Hostdeny.txt

Chat, tips, tricks and help for Veteran Sysops
Abraxis
Posts: 43
Joined: Sat Aug 08, 2020 8:49 pm

Hostdeny.txt

Post by Abraxis »

Hey,

One of the things I would like to see here is a place to upload/download files. As for hostdeny.txt, if your systems are being plagued with script kiddies like mine, perhaps you might like to share your hostdeny.txt files somewhere. I have a fairly large one to share if there was a place for it.
Abraxis/Len
Mainline Information Service

daniel_spain
Posts: 395
Joined: Sun Aug 09, 2020 2:39 am

Re: Hostdeny.txt

Post by daniel_spain »

Abraxis wrote:
> Hey,
>
> One of the things I would like to see here is a place to upload/download
> files. As for hostdeny.txt, if your systems are being plagued with script
> kiddies like mine, perhaps you might like to share your hostdeny.txt files
> somewhere. I have a fairly large one to share if there was a place for it.

i have an enormous ftp server i need to find the time to make public.
i need to diz all the files and use synchronets ftp server that makes use
of the diz to serve users.
i am slowly getting around to it i got a ton of projects on the board.

User avatar
Duckula
Posts: 359
Joined: Wed Jul 22, 2020 1:19 am

Re: Hostdeny.txt

Post by Duckula »

I will look at making somewhere available, in the meantime you could compress it and post it in the Sysop forum on Worldlink.
-- Duckula

// Site admin
// Galacticomm IP owner

Ragtop
Posts: 73
Joined: Sun Aug 30, 2020 11:21 pm

Re: Hostdeny.txt

Post by Ragtop »

Would you mind sending me your hostdeny.txt? I'm getting a lot of spam/hacker contacts I'd like to block but they always seem to come from different ip's. Having a good starting file would help a lot.

Abraxis
Posts: 43
Joined: Sat Aug 08, 2020 8:49 pm

Re: Hostdeny.txt

Post by Abraxis »

Ragtop wrote:
> Would you mind sending me your hostdeny.txt? I'm getting a lot of
> spam/hacker contacts I'd like to block but they always seem to come from
> different ip's. Having a good starting file would help a lot.
Sure, but I can’t do it here, unless I post the raw text.
Abraxis/Len
Mainline Information Service

Ragtop
Posts: 73
Joined: Sun Aug 30, 2020 11:21 pm

Re: Hostdeny.txt

Post by Ragtop »

You can just email me. Its been a pain going through the audit file for thousands of attacks. Thanks!

daniel_spain
Posts: 395
Joined: Sun Aug 09, 2020 2:39 am

Re: Hostdeny.txt

Post by daniel_spain »

Ragtop wrote:
> You can just email me. Its been a pain going through the audit file for
> thousands of attacks. Thanks!

I had created a whitelist option allowing only on the list but for a bbs that pretty much was pointless.
if you or anyone knows and certain keystroke commands they are using I can monitor the input buffer
and detect it and auto kick them then add it to the list.

Abraxis
Posts: 43
Joined: Sat Aug 08, 2020 8:49 pm

Re: Hostdeny.txt

Post by Abraxis »

[quote=daniel_spain post_id=855 time=1613853328 user_id=65]
Ragtop wrote:
> You can just email me. Its been a pain going through the audit file for
> thousands of attacks. Thanks!

I had created a whitelist option allowing only on the list but for a bbs that pretty much was pointless.
if you or anyone knows and certain keystroke commands they are using I can monitor the input buffer
and detect it and auto kick them then add it to the list.
[/quote]

The most common logins attempted are root and enable. Hope that helps.
Abraxis/Len
Mainline Information Service

daniel_spain
Posts: 395
Joined: Sun Aug 09, 2020 2:39 am

Re: Hostdeny.txt

Post by daniel_spain »

Abraxis wrote:
> [quote=daniel_spain post_id=855 time=1613853328 user_id=65]
> Ragtop wrote:
> > You can just email me. Its been a pain going through the audit file for
> > thousands of attacks. Thanks!
>
> I had created a whitelist option allowing only on the list but for a bbs that pretty
> much was pointless.
> if you or anyone knows and certain keystroke commands they are using I can monitor
> the input buffer
> and detect it and auto kick them then add it to the list.
> [/quote]
>
> The most common logins attempted are root and enable. Hope that helps.

yeah my modded system has alot of catches, years ago someone showed me a hack where you could log in with specific names and it would crash, most of the things were just overflow buffers but it could also be used to catch names like root, etc.... i think a better option would be to catch em and append them to a file, but then you would have to have some sort of alert go off on specific ips. or anyone scripting and accidentally relogs wrong could get banned too.

wnoisephx
Posts: 4
Joined: Sat Mar 20, 2021 5:49 pm

Re: Hostdeny.txt

Post by wnoisephx »

Would something like denyhosts work? See at https://sourceforge.net/projects/denyhosts/ for more

Sense Denyhosts is a python script, it should be able to work on just about any system. And it has a synchronization mode where it will download ip addresses that have been denied by other hosts. I've used denyhost my linux systems

I would not have it monitor any log files and just use the synchronization mode to download the bad ips and then have it write the hostdeny.txt file you want.

OR

You can do what I do and use a web to telnet front end (I use https://github.com/nirui/sshwifty), and set it up with letsencrypt for https. I still get stuff in the log file but at least it's not brute force attempts.

I would be willing put together a set of shortened howtos for either/both if there is interest

Static

Post Reply