Page 2 of 2
Re: Hostdeny.txt
Posted: Sun Apr 04, 2021 2:25 pm
by Questman
Duplicate IP Control allows you to ban IP addresses.
Re: Hostdeny.txt
Posted: Thu Mar 23, 2023 11:55 pm
by Domasi
Hey everyone,
I am having to go from WG4 to WG 3.2 and everything is going smoothly except for the hostdeny section. I use masks to block IP access from script kiddies and I can not anymore since support for that comes in 3.3
I looked Dup IP and it is a nice tool I want to have running, but most of these folks only use one connection when trying their standard list of usernames to attempt to log in.
Any suggestions or if someone has a hostdeny list I can get from them with a good enough list to prevent most of these folks I would be greatly appreciative.
Re: Hostdeny.txt
Posted: Fri Mar 24, 2023 7:57 am
by Duckula
DialSoft Control module did a lot of that, including killwords (for example kill a connect if someone types root or admin). We are working on porting that to the latest compiler and then it will be included in MBBS v10.
I don't have a timeline as while we have it running, there are some bugs causing data file corruption but we are working on it.
Re: Hostdeny.txt
Posted: Thu Apr 18, 2024 6:10 pm
by esoteric
Duckula wrote:
> DialSoft Control module did a lot of that, including killwords (for example
> kill a connect if someone types root or admin). We are working on porting
> that to the latest compiler and then it will be included in MBBS v10.
>
> I don't have a timeline as while we have it running, there are some bugs
> causing data file corruption but we are working on it.
New guy here resurrecting old threads!
I see these feautres made it into MBBV10, did anyone ever post their hostdeny.txt anywhere for a good starting basis?
I do see kill words in the control section but have been unable to get them to kill a connection when typed, likely operator error and not in the right place...
I have a python script I wrote that does the trick for now while I have nobody but script kids connecting but I haven't looked for a way to tie it to real accounts to prevent any false positives in a live environment. This works for catching the baddies after the fact but I would love a preventative measure in place altogether if possible.
Re: Hostdeny.txt
Posted: Fri Apr 19, 2024 9:51 am
by BlaZ
Another person's hostdeny.txt would likely be useless to you. Your own is probably also useless. These scripters that attack the login almost always spoof their IP address, so you could potentially (but highly unlikely) be blocking someone's actual IP address who might be trying to connect at some point down the road.
It would be awesome if someone could hack together an addon that would ban a repetitive IP (5 connect attempts in 1 minute or something) for 2 hours or so. By that time they've most likely moved on and keeping that IP blocked any longer is unnecessary.
Since MBBS10 no longer forces the audit logging of the NON-SGA connect attempts, as long as you turn off the Telnet Server logging of connect attempts, you won't have the write-out delays we used to have during these attacks. Unless it angers you to see "(log-on)" or whatever in your online user list, it really doesn't affect anything anymore and it's easy enough to just ignore it.
Re: Hostdeny.txt
Posted: Fri Apr 19, 2024 7:21 pm
by esoteric
Thanks for the answer Blaz,
you nailed it with the annoyance, as a sys admin it drives me crazy to see all the bash attempts and not be able to block on a software/hardware level. I will check my settings as you mentioned to ensure there is no performance degradation and move on if not a big deal.
Cheers and have a great weekend!
m@