• Port 23.

    From Joseph Larsen@1:340/800 to All on Sun May 21 23:52:22 2017
    Hi all,

    I want to run my board on port 23, but I keep getting unwanted connections to it. Mostly from Chinese hackers, I presume. Anyone know a way to solve this, with iptables or the like?

    Thanks,
    Joseph

    |09ignatius |07(|15cia|07)

    --- DayDream BBS/UNIX (Linux) 2.15a
    * Origin: catch22bbs.com >>> >> > (1:340/800)
  • From Stephen Walsh@3:633/280 to Joseph Larsen on Mon May 22 11:03:54 2017

    Hello Joseph!

    21 May 17 23:52, you wrote to all:

    I want to run my board on port 23, but I keep getting unwanted
    connections to it. Mostly from Chinese hackers, I presume. Anyone know
    a way to solve this, with iptables or the like?

    I use this on my servers, and find it's very good.

    https://github.com/tlhackque/BlockCountries


    Stephen


    --- GoldED+/LNX 1.1.5-b20161221
    * Origin: Dragon's Lair ---:- dragon.vk3heg.net -:--- (3:633/280)
  • From Ben Ritchey@1:393/68 to Joseph Larsen on Sun May 21 20:12:00 2017
    * An ongoing debate between Joseph Larsen and All rages on ...

    I want to run my board on port 23, but I keep getting unwanted
    connections to it. Mostly from Chinese hackers, I presume. Anyone know
    a way to solve this, with iptables or the like?
    --- DayDream BBS/UNIX (Linux) 2.15a
    * Origin: catch22bbs.com >>> >> > (1:340/800)

    You could install the linux flavor of Mystic BBS as it has the ability to block

    connects by country. To be honest, you'll get some hack attempts from everywhere, including the US, but most come from China as you pointed out {chuckle}. My access log by Country:

    === Cut ===

    Mystic Telnet Connection(s) Summary

    The Positronium Repository telnet://cmech.dynip.com

    _______________________________________________________________________________

    Albania ........................................... : 30
    Andorra ........................................... : 54 0.1%
    Argentina ......................................... : 1,061 2.2%
    Armenia ........................................... : 13
    Australia ......................................... : 281 0.5%
    Austria ........................................... : 7
    Azerbaijan ........................................ : 9
    Bahamas ........................................... : 5
    Bahrain ........................................... : 2
    Bangladesh ........................................ : 25
    Barbados .......................................... : 2
    Belarus ........................................... : 40
    Belgium ........................................... : 51 0.1%
    Belize ............................................ : 2
    Bolivia ........................................... : 35
    Bonaire, Sint Eustatius and Saba .................. : 17
    Botswana .......................................... : 11
    Brazil ............................................ : 2,163 4.4%
    Brunei Darussalam ................................. : 2
    Bulgaria .......................................... : 245 0.5%
    Cambodia .......................................... : 36
    Canada ............................................ : 138 0.2%
    Chile ............................................. : 64 0.1%
    China ............................................. : 11,873 24.6%
    Colombia .......................................... : 289 0.6%
    Costa Rica ........................................ : 156 0.3%
    Côte d'Ivoire ..................................... : 2
    Croatia ........................................... : 25
    Curaçao ........................................... : 1
    Czech Republic .................................... : 364 0.7%
    Denmark ........................................... : 12
    Dominican Republic ................................ : 93 0.1%
    Ecuador ........................................... : 298 0.6%
    Egypt ............................................. : 344 0.7%
    El Salvador ....................................... : 1
    Estonia ........................................... : 1
    Ethiopia .......................................... : 2
    Finland ........................................... : 25
    France ............................................ : 187 0.3%
    Georgia ........................................... : 1
    Germany ........................................... : 98 0.2%
    Greece ............................................ : 70 0.1%
    Guatemala ......................................... : 26
    Honduras .......................................... : 27
    Hong Kong ......................................... : 121 0.2%
    Hungary ........................................... : 120 0.2%
    India ............................................. : 1,429 2.9%
    Indonesia ......................................... : 110 0.2%
    Iran .............................................. : 578 1.2%
    Iraq .............................................. : 13
    Ireland ........................................... : 4
    Israel ............................................ : 148 0.3%
    Italy ............................................. : 242 0.5%
    Jamaica ........................................... : 20
    Japan ............................................. : 44
    Jordan ............................................ : 18
    Kazakhstan ........................................ : 167 0.3%
    Korea, Republic of ................................ : 1,771 3.6%
    Kuwait ............................................ : 22
    Latvia ............................................ : 60 0.1%
    Lebanon ........................................... : 1
    Lithuania ......................................... : 26
    Macao ............................................. : 5
    Macedonia, the former Yugoslav Republic of ........ : 15
    Malaysia .......................................... : 121 0.2%
    Maldives .......................................... : 11
    Malta ............................................. : 11
    Martinique ........................................ : 3
    Mauritius ......................................... : 3
    Mexico ............................................ : 1,112 2.3%
    Moldova, Republic of .............................. : 128 0.2%
    Mongolia .......................................... : 24
    Montenegro ........................................ : 4
    Morocco ........................................... : 95 0.1%
    Mozambique ........................................ : 1
    Nepal ............................................. : 4
    Netherlands ....................................... : 218 0.4%
    New Caledonia ..................................... : 6
    New Zealand ....................................... : 26
    Nicaragua ......................................... : 2
    Nigeria ........................................... : 5
    Norway ............................................ : 72 0.1%
    Oman .............................................. : 57 0.1%
    Pakistan .......................................... : 129 0.2%
    Palestine, State of ............................... : 33
    Panama ............................................ : 47
    Paraguay .......................................... : 2
    Peru .............................................. : 136 0.2% Philippines ....................................... : 50 0.1%
    Poland ............................................ : 388 0.8%
    Portugal .......................................... : 49 0.1%
    Puerto Rico ....................................... : 86 0.1%
    Qatar ............................................. : 61 0.1%
    Romania ........................................... : 782 1.6%
    Russian Federation ................................ : 4,470 9.2%
    Saint Vincent and the Grenadines .................. : 1
    Saudi Arabia ...................................... : 114 0.2%
    Senegal ........................................... : 28
    Serbia ............................................ : 78 0.1%
    Seychelles ........................................ : 79 0.1%
    Singapore ......................................... : 46
    Slovakia .......................................... : 21
    Slovenia .......................................... : 4
    Somalia ........................................... : 2
    South Africa ...................................... : 48
    Spain ............................................. : 813 1.6%
    Sri Lanka ......................................... : 2
    Sweden ............................................ : 441 0.9% Switzerland ....................................... : 186 0.3%
    Syrian Arab Republic .............................. : 4
    Taiwan, Province of China ......................... : 1,490 3.0%
    Tajikistan ........................................ : 2
    Tanzania, United Republic of ...................... : 2
    Thailand .......................................... : 359 0.7%
    Trinidad and Tobago ............................... : 36
    Tunisia ........................................... : 31
    Turkey ............................................ : 1,538 3.1%
    Uganda ............................................ : 3
    Ukraine ........................................... : 7,913 16.4%
    United Arab Emirates .............................. : 31
    United Kingdom .................................... : 241 0.5%
    United States ..................................... : 1,117 2.3%
    Uruguay ........................................... : 17
    Uzbekistan ........................................ : 33
    Venezuela ......................................... : 82 0.1%
    Viet Nam .......................................... : 2,082 4.3%

