• Crazy BBS connections

    From Sam Alexander@VERT to All on Mon Mar 21 12:33:52 2022
    I'm finally in a place where I can setup a new board -- probably will just be for my own benefit and the fun of doing it. I'm quite surprised at the barrage of connections I started getting right out of the gate! I'm getting telnet and ssh connections almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm running sync at home over my broadband connection, so I guess it's people just scanning ports and ip's.

    Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.
    Thanks- Sam

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Digital Man@VERT to Sam Alexander on Mon Mar 21 12:36:01 2022
    Re: Crazy BBS connections
    By: Sam Alexander to All on Mon Mar 21 2022 12:33 pm

    I'm finally in a place where I can setup a new board -- probably will just be for my own benefit and the fun of doing it. I'm quite surprised at the barrage of connections I started getting right out of the gate! I'm getting telnet and ssh connections almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm running sync at home over my broadband connection, so I guess it's people just scanning ports and ip's.

    Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.

    Yup, sounds normal.
    --
    digital man (rob)

    This Is Spinal Tap quote #23:
    David St. Hubbins: I envy us.
    Norco, CA WX: 75.9øF, 19.0% humidity, 9 mph SSW wind, 0.00 inches rain/24hrs ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From MRO@VERT/BBSESINF to Sam Alexander on Mon Mar 21 15:00:50 2022
    Re: Crazy BBS connections
    By: Sam Alexander to All on Mon Mar 21 2022 12:33 pm

    I'm finally in a place where I can setup a new board -- probably will just be for my own benefit and the fun of doing it. I'm quite surprised at the barrage of connections I started getting right out of the gate! I'm getting telnet and ssh connections almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm running sync at home over my broadband connection, so I guess it's people just scanning ports and ip's.


    uh. yeah. it's the internet.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Andre@VERT/RDOMENTR to Sam Alexander on Mon Mar 21 15:46:37 2022
    Re: Crazy BBS connections
    By: Sam Alexander to All on Mon Mar 21 2022 12:33 pm

    Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.

    It was the same back then. Just bot scans looking for systems with default passwords, misconfigurations, or unpatched exploits.


    - Andre

    ---
    þ Synchronet þ Radio Mentor BBS - bbs.radiomentor.org
  • From Gamgee@VERT/PALANT to Sam Alexander on Mon Mar 21 15:35:00 2022
    Sam Alexander wrote to All <=-

    I'm finally in a place where I can setup a new board -- probably
    will just be for my own benefit and the fun of doing it. I'm
    quite surprised at the barrage of connections I started getting
    right out of the gate! I'm getting telnet and ssh connections
    almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm
    running sync at home over my broadband connection, so I guess
    it's people just scanning ports and ip's.

    Anyway just curious if this is quite common ... I remember it
    being so last time I ran a telnet board 15+ years ago, but not to
    this degree. Thanks- Sam

    Yes, it is common/normal.

    There is this page on the Wiki, which may offer some help with it:

    http://wiki.synchro.net/howto:block-hackers


    ... If it weren't for Edison we'd be using computers by candlelight
    --- MultiMail/Linux v0.52
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Nelgin@VERT/EOTLBBS to Sam Alexander on Mon Mar 21 18:48:47 2022
    On Mon, 21 Mar 2022 12:33:52 -0700
    "Sam Alexander" <sam.alexander@VERT> wrote:

    I'm finally in a place where I can setup a new board -- probably will
    just be for my own benefit and the fun of doing it. I'm quite
    surprised at the barrage of connections I started getting right out
    of the gate! I'm getting telnet and ssh connections almost
    constantly, about 3-5 a minute if not more. Trying randon usernames
    and such. I guess this is normal now'days? I'm running sync at home
    over my broadband connection, so I guess it's people just scanning
    ports and ip's.

    very common.

    Example, on my fairly open linux box, these are all the attempted ssh connections within 24 hours. Deal with it with fail2ban or something
    similar - that I have but seems I need to tweak it.

