• Bot attacks

    From Cozmo@21:3/135 to All on Wed Apr 24 17:57:01 2024
    I've been getting hit by bots on Lunatics. Never seen it this bad and it's getting a bit ridiculous. I've blacklisted some countries but I'm still getting hit pretty hard.

    What are sysops using to combat this? What are my options besides changing my port. (i'not using port 23). What mods or programs are you all using?

    Thanks!

    |02-=|10Cozmo|02=-

    ... "No comment" is a comment.

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Lunatics Unleashed BBS (21:3/135)
  • From Bucko@21:4/131 to Cozmo on Wed Apr 24 19:23:57 2024
    On 24 Apr 2024, Cozmo said the following...

    I've been getting hit by bots on Lunatics. Never seen it this bad and
    it's getting a bit ridiculous. I've blacklisted some countries but I'm still getting hit pretty hard.

    What are sysops using to combat this? What are my options besides
    changing my port. (i'not using port 23). What mods or programs are you
    all using?


    I use the bot blocker by Phenom Productions.. (Google them they have a website) it works well. It blocks the bots before they get into the Mystic.

    AL

    ... The shortest distance between two points is under construction

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)
  • From AKAcastor@21:1/162 to Cozmo on Wed Apr 24 17:23:30 2024
    I've been getting hit by bots on Lunatics. Never seen it
    this bad and it's getting a bit ridiculous. I've
    blacklisted some countries but I'm still getting hit
    pretty hard.
    What are sysops using to combat this? What are my
    options besides changing my port. (i'not using port 23).
    What mods or programs are you all using?

    A lot of boards seem to use a system that requires users to press Escape twice after connecting, before passing them to the BBS. From what I gather it works quite well.

    I saw Phenom Productions mentioned, I haven't used their mods but there's some neat stuff there for sure. ThreatSentry is always eye catching, with the geo-location on the world map. BotCheck seems to be in use on loads of boards.
    https://www.phenomprod.com/Mods

    On my own board, I implemented some simple bot detection into a 'telnet ringdown' server I use. It watches for automated login attempts, based on a list of keywords, and temporarily bans IPs. It's worked pretty well at greatly reducing the number of bots that reach the login sequence of the BBS, while being invisible to callers.
    https://github.com/akacastor/ringdown


    Chris/akacastor

    --- Maximus 3.01
    * Origin: Another Millennium - Canada - another.tel (21:1/162)
  • From Cozmo@21:3/135 to AKAcastor on Wed Apr 24 21:06:26 2024
    I saw Phenom Productions mentioned, I haven't used their mods but
    there's some neat stuff there for sure. ThreatSentry is always eye catching, with the geo-location on the world map. BotCheck seems to be
    in use on loads of boards. https://www.phenomprod.com/Mods


    I've seen this mod on a few boards. I'll check it out.

    On my own board, I implemented some simple bot detection into a 'telnet ringdown' server I use. It watches for automated login attempts, based
    on a list of keywords, and temporarily bans IPs. It's worked pretty
    well at greatly reducing the number of bots that reach the login
    sequence of the BBS, while being invisible to callers. https://github.com/akacastor/ringdown

    Luantics is runnning on a Windows box so can't try out your system unfortunately.

    These bot have gone crazy lately.

    Thanks!

    |02-=|10Cozmo|02=-

    ... The seminar on time travel will be held two weeks ago

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Lunatics Unleashed BBS (21:3/135)
  • From Avon@21:1/101 to AKAcastor on Thu Apr 25 18:13:54 2024
    On 24 Apr 2024 at 05:23p, AKAcastor pondered and said...

    A lot of boards seem to use a system that requires users to press Escape twice after connecting, before passing them to the BBS. From what I gather it works quite well.

    I saw Phenom Productions mentioned, I haven't used their mods but
    there's some neat stuff there for sure. ThreatSentry is always eye

    for what it's worth you don't need the Phenom mod any more as there is a script that ships with Mystic that does this also :)

    Look for botcheck.mps and check whatsnew.txt for more

    Kerr Avon [Blake's 7] 'I'm not expendable, I'm not stupid and I'm not going' avon[at]bbs.nz | bbs.nz | fsxnet.nz

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Avon@21:1/101 to Cozmo on Thu Apr 25 18:16:17 2024
    On 24 Apr 2024 at 05:57p, Cozmo pondered and said...

