I've noticed and I know we've all talked about the issue where folks try to log onto our boards using the name 'root'.

I also know that there's a way to add IP addresses to a .can file to block the IP address.

Why can't we combine them as a 'feature' to SynchrNet?

How hard would it be to add an optional function so that if someone makes a successful connection and uses pre-defined banned user names like 'root' or the ilk, which allows a bogus connection that says something 'nice' to the connection, places the IP address in the banned file and terminates the connection.

Anyone?


_v_
ooO(# .)Ooo
=-=Patch=-=

---------------------------------------------------------------------------
= Return To The Lair of the Wolverine = Telet:r2lotw.synchro.net =
= Discord Global BBS Community = http://discord.gg/0yCxVosom5t6QNk5 =
= COMING SOON - R2LOTW The Companion Web Site! =

---
þ Synchronet þ Return to The Lair of the Wolverine BBS | telnet:r2lotw.synchro.net | Messages,

Re: Suggestion for SynchroNet
By: Patch to All on Mon May 09 2016 04:56 pm

I've noticed and I know we've all talked about the issue where folks try to log onto our boards using the name 'root'.

I also know that there's a way to add IP addresses to a .can file to block the IP address.

Why can't we combine them as a 'feature' to SynchrNet?

How hard would it be to add an optional function so that if someone makes a successful connection and uses pre-defined banned user names like 'root' or the ilk, which allows a bogus connection that says something 'nice' to the connection, places the IP address in the banned file and terminates the connection.

Anyone?

Doesn't sound like it would be too hard. I sometimes accidentally try to login to my own board as "root" though and wouldn't want to have my own IP banned! You probably want something a little less aggressive.

digital man

Synchronet/BBS Terminology Definition #5:
BinkP = BinkD Protocol
Norco, CA WX: 67.2øF, 62.0% humidity, 7 mph ESE wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Digital Man wrote to Patch <=-

Doesn't sound like it would be too hard. I sometimes accidentally try
to login to my own board as "root" though and wouldn't want to have my
own IP banned! You probably want something a little less aggressive.

I think a temporary ban would be good, if possible, so if you do happen to lock yourself out, you just have to wait an hour or however long the ban is for, then try again. Also stops innocent people being locked out, because they just inherited a blacklisted IP. The aim would be to stop the scripts hammering away, while not overly inconveniencing innocent users.


... A file cabinet is a place where papers get lost alphabetically.
--- MultiMail/Win32 v0.49
þ Synchronet þ Freeway BBS in Bendigo, Australia.

Re: Suggestion for SynchroNet
By: Digital Man to Patch on Mon May 09 2016 06:26 pm

Doesn't sound like it would be too hard. I sometimes accidentally try to login to my own board as "root" though and wouldn't want to have my own IP banned! You probably want something a little less aggressive.

Good point!

Maybe you can whitelist IPs where 'root' could be used? Also with Op's like myself who didn't think about running the BBS on a RabPi before setting it all up on Windows 10. =)

Just think that a method of automation like that would be ideal. =)


_v_
ooO(# .)Ooo
=-=Patch=-=

---------------------------------------------------------------------------
= Return To The Lair of the Wolverine = Telet:r2lotw.synchro.net =
= Discord Global BBS Community = http://discord.gg/0yCxVosom5t6QNk5 =
= COMING SOON - R2LOTW The Companion Web Site! =

---
þ Synchronet þ Return to The Lair of the Wolverine BBS | telnet:r2lotw.synchro.net | Messages,

Re: Re: Suggestion for SynchroNet
By: Vk3jed to Digital Man on Tue May 10 2016 12:30 pm

I think a temporary ban would be good, if possible, so if you do happen to lock yourself out, you just have to wait an hour or however long the ban is for, then try again. Also stops innocent people being locked out, because they just inherited a blacklisted IP. The aim would be to stop the scripts hammering away, while not overly inconveniencing innocent users.

There ya go!

Maybe have a way to make a temporary ban into a permanent one? So that you can get yourself back into your system without the bots or potential hackers?


_v_
ooO(# .)Ooo
=-=Patch=-=

---------------------------------------------------------------------------
= Return To The Lair of the Wolverine = Telet:r2lotw.synchro.net =
= Discord Global BBS Community = http://discord.gg/0yCxVosom5t6QNk5 =
= COMING SOON - R2LOTW The Companion Web Site! =

---
þ Synchronet þ Return to The Lair of the Wolverine BBS | telnet:r2lotw.synchro.net | Messages,

Re: Suggestion for SynchroNet
By: Patch to All on Mon May 09 2016 04:56 pm

I've noticed and I know we've all talked about the issue where folks try to onto our boards using the name 'root'.

I also know that there's a way to add IP addresses to a .can file to block t IP address.

Why can't we combine them as a 'feature' to SynchrNet?

How hard would it be to add an optional function so that if someone makes a successful connection and uses pre-defined banned user names like 'root' or ilk, which allows a bogus connection that says something 'nice' to the connection, places the IP address in the banned file and terminates the connection.

Anyone?

I use BulletProof FTP Server at home. It has a systemin it that prevents "hammering" of IP addresses trying to access the server. I have it set that if an IP address hits the server more than 3 times in 1 minute and attempts to log in but fails, the IP is kicked and banned for a set period of time. I believe it can be set to permanantly ban that IP from accessing my server.

Digital Man: That gives you 3 chances to get it right. <insert cheeky grin here>

As I am the ONLY one who accesses my ftp server, I can basically ban every country except Australia.. A little different for Synchronet BBS if you have users from all over the world of course..

