1. Forum
  2. FidoNet
  3. SYNC SYSOPS

  • Just opened ports -- and all the crap floods in

    From Sam Alexander@1:103/705 to All on Sun Jul 6 17:07:04 2025
    I just opened my ports for telnet and ssh from the internet to Sync through my router, and instantly it started getting hit with jokers running scripts trying to get in. Crazy how fast these things hit. I only have four nodes, but it's constantly tying up the first two. I guess this is the new normal? I have OpenSSH setup on a non standard port, but I bet it's only time before this gets found too.

    Sam

    ---
    þ Synchronet þ -==[ Totally Nerd BBS ]==- (Work in Progress) - totallynerd.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mike Powell@1:103/705 to SAM ALEXANDER on Mon Jul 7 11:07:00 2025
    I just opened my ports for telnet and ssh from the internet to Sync through my
    router, and instantly it started getting hit with jokers running scripts tryin
    to get in. Crazy how fast these things hit. I only have four nodes, but it's
    constantly tying up the first two. I guess this is the new normal? I have OpenSSH setup on a non standard port, but I bet it's only time before this get
    found too.

    When I had my SSH set to the standard port, it got hammered the hardest --
    a lot more than the telnet port. My telnet port is still standard and yes,
    it does get hit pretty regular, but not usually enough to tie all the nodes up like the SSH port did.

    Yes, that is the new normal. With synchronet, it will put temp bands on
    IPAs if you get too many hits from the same one, and you can add IPAs or
    ranges into the ip-silent.can file if you notice some that are nothing but trouble makers. That has helped a lot here.


    * SLMR 2.1a * Spelling is a sober man's game
    ---
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Mike Powell on Mon Jul 7 12:50:02 2025
    Re: Just opened ports -- and
    By: Mike Powell to SAM ALEXANDER on Mon Jul 07 2025 11:07 am

    When I had my SSH set to the standard port, it got hammered the hardest --
    a lot more than the telnet port. My telnet port is still standard and yes, it does get hit pretty regular, but not usually enough to tie all the nodes up like the SSH port did.

    Yes, that is the new normal. With synchronet, it will put temp bands on IPAs if you get too many hits from the same one, and you can add IPAs or ranges into the ip-silent.can file if you notice some that are nothing but trouble makers. That has helped a lot here.

    Limiting concurrent connections from the same IP (e.g. to 1 or 2) can help a lot too. https://wiki.synchro.net/howto:block-hackers#denial_of_service
    --
    digital man (rob)

    This Is Spinal Tap quote #29:
    I find lost luggage. I locate mandolin strings in the middle of Austin!
    Norco, CA WX: 84.7øF, 37.0% humidity, 4 mph NNE wind, 0.00 inches rain/24hrs --- SBBSecho 3.28-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)