    I've been getting hit by bots on Lunatics. Never seen it this bad and
    it's getting a bit ridiculous. I've blacklisted some countries but I'm still getting hit pretty hard.

    What are sysops using to combat this? What are my options besides
    changing my port. (i'not using port 23). What mods or programs are you
    all using?

    I'm running port 23 and no bot check and seemingly doing OK... I have blocked (from memory) about 3 countries ... but asides that I just rely on the auto blocker in Mystic that kicks in after the third attempt by a bot to connect and this is within the time allowed for that triggers an auto-ban.

    Kerr Avon [Blake's 7] 'I'm not expendable, I'm not stupid and I'm not going' avon[at]bbs.nz | bbs.nz | fsxnet.nz

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From deon@21:2/116 to Cozmo on Thu Apr 25 20:57:06 2024
    Re: Bot attacks
    By: Cozmo to All on Wed Apr 24 2024 05:57 pm

    Howdy,

    What are sysops using to combat this? What are my options besides changing my port. (i'not using port 23). What mods or programs are you all using?

    I have a couple of things in play here.

    I use MikroTik routers, so I have preloaded it with nets of countries that I reject any connection from - their is a github repository with a map of IP segments to countries. I wrote a tool that collapses nets to a larger mask (since I block several countries), to reduce the definitions - and while that is effective, it isnt 100% (anybody can spin up a VM in another country and run their spaming from it.

    In front of the BBS I also use haproxy, with a rule that an IP address cannot have more than 1 concurrent connection, and can only connect once every 60 secs. (I whitelist some addresses so they bypass this rule.)

    I also use haproxy in front of my mail servers (for mail clients), together with ssl certs so a connection needs to use the a SNI enabled client to connect to the appropriate server - an IP address wont make it. This is pretty effective.

    The SBBS has it's own things as well...


    ...δεσ∩
    --- SBBSecho 3.20-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From Alonzo@21:1/130 to Cozmo on Thu Apr 25 11:48:39 2024
    I've been getting hit by bots on Lunatics. Never seen it this bad and
    it's getting a bit ridiculous. I've blacklisted some countries but I'm What are sysops using to combat this? What are my options besides
    changing my port. (i'not using port 23). What mods or programs are you

    What I did was, I switched to that "Matrix menu" as it is called
    and I changed the prompts to read "If you are human, press 1"
    - This forces someone to actually press 1 before they are
    taken to the actual logon screen. Bots still hit all the time
    but they never get anywhere.

    ... There are three kinds of people: Those who can count, and those who can't

    --- Mystic BBS v1.12 A48 (Windows/64)
    * Origin: From the depths of Bunker 3 (21:1/130)
  • From Shurato@21:2/148 to Alonzo on Thu Apr 25 12:31:00 2024

    I've been getting hit by bots on Lunatics. Never seen it this bad and it's getting a bit ridiculous. I've blacklisted some countries but
    I'm
    What are sysops using to combat this? What are my options besides changing my port. (i'not using port 23). What mods or programs are
    you

    What I did was, I switched to that "Matrix menu" as it is called and
    I changed the prompts to read "If you are human, press 1" - This
    forces someone to actually press 1 before they are taken to the
    actual logon screen. Bots still hit all the time but they never get anywhere.

    I've found thst disallowing any non-ANSI connections seems to do the job.

    --- shsbbs.net
    Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
    ,wss) (Ports 22,23,110,21,119,8080) (ssh login 'bbs' pass 'shsbbs').


    *** THE READER V4.50 [freeware]
    ---
    * Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (21:2/148)
  • From SirRonmit@21:2/120 to Cozmo on Thu Apr 25 14:03:48 2024
    What are sysops using to combat this? What are my options besides
    changing my port. (i'not using port 23). What mods or programs are you
    all using?

    I have a second instance (hidden) running on port 23 that blocks all the IPs (blocking countries isn't going to work here).

    I then edit the end of the IP to .* to block the entire 254 series. (eg. 192.168.101.* will block 192.168.101.1-255). That is copied over to my live BBS and keeps MOST of the bots away. I do get one or two here and there, but it doesn't take down my BBS or cause a DoS (Denial of Service).

    Change your port if you can.

    The standard BOT CHECKER during an initial Mystic Login works good, but ties up your BBS until the IP is blocked. Previously (prior to the bot checker), I could see how many of the logins tried the simple admin/admin, admin/123456, etc. (aka default passwords for a lot of devices). That was enough to scare me into installing a firewall since I run my BBS from my home.