    unknown (122.187.114.134): 50 Time(s)
    unknown (104.42.148.242): 40 Time(s)
    unknown (80.248.67.11): 33 Time(s)
    unknown (13.77.174.169): 29 Time(s)
    unknown (45.173.207.238): 29 Time(s)
    unknown (157.245.139.92): 26 Time(s)
    unknown (20.101.118.63): 26 Time(s)
    unknown (40.113.243.220): 26 Time(s)
    unknown (161.35.111.48): 25 Time(s)
    unknown (186.204.53.1): 25 Time(s)
    unknown (187.120.9.30): 25 Time(s)
    unknown (143.244.170.127): 23 Time(s)
    unknown (2.39.147.86): 23 Time(s)
    unknown (36.91.166.34): 23 Time(s)
    unknown (106.12.21.202): 22 Time(s)
    unknown (106.52.193.249): 22 Time(s)
    unknown (134.209.212.125): 22 Time(s)
    unknown (144.24.216.133): 22 Time(s)
    unknown (159.223.148.195): 22 Time(s)
    unknown (159.223.51.213): 22 Time(s)
    unknown (177.200.1.61): 22 Time(s)
    unknown (181.129.166.202): 22 Time(s)
    unknown (181.218.40.74): 22 Time(s)
    unknown (182.253.117.99): 22 Time(s)
    unknown (183.82.96.133): 22 Time(s)
    unknown (202.165.66.104): 22 Time(s)
    unknown (218.55.101.162): 22 Time(s)
    unknown (27.128.233.119): 22 Time(s)
    unknown (36.255.8.153): 22 Time(s)
    unknown (43.155.90.89): 22 Time(s)
    unknown (82.130.209.51): 22 Time(s)
    unknown (107.150.103.23): 21 Time(s)
    unknown (137.184.85.50): 21 Time(s)
    unknown (157.245.193.50): 21 Time(s)
    unknown (162.243.169.147): 21 Time(s)
    unknown (164.92.208.210): 21 Time(s)
    unknown (167.172.90.213): 21 Time(s)
    unknown (178.140.56.159): 21 Time(s)
    unknown (188.124.230.230): 21 Time(s)
    unknown (20.136.1.73): 21 Time(s)
    unknown (207.244.250.243): 21 Time(s)
    unknown (210.204.190.9): 21 Time(s)
    unknown (217.160.13.99): 21 Time(s)
    unknown (43.134.211.59): 21 Time(s)
    unknown (43.154.141.169): 21 Time(s)
    unknown (43.243.206.115): 21 Time(s)
    unknown (49.232.173.143): 21 Time(s)
    unknown (106.54.203.54): 20 Time(s)
    unknown (142.120.243.103): 20 Time(s)
    unknown (161.35.219.53): 20 Time(s)
    unknown (20.82.120.178): 20 Time(s)
    unknown (43.154.105.79): 20 Time(s)
    unknown (43.155.82.137): 20 Time(s)
    unknown (68.183.7.120): 20 Time(s)
    unknown (69.55.61.96): 20 Time(s)
    unknown (89.143.15.210): 20 Time(s)
    unknown (118.113.15.18): 19 Time(s)
    unknown (206.189.86.91): 19 Time(s)
    unknown (43.154.49.251): 19 Time(s)
    unknown (103.35.165.190): 18 Time(s)
    unknown (117.236.151.130): 18 Time(s)
    unknown (147.182.189.196): 18 Time(s)
    unknown (43.132.155.95): 18 Time(s)
    unknown (8.209.197.37): 18 Time(s)
    unknown (180.76.144.163): 17 Time(s)
    unknown (43.154.189.23): 17 Time(s)
    unknown (43.155.116.235): 17 Time(s)
    unknown (103.181.143.44): 15 Time(s)
    unknown (43.155.86.169): 15 Time(s)
    unknown (106.12.161.226): 14 Time(s)
    unknown (43.154.195.100): 13 Time(s)
    unknown (180.76.58.57): 12 Time(s)
    unknown (182.150.57.21): 12 Time(s)
    unknown (182.74.114.198): 12 Time(s)
    --
    End Of The Line BBS - Plano, TX
    telnet endofthelinebbs.com 23
    ---
    þ Synchronet þ End Of The Line BBS - endofthelinebbs.com
  • From dragon@VERT/IPTIA to Sam Alexander on Mon Mar 21 18:41:42 2022
    On 3/21/2022 3:33 PM, Sam Alexander wrote:
    I'm finally in a place where I can setup a new board -- probably will just be for my own benefit and the fun of doing it. I'm quite surprised at the barrage of connections I started getting right out of the gate! I'm getting telnet and ssh connections almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm running sync at home over my broadband connection, so I guess it's people just scanning ports and ip's.

    Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.
    Thanks- Sam

    ---
    ¨ Synchronet ¨ Vertrauen ¨ Home of Synchronet ¨ [vert/cvs/bbs].synchro.net

    You might want to avoid using the standard ports for telnet/ssh/rlogin.

    ---
    ­ Synchronet ­ IPTIA - bbs2.ipingthereforeiam.com:2323
  • From Nightfox@VERT/DIGDIST to dragon on Mon Mar 21 18:36:47 2022
    Re: Re: Crazy BBS connections
    By: dragon to Sam Alexander on Mon Mar 21 2022 06:41 pm

    You might want to avoid using the standard ports for telnet/ssh/rlogin.

    The problem with changing the standard ports is that most users probably aren't going to bother changing their port configuration for a particular BBS. So if you change the ports your BBS uses, you'll probbaly see a dramatic drop-off in users (not that we get many in the first place).

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From echicken@VERT/ECBBS to Sam Alexander on Tue Mar 22 03:05:44 2022
    Re: Crazy BBS connections
    By: Sam Alexander to All on Mon Mar 21 2022 12:33:52

    getting telnet and ssh connections almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm running sync at home over my broadband connection, so I

    It's normal and don't worry about it unless you really want to. Scripts are attacking your server, but they wouldn't know what to do if they got in. They're expecting bash or some IoT device, not a BBS.

    The worst thing that ever happened to me was that spurious SSH connections would jam up all of my nodes and take forever to disconnect. I did something slightly hacky with text.dat and a script to disconnect them more quickly. Can't remember the details right now.

    There's stuff you can do to mitigate it a bit, but you'll also be fine if you ignore it. I mostly do, and I'm still alive.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From echicken@VERT/ECBBS to dragon on Tue Mar 22 03:13:58 2022
    Re: Re: Crazy BBS connections
    By: dragon to Sam Alexander on Mon Mar 21 2022 18:41:42

    You might want to avoid using the standard ports for telnet/ssh/rlogin.

