The Major BBS Forums

Hey,

One of the things I would like to see here is a place to upload/download files. As for hostdeny.txt, if your systems are being plagued with script kiddies like mine, perhaps you might like to share your hostdeny.txt files somewhere. I have a fairly large one to share if there was a place for it.

Abraxis wrote:
> Hey,
>
> One of the things I would like to see here is a place to upload/download
> files. As for hostdeny.txt, if your systems are being plagued with script
> kiddies like mine, perhaps you might like to share your hostdeny.txt files
> somewhere. I have a fairly large one to share if there was a place for it.

i have an enormous ftp server i need to find the time to make public.
i need to diz all the files and use synchronets ftp server that makes use
of the diz to serve users.
i am slowly getting around to it i got a ton of projects on the board.

I will look at making somewhere available, in the meantime you could compress it and post it in the Sysop forum on Worldlink.

Would you mind sending me your hostdeny.txt? I'm getting a lot of spam/hacker contacts I'd like to block but they always seem to come from different ip's. Having a good starting file would help a lot.

Ragtop wrote:
> Would you mind sending me your hostdeny.txt? I'm getting a lot of
> spam/hacker contacts I'd like to block but they always seem to come from
> different ip's. Having a good starting file would help a lot.
Sure, but I can’t do it here, unless I post the raw text.

You can just email me. Its been a pain going through the audit file for thousands of attacks. Thanks!

Ragtop wrote:
> You can just email me. Its been a pain going through the audit file for
> thousands of attacks. Thanks!

I had created a whitelist option allowing only on the list but for a bbs that pretty much was pointless.
if you or anyone knows and certain keystroke commands they are using I can monitor the input buffer
and detect it and auto kick them then add it to the list.

[quote=daniel_spain post_id=855 time=1613853328 user_id=65]
Ragtop wrote:
> You can just email me. Its been a pain going through the audit file for
> thousands of attacks. Thanks!

I had created a whitelist option allowing only on the list but for a bbs that pretty much was pointless.
if you or anyone knows and certain keystroke commands they are using I can monitor the input buffer
and detect it and auto kick them then add it to the list.
[/quote]

The most common logins attempted are root and enable. Hope that helps.

Abraxis wrote:
> [quote=daniel_spain post_id=855 time=1613853328 user_id=65]
> Ragtop wrote:
> > You can just email me. Its been a pain going through the audit file for
> > thousands of attacks. Thanks!
>
> I had created a whitelist option allowing only on the list but for a bbs that pretty
> much was pointless.
> if you or anyone knows and certain keystroke commands they are using I can monitor
> the input buffer
> and detect it and auto kick them then add it to the list.
> [/quote]
>
> The most common logins attempted are root and enable. Hope that helps.

yeah my modded system has alot of catches, years ago someone showed me a hack where you could log in with specific names and it would crash, most of the things were just overflow buffers but it could also be used to catch names like root, etc.... i think a better option would be to catch em and append them to a file, but then you would have to have some sort of alert go off on specific ips. or anyone scripting and accidentally relogs wrong could get banned too.

Would something like denyhosts work? See at https://sourceforge.net/projects/denyhosts/ for more

Sense Denyhosts is a python script, it should be able to work on just about any system. And it has a synchronization mode where it will download ip addresses that have been denied by other hosts. I've used denyhost my linux systems

I would not have it monitor any log files and just use the synchronization mode to download the bad ips and then have it write the hostdeny.txt file you want.

OR

You can do what I do and use a web to telnet front end (I use https://github.com/nirui/sshwifty), and set it up with letsencrypt for https. I still get stuff in the log file but at least it's not brute force attempts.

I would be willing put together a set of shortened howtos for either/both if there is interest

Static