On Sun, 12 Nov 2023 11:27:33 -0500
"Havok" (VERT/ANARCHY) <VERT/ANARCHY!
Havok@endofthelinebbs.com> wrote:
Question about hackers.
Too bad for me I got about 25 to 35 scambags probing my system
everyday one even masks his ip address. I did a lookup and the IP
came up as no record.
So let me ask what is the best settings so they go to the ipcan right
away? I find the default settings are not enough.
Digital Man says ignore it and I agree for the most part. Any open
system on the internet is going to get bombarded with shitturds trying
to hack in. So they want to get into a BBS, whoop. Good luck. Even if
they get your sysops login, they still have to get the system login
(you do have a separate system login right?)
However, one place worth looking is data/hack.log which will record any
sort of unusual access and login attempts. You can can (no dancing
please) those IPs. Personally, I tend to block the entire netblock in
my firewall. If using Linux, I highly recommend using ipset to
accomplish this, with an ip hash, looking is much quicker than using
iptables serialized lookups.
You don't say if you're using Windows or Linux, but you could always
use fail2ban or a similar log watcher to automatically block unwanted
repeated connections.
The only time this could be an issue, is if they're hitting all your
nodes at once and any legitimate callers will get:
No nodes available for login
Sorry, all terminal nodes are in use or otherwise unavailable
You may wish to create your own monitoring script that'll run node
status and make sure you have at least 1 or 2 nodes "Waiting for
connection".
I run 10 nodes, sbbs could easily run more, and I very, very rarely
have such an issue.
In summery or TL;DR; ... Check hack.log but otherwise ignore it.
--
End Of The Line BBS - Plano, TX
telnet endofthelinebbs.com 23
---
þ Synchronet þ End Of The Line BBS - endofthelinebbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)