    This may reduce the number of connections, but I wouldn't bother unless these connections present an actual problem (which they rarely do). No sense in complicating things for yourself or your users (hah) unnecessarily.

    I use default ports for everything except where my ISP makes it impossible.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Denn@VERT/OUTWEST to Sam Alexander on Tue Mar 22 00:04:19 2022
    Re: Crazy BBS connections
    By: Sam Alexander to All on Mon Mar 21 2022 12:33 pm

    I'm finally in a place where I can setup a new board -- probably will just be for my own benefit and the fun of doing it. I'm quite surprised at the barrage of connections I started getting right out of the gate! I'm getting telnet and ssh connections almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm running sync at home over my broadband connection, so I guess it's people just scanning ports and ip's.

    I have my router take care of DOS and DDOS, and I only open ports I actually use on my BBS computer, I also block ip's that try the password guess game and I have a jibberish text file that is sent to them each time they try to spam me.

    ... BBSing: a method to triple your phone bill.

    ---
    þ Synchronet þ outwestbbs.com - the Outwest BBS
  • From Utopian Galt@VERT/IUTOPIA to Nelgin on Mon Mar 21 18:36:30 2022
    Re: Re: Crazy BBS connections
    By: Nelgin to Sam Alexander on Mon Mar 21 2022 06:48 pm

    Example, on my fairly open linux box, these are all the attempted ssh connections within 24 hours. Deal with it with fail2ban or something
    similar - that I have but seems I need to tweak it.
    I think people are looking for filters that block countries and other miscreants.

    ---
    þ Synchronet þ Inland Utopia - iutopia.duckdns.org
  • From Nelgin@VERT/EOTLBBS to Utopian Galt on Tue Mar 22 04:06:33 2022
    Re: Re: Crazy BBS connections
    By: Utopian Galt to Nelgin on Mon Mar 21 2022 18:36:30

    I think people are looking for filters that block countries and other miscreants.

    I'm building up a nice collection of netblocks.

    If I was smart I'd just move ssh to another port and be done with it, but I'm not a huge fan of security by obscurity.

    ---
    þ Synchronet þ End Of The Line BBS - endofthelinebbs.com
  • From MRO@VERT/BBSESINF to echicken on Tue Mar 22 06:16:38 2022
    Re: Crazy BBS connections
    By: echicken to Sam Alexander on Tue Mar 22 2022 03:05 am

    The worst thing that ever happened to me was that spurious SSH connections would jam up all of my nodes and take forever to disconnect. I did something slightly hacky with text.dat and a script to disconnect them more quickly. Can't remember the details right now.

    There's stuff you can do to mitigate it a bit, but you'll also be fine if you ignore it. I mostly do, and I'm still alive.

    there's some real bad ones. the ones i hate are the ones that claim to be legit scanners. they never stop and hit me all the time, all day long.

    with bots going in my login i have a capcha thing that only 2 idiots failed in many years. they actually had to write something wrong and then confirm it.

    what this script does is block everyone that connects. then they solve it correctly and they are removed. that way bots that disconnect are in the list.

    but blocking is real fruitless. when you block 100, there's another 10,000 to replace them.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From MRO@VERT/BBSESINF to Utopian Galt on Tue Mar 22 06:17:35 2022
    Re: Re: Crazy BBS connections
    By: Utopian Galt to Nelgin on Mon Mar 21 2022 06:36 pm

    Re: Re: Crazy BBS connections
    By: Nelgin to Sam Alexander on Mon Mar 21 2022 06:48 pm

    Example, on my fairly open linux box, these are all the attempted ssh connections within 24 hours. Deal with it with fail2ban or something similar - that I have but seems I need to tweak it.

    I think people are looking for filters that block countries and other miscreants.

    it's not too hard to find those lists.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Sam Alexander@VERT to Digital Man on Tue Mar 22 04:45:28 2022
    Re: Crazy BBS connections
    By: Digital Man to Sam Alexander on Mon Mar 21 2022 12:36 pm

    Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.

    Yup, sounds normal.

    I guess I'll need to increase the nodes from 4 to 8, at any given time 2 to 3 are tied-up with this mess, once even all four were tied-up. Can you give more details on how LoginAttemptFilterThreshold works? I read the docs, and other than suggesting not to set below 10 i'm unsure what this does. I'm often seeing the same IP trying dozens of times, and though I've added some to the ip.can file I'm not sure I have this working correctly.

    This is on Sync built from the most current git release on Linux.
    Thanks..

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Sam Alexander@VERT to dragon on Tue Mar 22 04:48:24 2022
    Re: Re: Crazy BBS connections
    By: dragon to Sam Alexander on Mon Mar 21 2022 06:41 pm

    You might want to avoid using the standard ports for telnet/ssh/rlogin.

    I thought of that, but this doesn't seem to be norm for most systems. My biggest concern are these connections tying up all the nodes, already seen it happen once. I'll probably increase from 4 to 8 due to this.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Digital Man@VERT to Sam Alexander on Wed Mar 23 00:36:52 2022
    Re: Crazy BBS connections
    By: Sam Alexander to Digital Man on Tue Mar 22 2022 04:45 am

    Re: Crazy BBS connections
    By: Digital Man to Sam Alexander on Mon Mar 21 2022 12:36 pm

    Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.