    --
    Timothy Norris aka SirRonmit
    admin@f4fbbs.com
    bbs.f4fbbs.com:2323 or :62323

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Files 4 Fun BBS (21:2/120)
  • From SirRonmit@21:2/120 to AKAcastor on Thu Apr 25 14:06:39 2024
    I saw Phenom Productions mentioned, I haven't used their mods but
    there's some neat stuff there for sure. ThreatSentry is always eye catching, with the geo-location on the world map. BotCheck seems to be
    in use on loads of boards. https://www.phenomprod.com/Mods

    That IS the ESC TWICE TO LOGIN. It was a separate instance, but now included with Msystic.

    --
    Timothy Norris aka SirRonmit
    admin@f4fbbs.com
    bbs.f4fbbs.com:2323 or :62323

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Files 4 Fun BBS (21:2/120)
  • From k9zw@21:1/224 to AKAcastor on Thu Apr 25 13:58:58 2024
    On 24 Apr 2024, AKAcastor said the following...

    A lot of boards seem to use a system that requires users to press Escape twice after connecting, before passing them to the BBS. From what I gather it works quite well.

    I saw Phenom Productions mentioned, I haven't used their mods but
    there's some neat stuff there for sure. ThreatSentry is always eye catching, with the geo-location on the world map. BotCheck seems to be
    in use on loads of boards. https://www.phenomprod.com/Mods

    You can Mod-the-Mod to replace Escape with something else.

    Escape is tricky for those using eReaders and iPhones/iPads and the like.

    Mine is changed to require two dollar signs ($) instead of Escape.

    --- Steve K9ZW via SPOT BBS

    --- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
    * Origin: SPOT BBS / k9zw (21:1/224)
  • From niter3@21:1/199 to SirRonmit on Thu Apr 25 16:48:01 2024
    That IS the ESC TWICE TO LOGIN. It was a separate instance, but now included with Msystic.

    It is? Is it a MPL?

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: Clutch BBS * telnet://clutchbbs.com (21:1/199)
  • From Cozmo@21:3/135 to Avon on Thu Apr 25 18:02:24 2024
    I'm running port 23 and no bot check and seemingly doing OK... I have blocked (from memory) about 3 countries ... but asides that I just rely
    on the auto blocker in Mystic that kicks in after the third attempt by a bot to connect and this is within the time allowed for that triggers an auto-ban.

    I don't seem to have the auto blocker in my version of Mystic. I'm using A48.
    I have blocked some countries but like I said it's been pretty bad lately.

    |02-=|10Cozmo|02=-

    ... What does it mean to pre-board? Do you get on before you get on?

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Lunatics Unleashed BBS (21:3/135)
  • From Cozmo@21:3/135 to deon on Thu Apr 25 18:04:14 2024
    I also use haproxy in front of my mail servers (for mail clients), together with ssl certs so a connection needs to use the a SNI enabled client to connect to the appropriate server - an IP address wont make
    it. This is pretty effective.

    All of that is a bit beyond my tech level :(

    |02-=|10Cozmo|02=-

    ... Evil triumphs when good people do nothing. - Einstein

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Lunatics Unleashed BBS (21:3/135)
  • From Cozmo@21:3/135 to Alonzo on Thu Apr 25 18:05:59 2024
    What I did was, I switched to that "Matrix menu" as it is called
    and I changed the prompts to read "If you are human, press 1"
    - This forces someone to actually press 1 before they are
    taken to the actual logon screen. Bots still hit all the time
    but they never get anywhere.

    Tha seems like a simple enough solution. I would've never thought of that.

    |02-=|10Cozmo|02=-

    ... I know a good tagline when I steal one!

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Lunatics Unleashed BBS (21:3/135)
  • From Cozmo@21:3/135 to SirRonmit on Thu Apr 25 18:10:11 2024
    Change your port if you can.

    I'm not using the standard port 23 for telnet I use 2333. I don't relly want to change ports idf i don't have to.

    |02-=|10Cozmo|02=-

    ... I think I am, therefore, I am... I think.

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Lunatics Unleashed BBS (21:3/135)
  • From Avon@21:1/101 to Cozmo on Fri Apr 26 15:01:55 2024
    On 25 Apr 2024 at 06:02p, Cozmo pondered and said...

