27:33 -0500
    "Havok" (VERT/ANARCHY) <VERT/ANARCHY!Havok@endofthelinebbs.com> wrote:

    Question about hackers.

    Too bad for me I got about 25 to 35 scambags probing my system
    everyday one even masks his ip address. I did a lookup and the IP
    came up as no record.

    So let me ask what is the best settings so they go to the ipcan right
    away? I find the default settings are not enough.


    Digital Man says ignore it and I agree for the most part. Any open
    system on the internet is going to get bombarded with shitturds trying
    to hack in. So they want to get into a BBS, whoop. Good luck. Even if
    they get your sysops login, they still have to get the system login
    (you do have a separate system login right?)

    However, one place worth looking is data/hack.log which will record any
    sort of unusual access and login attempts. You can can (no dancing
    please) those IPs. Personally, I tend to block the entire netblock in
    my firewall. If using Linux, I highly recommend using ipset to
    accomplish this, with an ip hash, looking is much quicker than using
    iptables serialized lookups.

    You don't say if you're using Windows or Linux, but you could always
    use fail2ban or a similar log watcher to automatically block unwanted
    repeated connections.

    The only time this could be an issue, is if they're hitting all your
    nodes at once and any legitimate callers will get:

    No nodes available for login
    Sorry, all terminal nodes are in use or otherwise unavailable

    You may wish to create your own monitoring script that'll run node
    status and make sure you have at least 1 or 2 nodes "Waiting for
    connection".

    I run 10 nodes, sbbs could easily run more, and I very, very rarely
    have such an issue.

    In summery or TL;DR; ... Check hack.log but otherwise ignore it.
    --
    End Of The Line BBS - Plano, TX
    telnet endofthelinebbs.com 23
    ---
    þ Synchronet þ End Of The Line BBS - endofthelinebbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)