    Yup, sounds normal.

    I guess I'll need to increase the nodes from 4 to 8, at any given time 2 to 3 are tied-up with this mess, once even all four were tied-up. Can you give more details on how LoginAttemptFilterThreshold works?

    The number of consecutive failed login attempts before an IP address is filtered (added to ip.can file).
    --
    digital man (rob)

    Sling Blade quote #25:
    Karl: they seen fit to put me in here and here I've been a great long while. Norco, CA WX: 65.7øF, 37.0% humidity, 0 mph NNE wind, 0.00 inches rain/24hrs ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From MRO@VERT/BBSESINF to sam alexander on Wed Mar 23 08:22:01 2022
    Re: Crazy BBS connections
    By: Digital Man to Sam Alexander on Wed Mar 23 2022 12:36 am

    Re: Crazy BBS connections
    By: Sam Alexander to Digital Man on Tue Mar 22 2022 04:45 am

    Re: Crazy BBS connections
    By: Digital Man to Sam Alexander on Mon Mar 21 2022 12:36 pm

    Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.


    let me know if you want a copy of peerblock.
    i have a batchfile that makes it easy to add an IP to the custom blocklist.

    it needs to be 32bit windows.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Ragnarok@VERT/DOCKSUD to Utopian Galt on Wed Mar 23 12:59:23 2022
    El 21/3/22 a las 22:36, Utopian Galt escribi¢:
    Re: Re: Crazy BBS connections
    By: Nelgin to Sam Alexander on Mon Mar 21 2022 06:48 pm

    > Example, on my fairly open linux box, these are all the attempted ssh
    > connections within 24 hours. Deal with it with fail2ban or something
    > similar - that I have but seems I need to tweak it.
    I think people are looking for filters that block countries and other miscreants.

    ---
    ¨ Synchronet ¨ Inland Utopia - iutopia.duckdns.org
    block countries make no sense.
    use fail2ban and filter their ips that make noise on your server

    ---
    þ Synchronet þ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
  • From Gamgee@VERT/PALANT to Ragnarok on Wed Mar 23 14:53:00 2022
    Ragnarok wrote to Utopian Galt <=-

    block countries make no sense.

    Sometimes it does. It's easy and effective. I have dozens blocked.

    use fail2ban and filter their ips that make noise on your server

    Harder to do, and there are too many of them.


    ... Nothing's foolproof - the idiots are too ingenious.
    --- MultiMail/Linux v0.52
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Utopian Galt@VERT/IUTOPIA to Ragnarok on Wed Mar 23 18:12:08 2022
    Even before Russia decided to go to Ukraine and raise heck, I want to ban all of Russia as an example.

    ---
    þ Synchronet þ Inland Utopia - iutopia.duckdns.org
  • From Tony Langdon@VERT to Ragnarok on Fri Mar 25 20:25:00 2022
    On 03-23-22 12:59, Ragnarok wrote to Utopian Galt <=-

    block countries make no sense.
    use fail2ban and filter their ips that make noise on your server

    I agree, fail2ban works very well, and keeps the bots at bay.


    ... Some of the crowd have decided to voice their opinion by staying away.
    === MultiMail/Win v0.52
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From MRO@VERT/BBSESINF to Tony Langdon on Fri Mar 25 05:29:56 2022
    Re: Re: Crazy BBS connections
    By: Tony Langdon to Ragnarok on Fri Mar 25 2022 08:25 pm

    On 03-23-22 12:59, Ragnarok wrote to Utopian Galt <=-

    block countries make no sense.
    use fail2ban and filter their ips that make noise on your server

    I agree, fail2ban works very well, and keeps the bots at bay.


    i like blocking countries, though.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Utopian Galt@VERT/IUTOPIA to Tony Langdon on Fri Mar 25 18:53:17 2022
    Re: Re: Crazy BBS connections
    By: Tony Langdon to Ragnarok on Fri Mar 25 2022 08:25 pm

    I agree, fail2ban works very well, and keeps the bots at bay.
    But I run Windows.

    ---
    þ Synchronet þ Inland Utopia - iutopia.duckdns.org
  • From Tony Langdon@VERT to Utopian Galt on Sat Mar 26 21:59:00 2022
    On 03-25-22 18:53, Utopian Galt wrote to Tony Langdon <=-

    Re: Re: Crazy BBS connections
    By: Tony Langdon to Ragnarok on Fri Mar 25 2022 08:25 pm

    I agree, fail2ban works very well, and keeps the bots at bay.
    But I run Windows.

    Yeah I'm not sure if there's a Windows equivalent.


    ... Hell hath no fury like a bureaucrat scorned.
    === MultiMail/Win v0.52
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Tracker1@VERT/TRN to dragon on Fri Apr 1 22:07:07 2022
    On 3/21/22 15:41, dragon wrote:

    You might want to avoid using the standard ports for telnet/ssh/rlogin.

    I disagree... I tend to prefer the "standard" ports and just accept or blacklist the bot stuff.
    --
    Michael J. Ryan - tracker1@roughneckbbs.com
    ---
    þ Synchronet þ Roughneck BBS - roughneckbbs.com
  • From MRO@VERT/BBSESINF to Tracker1 on Sat Apr 2 06:08:01 2022
    Re: Re: Crazy BBS connections
    By: Tracker1 to dragon on Fri Apr 01 2022 10:07 pm

    On 3/21/22 15:41, dragon wrote:

    You might want to avoid using the standard ports for telnet/ssh/rlogin.

