Hostdeny.txt
Re: Hostdeny.txt
Duplicate IP Control allows you to ban IP addresses.
Founder, The Major BBS Restoration Project
Owner, Elwynor Technologies ISV
Former Owner, Galacticomm IP (2005-2020)
Contributor, Galacticomm IP baseline
Owner, Elwynor Technologies ISV
Former Owner, Galacticomm IP (2005-2020)
Contributor, Galacticomm IP baseline
Re: Hostdeny.txt
Hey everyone,
I am having to go from WG4 to WG 3.2 and everything is going smoothly except for the hostdeny section. I use masks to block IP access from script kiddies and I can not anymore since support for that comes in 3.3
I looked Dup IP and it is a nice tool I want to have running, but most of these folks only use one connection when trying their standard list of usernames to attempt to log in.
Any suggestions or if someone has a hostdeny list I can get from them with a good enough list to prevent most of these folks I would be greatly appreciative.
I am having to go from WG4 to WG 3.2 and everything is going smoothly except for the hostdeny section. I use masks to block IP access from script kiddies and I can not anymore since support for that comes in 3.3
I looked Dup IP and it is a nice tool I want to have running, but most of these folks only use one connection when trying their standard list of usernames to attempt to log in.
Any suggestions or if someone has a hostdeny list I can get from them with a good enough list to prevent most of these folks I would be greatly appreciative.
Re: Hostdeny.txt
DialSoft Control module did a lot of that, including killwords (for example kill a connect if someone types root or admin). We are working on porting that to the latest compiler and then it will be included in MBBS v10.
I don't have a timeline as while we have it running, there are some bugs causing data file corruption but we are working on it.
I don't have a timeline as while we have it running, there are some bugs causing data file corruption but we are working on it.
-- Duckula
// Site admin
// Galacticomm IP owner
// Site admin
// Galacticomm IP owner
Re: Hostdeny.txt
Duckula wrote:
> DialSoft Control module did a lot of that, including killwords (for example
> kill a connect if someone types root or admin). We are working on porting
> that to the latest compiler and then it will be included in MBBS v10.
>
> I don't have a timeline as while we have it running, there are some bugs
> causing data file corruption but we are working on it.
New guy here resurrecting old threads!
I see these feautres made it into MBBV10, did anyone ever post their hostdeny.txt anywhere for a good starting basis?
I do see kill words in the control section but have been unable to get them to kill a connection when typed, likely operator error and not in the right place...
I have a python script I wrote that does the trick for now while I have nobody but script kids connecting but I haven't looked for a way to tie it to real accounts to prevent any false positives in a live environment. This works for catching the baddies after the fact but I would love a preventative measure in place altogether if possible.
> DialSoft Control module did a lot of that, including killwords (for example
> kill a connect if someone types root or admin). We are working on porting
> that to the latest compiler and then it will be included in MBBS v10.
>
> I don't have a timeline as while we have it running, there are some bugs
> causing data file corruption but we are working on it.
New guy here resurrecting old threads!
I see these feautres made it into MBBV10, did anyone ever post their hostdeny.txt anywhere for a good starting basis?
I do see kill words in the control section but have been unable to get them to kill a connection when typed, likely operator error and not in the right place...
I have a python script I wrote that does the trick for now while I have nobody but script kids connecting but I haven't looked for a way to tie it to real accounts to prevent any false positives in a live environment. This works for catching the baddies after the fact but I would love a preventative measure in place altogether if possible.
Re: Hostdeny.txt
Another person's hostdeny.txt would likely be useless to you. Your own is probably also useless. These scripters that attack the login almost always spoof their IP address, so you could potentially (but highly unlikely) be blocking someone's actual IP address who might be trying to connect at some point down the road.
It would be awesome if someone could hack together an addon that would ban a repetitive IP (5 connect attempts in 1 minute or something) for 2 hours or so. By that time they've most likely moved on and keeping that IP blocked any longer is unnecessary.
Since MBBS10 no longer forces the audit logging of the NON-SGA connect attempts, as long as you turn off the Telnet Server logging of connect attempts, you won't have the write-out delays we used to have during these attacks. Unless it angers you to see "(log-on)" or whatever in your online user list, it really doesn't affect anything anymore and it's easy enough to just ignore it.
It would be awesome if someone could hack together an addon that would ban a repetitive IP (5 connect attempts in 1 minute or something) for 2 hours or so. By that time they've most likely moved on and keeping that IP blocked any longer is unnecessary.
Since MBBS10 no longer forces the audit logging of the NON-SGA connect attempts, as long as you turn off the Telnet Server logging of connect attempts, you won't have the write-out delays we used to have during these attacks. Unless it angers you to see "(log-on)" or whatever in your online user list, it really doesn't affect anything anymore and it's easy enough to just ignore it.
Re: Hostdeny.txt
Thanks for the answer Blaz,
you nailed it with the annoyance, as a sys admin it drives me crazy to see all the bash attempts and not be able to block on a software/hardware level. I will check my settings as you mentioned to ensure there is no performance degradation and move on if not a big deal.
Cheers and have a great weekend!
m@
you nailed it with the annoyance, as a sys admin it drives me crazy to see all the bash attempts and not be able to block on a software/hardware level. I will check my settings as you mentioned to ensure there is no performance degradation and move on if not a big deal.
Cheers and have a great weekend!
m@