    I don't seem to have the auto blocker in my version of Mystic. I'm using A48. I have blocked some countries but like I said it's been pretty bad lately.

    Hmm perhaps try the A49 pre-alpha version. I am not at home at the moment but can look when I get home if you don't beat me to it.

    Kerr Avon [Blake's 7] 'I'm not expendable, I'm not stupid and I'm not going' avon[at]bbs.nz | bbs.nz | fsxnet.nz

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Warpslide@21:3/110 to Cozmo on Fri Apr 26 03:46:30 2024
    On Thursday April 25 2024, Cozmo said the following...

    I don't seem to have the auto blocker in my version of Mystic. I'm
    using A48. I have blocked some countries but like I said it's been
    pretty bad lately.

    It should be located in your mystic\themes\default\scripts folder.

    If it's not there you can download Mytsic A48 again and run:

    install extract botcheck.mps c:\path\to\mystic\scripts


    Jay

    ... I made a pencil with two erasers. It was pointless
    --- GoldED+/LNX 1.1.5-b20240309
    * Origin: Northern Realms (21:3/110)
  • From SirRonmit@21:2/120 to niter3 on Fri Apr 26 13:35:26 2024
    That IS the ESC TWICE TO LOGIN. It was a separate instance, but now included with Msystic.

    It is? Is it a MPL?

    That is correct. You had to download, compile, and setup before, but now it
    is included within the .rar package.

    from the WHATS NEW .TXT :

    By request: Added a "botcheck.mps" which is a small MPL script to force the
    user to press escape twice immediately after connecting. Rename to
    connect.mps and compile in your scripts directory (assuming you are not
    already using a connect script) if you wish to use it.

    --
    Timothy Norris aka SirRonmit
    admin@f4fbbs.com
    bbs.f4fbbs.com:2323 or :62323

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Files 4 Fun BBS (21:2/120)
  • From SirRonmit@21:2/120 to Cozmo on Fri Apr 26 13:36:30 2024
    I'm not using the standard port 23 for telnet I use 2333. I don't relly want to change ports idf i don't have to.

    At least you aren't on 23 as I assumed you were reading your original post. I have 23 on the bot blocker, and 2323 on my instance and 62323 on another.

    --
    Timothy Norris aka SirRonmit
    admin@f4fbbs.com
    bbs.f4fbbs.com:2323 or :62323

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Files 4 Fun BBS (21:2/120)
  • From niter3@21:1/199 to SirRonmit on Fri Apr 26 21:45:02 2024
    That is correct. You had to download, compile, and setup before, but now it is included within the .rar package.

    from the WHATS NEW .TXT :

    By request: Added a "botcheck.mps" which is a small MPL script to force the user to press escape twice immediately after connecting. Rename
    to connect.mps and compile in your scripts directory (assuming you
    are not already using a connect script) if you wish to use it.

    --

    Nice, didn't know that.

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: Clutch BBS * telnet://clutchbbs.com (21:1/199)
  • From Cozmo@21:3/135 to Avon on Sat Apr 27 11:07:24 2024
    I don't seem to have the auto blocker in my version of Mystic. I'm us A48. I have blocked some countries but like I said it's been pretty b lately.

    Hmm perhaps try the A49 pre-alpha version. I am not at home at the
    moment but can look when I get home if you don't beat me to it.

    I installed the Phenom Botchecker for now. I will try out the Mystic one also.

    |02-=|10Cozmo|02=-

    ... Consultant: A person who makes good on a salesman's promises!

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Lunatics Unleashed BBS (21:3/135)
  • From SirRonmit@21:2/120 to niter3 on Sun Apr 28 08:40:14 2024
    Nice, didn't know that.

    Yeah I thought it was awesome they collaborated on it.
    I'm not sure if it is a setting or not, but my main BBS (non-23) shows the logo when telling you to hit esc twice, whereas my 23 closed BBS doesn't show a graphic, just says his esc twice. I believe (but honestly don't remember) that was how you could tell the difference between the manual MPL add-on versus the included with Mystic version.

    Maybe someone who remembers can chime in and slap me sane?

    --
    Timothy Norris aka SirRonmit
    admin@f4fbbs.com
    bbs.f4fbbs.com:2323 or :62323

    --- Mystic BBS v1.12 A48 (Windows/32)
    * Origin: Files 4 Fun BBS (21:2/120)