    I disagree... I tend to prefer the "standard" ports and just accept or blacklist the bot stuff.
    --

    i'm with ya on that. using non standard ports when you have users
    is really stupid. its hard enough getting them to call.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From dragon@VERT/IPTIA to MRO on Sat Apr 2 12:31:41 2022
    On 4/2/2022 7:08 AM, MRO wrote:
    Re: Re: Crazy BBS connections
    By: Tracker1 to dragon on Fri Apr 01 2022 10:07 pm

    > On 3/21/22 15:41, dragon wrote:
    >
    > > You might want to avoid using the standard ports for telnet/ssh/rlogin.
    >
    > I disagree... I tend to prefer the "standard" ports and just accept or
    > blacklist the bot stuff.
    > --

    i'm with ya on that. using non standard ports when you have users
    is really stupid. its hard enough getting them to call.
    ---
    ¨ Synchronet ¨ ::: BBSES.info - free BBS services :::

    There are hundreds of BBSes on non-standard ports in my database. Are
    all these sysops "really stupid"?

    ---
    ­ Synchronet ­ IPTIA - bbs2.ipingthereforeiam.com:2323
  • From Andre@VERT/RDOMENTR to dragon on Sat Apr 2 14:45:40 2022
    There are hundreds of BBSes on non-standard ports in my database. Are
    all these sysops "really stupid"?

    Yes.


    - Andre

    ---
    þ Synchronet þ Radio Mentor BBS - bbs.radiomentor.org
  • From MRO@VERT/BBSESINF to dragon on Sat Apr 2 15:51:10 2022
    Re: Re: Crazy BBS connections
    By: dragon to MRO on Sat Apr 02 2022 12:31 pm

    i'm with ya on that. using non standard ports when you have users
    is really stupid. its hard enough getting them to call.
    ---

    There are hundreds of BBSes on non-standard ports in my database. Are
    all these sysops "really stupid"?


    yes they are. i devoted the last 25 years of my life running services for sysops and users.

    when you put up a roadblock when a user has a very short attention span and tollerance for things, you are really screwing yourself over.

    lets say there's 2 amusement parks. one on each side of the road.
    one is cheaper but you have long waits. with the other one, it's more expensive but there's no wait to get in and there's a very short wait for the rides. it's ran better than the other one.

    the first park would be out of business in a year.

    you're a bit late to the show and i assume you are one of those guys that is into this stuff for the technology aspect, and learning new things.

    I have always been in it for the users. I think about what they want, i had friendships with my users and i gave them what they wanted. for me it was always about the users because that is what a bbs system is for. it's providing service. a lot of people don't realize this.

    i've seen hundreds of guys that say they 'run this for themselves and don't care if they get users' shut down with the reason being their system is dead and they have no use.

    so yes, obviously you are doing something stupid if you make it harder for people to use your system when they can go someplace else with no hassle.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From dragon@VERT/IPTIA to MRO on Sun Apr 3 01:15:42 2022
    On 4/2/2022 4:51 PM, MRO wrote:
    Re: Re: Crazy BBS connections
    By: dragon to MRO on Sat Apr 02 2022 12:31 pm

    > > i'm with ya on that. using non standard ports when you have users
    > > is really stupid. its hard enough getting them to call.
    > > ---
    >
    > There are hundreds of BBSes on non-standard ports in my database. Are
    > all these sysops "really stupid"?

    yes they are. i devoted the last 25 years of my life running services for sysops and users.

    you're a bit late to the show and i assume you are one of those guys that is into this stuff for the technology aspect, and learning new things.

    so yes, obviously you are doing something stupid if you make it harder for people to use your system when they can go someplace else with no hassle.

    Half of the top 10 most popular sites in the voting section of my
    website use non-standard ports. Perhaps you are selling the users short
    or inflating the degree this is a "hassle".

    I'm not late. I've just been away for a while.

    I have been involved in computer technology since 1981. I ran RBBS and PCBoard multinode dialup boards for well over a decade. I was a Fidonet coordinator with a Planet Connect feed servicing a large number of
    downstream nodes for over a decade.

    I've been managing and securing IP networks for nearly 30 years.

    Since 2017 I've become re-interested in BBSes, mostly because I was
    amazed to find out so many still existed. You're correct that I'm not
    looking to build a community on my BBS at this time.

    ---
    ­ Synchronet ­ IPTIA - bbs2.ipingthereforeiam.com:2323
  • From MRO@VERT/BBSESINF to dragon on Sun Apr 3 06:11:45 2022
    Re: Re: Crazy BBS connections
    By: dragon to MRO on Sun Apr 03 2022 01:15 am

    Half of the top 10 most popular sites in the voting section of my
    website use non-standard ports. Perhaps you are selling the users short
    or inflating the degree this is a "hassle".

    your voting section is fucking bullshit.
    i've talked about this before.

    I have been involved in computer technology since 1981. I ran RBBS and PCBoard multinode dialup boards for well over a decade. I was a Fidonet coordinator with a Planet Connect feed servicing a large number of downstream nodes for over a decade.