Jeff

---
þ Synchronet þ Mordor - casper.homeip.net

Patch wrote to Vk3jed <=-

Maybe have a way to make a temporary ban into a permanent one? So that you can get yourself back into your system without the bots or
potential hackers?

A lot of bots run on hijacked machines, which are often on dynamic IPs, so permanent bans aren't helpful here either. If the machine is on the same IP and still infected, it will simply trigger a new ban.


... All wiyht. Rho sritched mg kegtops awound?
--- MultiMail/Win32 v0.49
þ Synchronet þ Freeway BBS in Bendigo, Australia.

Re: Re: Suggestion for SynchroNet
By: Vk3jed to Patch on Tue May 10 2016 10:03 pm

A lot of bots run on hijacked machines, which are often on dynamic IPs, so permanent bans aren't helpful here either. If the machine is on the same IP and still infected, it will simply trigger a new ban.

A very good point. So how do we out-smart the hijacked machines?

Temp ban to the whole subset?

If the bot doesn't receive a reply, it should move on. How can we make the bot believe that there's nothing for it to communicate with and move on to someone else?


_v_
ooO(# .)Ooo
=-=Patch=-=

---------------------------------------------------------------------------
= Return To The Lair of the Wolverine = Telet:r2lotw.synchro.net =
= Discord Global BBS Community = http://discord.gg/0yCxVosom5t6QNk5 =
= COMING SOON - R2LOTW The Companion Web Site! =

---
þ Synchronet þ Return to The Lair of the Wolverine BBS | telnet:r2lotw.synchro.net | Messages,

Patch wrote to Vk3jed <=-

Re: Re: Suggestion for SynchroNet
By: Vk3jed to Patch on Tue May 10 2016 10:03 pm

A lot of bots run on hijacked machines, which are often on dynamic IPs, so permanent bans aren't helpful here either. If the machine is on the same IP and still infected, it will simply trigger a new ban.

A very good point. So how do we out-smart the hijacked machines?

Temp ban to the whole subset?

If the bot doesn't receive a reply, it should move on. How can we make the bot believe that there's nothing for it to communicate with and
move on to someone else?

Well, a temporary ban should be enough. If it's still banging away at you an hour later, another temporary ban will be placed on it.


... A Freudian slip - when you say one thing but mean your mother.
--- MultiMail/Win32 v0.49
þ Synchronet þ Freeway BBS in Bendigo, Australia.

Re: Re: Suggestion for SynchroNet
By: Vk3jed to Patch on Wed May 11 2016 12:06 pm

If the bot doesn't receive a reply, it should move on. How can we make the bot believe that there's nothing for it to communicate with and move on to someone else?

Well, a temporary ban should be enough. If it's still banging away at you an hour later, another temporary ban will be placed on it.

I likes it ...

Just something that stops bots or physical people from scanning for open IP ports (ex. war dialing) to see what they can get into.


_v_
ooO(# .)Ooo
=-=Patch=-=

---------------------------------------------------------------------------
= Return To The Lair of the Wolverine = Telet:r2lotw.synchro.net =
= Discord Global BBS Community = http://discord.gg/0yCxVosom5t6QNk5 =
= COMING SOON - R2LOTW The Companion Web Site! =

---
þ Synchronet þ Return to The Lair of the Wolverine BBS | telnet:r2lotw.synchro.net | Messages,

Re: Re: Suggestion for SynchroNet
By: Patch to Vk3jed on Wed May 11 2016 10:31 am

Well, a temporary ban should be enough. If it's still banging away at you an hour later, another temporary ban will be placed on it.

I likes it ...

Just something that stops bots or physical people from scanning for open IP ports (ex. war dialing) to see what they can get into.

you are on the internet. nothing will stop this except NOT being on the internet.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Patch wrote to Vk3jed <=-

I likes it ...

Just something that stops bots or physical people from scanning for
open IP ports (ex. war dialing) to see what they can get into.

Seems to be the best balance between stopping bots and accidentally locking out legit IPs (including yourself!). :)


... We got a situation where someone's got a button connected to a bomb!
--- MultiMail/Win32 v0.49
þ Synchronet þ Freeway BBS in Bendigo, Australia.

Re: Suggestion for SynchroNet
By: Patch to All on Mon May 09 2016 16:56:23

Ahoy, Patch!

How hard would it be to add an optional function so that if someone makes
a successful connection and uses pre-defined banned user names like 'root' or the ilk, which allows a bogus connection that says something 'nice' to the connection, places the IP address in the banned file and terminates
the connection.

Anyone?

I wrote a basic thing, to do that thing. It's called FAHKS:

https://bitbucket.org/arfonzo/fahks

It's a bit old, from 2014,but I do still use it on Fatcats BBS.

It lets you configure a number of "strikes", as in login tries, before the banhammer comes down. You can also configure which login names to watch for, like "root" et al.

You can of course tweak it, and make it more advanced such as handling temporary bans. I would definitely welcome that feature.

Kind regards,

art@fatcatsbbsdotcom

"We're going to beam them aboard, directly onto the Bridge."
"But Captain, will they not protest?"
"Let them."
-- Picard and Data in ST:TNG "The Survivors"

---
þ Synchronet þ fatcats bbs - fatcatsbbs.com

Hi.

... the issue where folks try to log ... using the name 'root'.

The easiest method to solve it would be
- No "root", or
- the option to replace the ID for another one, or
- the option to redirect that ID to another one.

To note, that no more than 2 (or 4) IDs should be translated.
This, as a measure of containment.

Root redirection to where? Ah :)
... It may be a Guest, it may by Fool, it may be a Nasty.
... Whatever the case, it opens funny possibilities.

Just a thought.
Regards.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net