    I've been managing and securing IP networks for nearly 30 years.


    GOOD FOR YOU.

    Since 2017 I've become re-interested in BBSes, mostly because I was
    amazed to find out so many still existed. You're correct that I'm not

    like i said, you are late to the party.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Andre@VERT/RDOMENTR to dragon on Sun Apr 3 07:44:43 2022
    I've been managing and securing IP networks for nearly 30 years.

    As they say, there's always a bigger fish.

    The concept of moving to nonstandard ports is dated and not useful anymore. It accomplishes nothing other than making it more difficult for users to connect. For all the people that say otherwise, I'll wait to see all of the examples
    of exploited BBS systems that were using 22/23.


    - Andre

    ---
    þ Synchronet þ Radio Mentor BBS - bbs.radiomentor.org
  • From dragon@VERT/IPTIA to Andre on Sun Apr 3 11:21:51 2022
    On 4/3/2022 8:44 AM, Andre wrote:
    I've been managing and securing IP networks for nearly 30 years.

    As they say, there's always a bigger fish.

    The concept of moving to nonstandard ports is dated and not useful anymore. It
    accomplishes nothing other than making it more difficult for users to connect.
    For all the people that say otherwise, I'll wait to see all of the examples of exploited BBS systems that were using 22/23.


    - Andre

    ---
    ¨ Synchronet ¨ Radio Mentor BBS - bbs.radiomentor.org

    The original question was about how to cut down on doorknob rattling.

    ---
    ­ Synchronet ­ IPTIA - bbs2.ipingthereforeiam.com:2323
  • From dragon@VERT/IPTIA to MRO on Sun Apr 3 11:27:07 2022
    On 4/3/2022 7:11 AM, MRO wrote:
    Re: Re: Crazy BBS connections
    By: dragon to MRO on Sun Apr 03 2022 01:15 am

    > Half of the top 10 most popular sites in the voting section of my
    > website use non-standard ports. Perhaps you are selling the users short
    > or inflating the degree this is a "hassle".

    your voting section is fucking bullshit.
    i've talked about this before.

    > I have been involved in computer technology since 1981. I ran RBBS and
    > PCBoard multinode dialup boards for well over a decade. I was a Fidonet
    > coordinator with a Planet Connect feed servicing a large number of
    > downstream nodes for over a decade.
    >
    > I've been managing and securing IP networks for nearly 30 years.
    >

    GOOD FOR YOU.

    > Since 2017 I've become re-interested in BBSes, mostly because I was
    > amazed to find out so many still existed. You're correct that I'm not

    like i said, you are late to the party.
    ---
    ¨ Synchronet ¨ ::: BBSES.info - free BBS services :::

    Man, you're unpleasant. Where did the bad man touch you?

    ---
    ­ Synchronet ­ IPTIA - bbs2.ipingthereforeiam.com:2323
  • From MRO@VERT/BBSESINF to dragon on Sun Apr 3 15:01:03 2022
    Re: Re: Crazy BBS connections
    By: dragon to MRO on Sun Apr 03 2022 11:27 am

    > coordinator with a Planet Connect feed servicing a large number of
    > downstream nodes for over a decade.
    >
    > I've been managing and securing IP networks for nearly 30 years.
    >

    GOOD FOR YOU.

    > Since 2017 I've become re-interested in BBSes, mostly because I was
    > amazed to find out so many still existed. You're correct that I'm not

    like i said, you are late to the party.
    ---
    ­ Synchronet ­ ::: BBSES.info - free BBS services :::

    Man, you're unpleasant. Where did the bad man touch you?

    sorry, i just dont suffer fools. you asked why something was stupid and i explained how i have focused decades on giving bbs users content with what they want. i could type for over a half an hour about what i've done for bbsing and sysops and bbs users over the past 20+ years. none of it matters now, but i did it.

    you reply back that you ran fidonet nodes.
    and you run a website that collects bbs urls and has a voting feature where sysop vote for their own bbses.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Digital Man@VERT to Andre on Sun Apr 3 15:02:26 2022
    Re: Re: Crazy BBS connections
    By: Andre to dragon on Sun Apr 03 2022 07:44 am

    I've been managing and securing IP networks for nearly 30 years.

    As they say, there's always a bigger fish.

    The concept of moving to nonstandard ports is dated and not useful anymore. It accomplishes nothing other than making it more difficult for users to connect. For all the people that say otherwise, I'll wait to see all of the examples
    of exploited BBS systems that were using 22/23.

    I think the reason that some sysops use non-standard ports is to cut down on bots busying their nodes (attempting logins or just waiting to timeout) and possibly denying service to legit users.
    --
    digital man (rob)

    Synchronet "Real Fact" #84:
    The Electronic Frontier Foundation used to run Synchronet (circa 1993)
    Norco, CA WX: 65.2øF, 66.0% humidity, 9 mph SSW wind, 0.00 inches rain/24hrs ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From The Millionaire@VERT to Sam Alexander on Sun Apr 3 15:20:24 2022
    I'm finally in a place where I can setup a new board -- probably will just be for my own benefit and the fun of doing it. I'm quite surprised at the barrage of connections I started getting right out of the gate! I'm getting telnet and ssh connections almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm running sync at home over my broadband connection, so I guess it's people just scanning ports and ip's.

    Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.
    Thanks- Sam


    Just people with a lot of time on their hands.

    $ The Millionaire $

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Andre@VERT/RDOMENTR to Digital Man on Sun Apr 3 17:34:21 2022
    I think the reason that some sysops use non-standard ports is to cut down on bots busying their nodes (attempting logins or just waiting to timeout) and possibly denying service to legit users.

    I've been waiting for someone to say that, which is a valid reason I guess. I get maybe two concurrent attacks/scans at the very most. Whatever, still a reason that makes some sense.

    But so far, everyone who brings it up has said it's for security reasons. Which just doesn't hold water anymore.

    - Andre

    ---
    þ Synchronet þ Radio Mentor BBS - bbs.radiomentor.org
  • From Utopian Galt@VERT/IUTOPIA to Andre on Sun Apr 3 12:54:04 2022
    Re: Re: Crazy BBS connections
    By: Andre to dragon on Sun Apr 03 2022 07:44 am

    users to connect. For all the people that say otherwise, I'll wait to see all of the examples of exploited BBS systems that were using 22/23.
    Reducing the number of idiots and botnets trying to hammer your system is the main reason why many use non standard ports.

    ---
    þ Synchronet þ Inland Utopia - iutopia.duckdns.org:2023
  • From Andre@VERT/RDOMENTR to Utopian Galt on Sun Apr 3 20:52:17 2022
    Re: Re: Crazy BBS connections
    By: Utopian Galt to Andre on Sun Apr 03 2022 12:54 pm

    Reducing the number of idiots and botnets trying to hammer your system is the main reason why many use non standard ports.

    Which accomplishes pretty much nothing. No security impact. Maybe have to run a couple more nodes for the times when you end up with a couple nodes taken up by scanners and bots.


    - Andre

    ---
    þ Synchronet þ Radio Mentor BBS - bbs.radiomentor.org
  • From dragon@VERT/IPTIA to Digital Man on Sun Apr 3 22:10:50 2022
    On 4/3/2022 6:02 PM, Digital Man wrote:
    Re: Re: Crazy BBS connections
    By: Andre to dragon on Sun Apr 03 2022 07:44 am

    > > I've been managing and securing IP networks for nearly 30 years.
    >
    > As they say, there's always a bigger fish.
    >
    > The concept of moving to nonstandard ports is dated and not useful anymore.
    > It accomplishes nothing other than making it more difficult for users to
    > connect. For all the people that say otherwise, I'll wait to see all of the
    > examples
    > of exploited BBS systems that were using 22/23.

    I think the reason that some sysops use non-standard ports is to cut down on bots busying their nodes (attempting logins or just waiting to timeout) and possibly denying service to legit users.

    That's actually what the original poster seemed to be asking about and
    what I thought I was providing an OPTION for him to deal with it.

    ---
    ­ Synchronet ­ IPTIA - bbs2.ipingthereforeiam.com:2323
  • From echicken@VERT/ECBBS to dragon on Mon Apr 4 04:29:18 2022
    Re: Re: Crazy BBS connections
    By: dragon to MRO on Sat Apr 02 2022 12:31:41

    i'm with ya on that. using non standard ports when you have users
    is really stupid. its hard enough getting them to call.

    There are hundreds of BBSes on non-standard ports in my database. Are
    all these sysops "really stupid"?

    They're doing a stupid thing, but it doesn't make them all-around stupid. No need to escalate.

    Something doesn't become smart just because hundreds of people do it. I'm not about to eat shit because trillions of flies seem to enjoy it.

    There are legit reasons for using non-standard ports - eg. your ISP prevents you from using the proper ones - but more often than not it's done for silly reasons. There are proper ways to deal with bots and hack attempts, including just ignoring them.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From MRO@VERT/BBSESINF to echicken on Mon Apr 4 00:07:58 2022
    Re: Re: Crazy BBS connections
    By: echicken to dragon on Mon Apr 04 2022 04:29 am

    Something doesn't become smart just because hundreds of people do it. I'm not about to eat shit because trillions of flies seem to enjoy it.

    There are legit reasons for using non-standard ports - eg. your ISP prevents you from using the proper ones - but more often than not it's done for silly reasons. There are proper ways to deal with bots and hack attempts, including just ignoring them.

    i do stupid things all the time, lots of times i just do it to be interesting.

    but there's common sense stuff and people need to attempt to think sometimes.

    you don't want to make things difficult for an audience that would rather just drop their connection on you and watch some memes.

    i dont care if 1000 people are running their bbses and other things on wrong ports and think it's a great idea. it's not. you're on the internet and this means you are going to be scanned all day long no matter WHAT you do.

    i just opened up vnc on THIS server and i have shadowserver scanning me all day, a email attacks, and web attacks. i'm not shitting my pants over it.
    i'm still able to type out my nasty comments here and it's not lagging.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Tracker1@VERT/TRN to dragon on Mon Apr 4 18:08:39 2022
    On 4/2/22 09:31, dragon wrote:
    I disagree... I tend to prefer the "standard" ports and just
    accept or blacklist the bot stuff.

    i'm with ya on that. using non standard ports when you have users
    is really stupid. its hard enough getting them to call.

    There are hundreds of BBSes on non-standard ports in my database. Are
    all these sysops "really stupid"?

    I wouldn't say stupid... only that discoverability is slightly harder.
    Of course it's much harder if you aren't running http/https on the
    default port(s).

    I would probably just pay for ngrok pro, a similar service, or host on a
    VPS if your residential ISP won't let you use those ports.
    --
    Michael J. Ryan - tracker1@roughneckbbs.com
    ---
    þ Synchronet þ Roughneck BBS - roughneckbbs.com
  • From poindexter FORTRAN@VERT/REALITY to Tracker1 on Tue Apr 5 08:09:00 2022
    Tracker1 wrote to dragon <=-

    I would probably just pay for ngrok pro, a similar service, or host on
    a VPS if your residential ISP won't let you use those ports.

    Funny you should mention ngrok - I just saved this to my pocket account to read later:

    https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html

    Roll your own Ngrok with Nginx, Letsencrypt, and SSH reverse tunnelling

    Ngrok is a fantastic tool for creating a secure tunnel from the public web
    to a machine behind NAT or a firewall. Sadly, it costs money and it¬ÇÖs proprietary. If you're a developer, odds are that you're already renting a server in the public cloud, so why not roll your own ngrok?

    It turns out that you can do it using free, off-the-shelf tools, with no sophisticated scripting required!


    ... Humanise something free of error
    --- MultiMail/DOS v0.52
    þ Synchronet þ .: realitycheckbbs.org :: scientia potentia est :.
  • From Tracker1@VERT/TRN to poindexter FORTRAN on Tue Apr 5 16:32:47 2022
    On 4/5/22 08:09, poindexter FORTRAN wrote:
    I would probably just pay for ngrok pro, a similar service, or host
    on a VPS if your residential ISP won't let you use those ports.

    ...

    https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html

    Roll your own Ngrok with Nginx, Letsencrypt, and SSH reverse
    tunnelling

    Cool, been thinking of doing the same on a cheap VPS.

    Ngrok is a fantastic tool for creating a secure tunnel from the
    public web to a machine behind NAT or a firewall. Sadly, it costs
    money and it's proprietary. If you're a developer, odds are that
    you're already renting a server in the public cloud, so why not
    roll your own ngrok?

    It turns out that you can do it using free, off-the-shelf tools,
    with no sophisticated scripting required!

    In fairness I did mention a VPS option, though specifically for hosting.
    Was thinking of something similar instead of NGrok myself, just passing
    80, 443, etc to my local system(s) where 80/443 would be a configured reverse-proxy on my local side.

    Probaly Caddy over NginX as it's much easier to configure/use.
    --
    Michael J. Ryan - tracker1@roughneckbbs.com
    ---
    þ Synchronet þ Roughneck BBS - roughneckbbs.com
  • From Moondog@VERT/CAVEBBS to dragon on Fri Apr 8 10:57:00 2022
    Re: Re: Crazy BBS connections
    By: dragon to Digital Man on Sun Apr 03 2022 10:10 pm

    On 4/3/2022 6:02 PM, Digital Man wrote:
    Re: Re: Crazy BBS connections
    By: Andre to dragon on Sun Apr 03 2022 07:44 am

    > > I've been managing and securing IP networks for nearly 30 years.
    >
    > As they say, there's always a bigger fish.
    >
    > The concept of moving to nonstandard ports is dated and not useful any
    > It accomplishes nothing other than making it more difficult for users
    > connect. For all the people that say otherwise, I'll wait to see all o
    > examples
    > of exploited BBS systems that were using 22/23.

    I think the reason that some sysops use non-standard ports is to cut down

    That's actually what the original poster seemed to be asking about and
    what I thought I was providing an OPTION for him to deal with it.


    When I explain ports to my non-technical friends and co-workers, I explain
    the system being a large factory building with mulitple doors dedicated to specific customer or vendor traffic. If a caterer is bringing in food, you wa nt him to use the dedicated kitchen entrance. That may bring up the
    argument that someone who wants to sneak in the building knows doors 22 or
    23 are the kitchen entrance. You may have to lock those doors down and tell the caterer to use another entrance. Is this an issue? Not really if the caterer knows which door to bring the food in. That information is provided
    by the building manager. If you want to invite a select group of people in, you would have to advertise wherever else these people go and inform them as
    to which non-common door to enter from.

    ---
    þ Synchronet þ The Cave BBS - Since 1992 - cavebbs.homeip.net
  • From Andre@VERT/RDOMENTR to Moondog on Fri Apr 8 16:34:21 2022
    That may bring up the
    argument that someone who wants to sneak in the building knows doors 22 or
    23 are the kitchen entrance. You may have to lock those doors down and tell the caterer to use another entrance. Is this an issue? Not really if the caterer knows which door to bring the food in. That information is provided by the building manager. If you want to invite a select group of people in, you would have to advertise wherever else these people go and inform them as to which non-common door to enter from.

    To continue with your analogy. You're only keeping out the people who would normally park in the parking lot and only check the front door with the sign on it that says kitchen.

    Any idiot who wants to break in can just walk around the building and see where the other doors are, walk up to them, and rattle each one to see if it's
    locked or not.

    The caterers have a key to the door they're supposed to enter because you
    gave it to them. Doesn't make a difference at all which door you give them a key to. They're all locked doors and they all work the same way.


    - Andre

    ---
    þ Synchronet þ Radio Mentor BBS - bbs.radiomentor.org