    _______________________________________________________________________________

    Total Connects = 48,104

    === Cut ===

    .- Keep the faith, --------------------------------------------------.
    | |
    | Ben aka cMech Web: http|ftp|binkp|telnet://cmech.dynip.com |
    | Email: fido4cmech(at)lusfiber.net |
    | Home page: http://cmech.dynip.com/homepage/ | `----------- WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1 ---'

    ... He who can't endure the bad won't live to see the good. Yiddish Proverb
    --- GoldED+/W32-MSVC v1.1.5-b20170303 ... via Mystic BBS!
    * Origin: FIDONet - The Positronium Repository (1:393/68)
  • From Richard Menedetter@2:310/31 to Joseph Larsen on Mon May 22 09:44:24 2017
    Hi Joseph!

    21 May 2017 23:52, from Joseph Larsen -> All:

    I want to run my board on port 23, but I keep getting unwanted
    connections to it. Mostly from Chinese hackers, I presume. Anyone know
    a way to solve this, with iptables or the like?

    That is the reality of todays Internet.
    Learn to live with it, and use good passwords.

    Best is to abandon telnet altogether and switch to SSH.

    CU, Ricsi

    --- GoldED+/LNX
    * Origin: Those who talk much, say nothing. (2:310/31)
  • From mark lewis@1:3634/12.73 to Joseph Larsen on Mon May 22 13:20:04 2017

    On 2017 May 21 23:52:22, you wrote to All:

    I want to run my board on port 23, but I keep getting unwanted connections to it. Mostly from Chinese hackers, I presume.

    nope... most likely they are MIRIA trying to figure out if your BBS is a DVR, a
    (not so) smart TV, an IP Camera or a vulnerable router... my old school frontdoor mailer shows their connection attempts to me all the time... it is why i was one of the very first to raise alerts to them and also be able to develop detection rules for the IDS software that i run... some of the connections attempt logins and issue busybox commands while others just sit until the mailer times out and drops them to the BBS where they will sit until the BBS times out or they start their login attempt and get booted...

    in fact, i just caught another new variant using PEIN instead of MIRAI as their
    watchword... so far my system is tracking at least 17 known variants... each using a different watchword to detect the end of their command execution attempts...

    Anyone know a way to solve this, with iptables or the like?

    there is some majik that can be cast that way but i prefer to run an intrusion detection system with an automatic reaction tool... but i do this on my perimeter firewall instead of on any of the BBS or server machines...

    anyway, janis has some iptables recipe that she's using on her port 23 to try to mitigate this... or she did... i have a brain cell kicking me and saying that she did move from port 23 like so many other folks have done...

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... Yellowknife - Many are cold but few are frozen.
    ---
    * Origin: (1:3634/12.73)
  • From mark lewis@1:3634/12.73 to Richard Menedetter on Mon May 22 13:05:44 2017

    On 2017 May 22 09:44:24, you wrote to Joseph Larsen:

    I want to run my board on port 23, but I keep getting unwanted
    connections to it. Mostly from Chinese hackers, I presume. Anyone
    know a way to solve this, with iptables or the like?

    That is the reality of todays Internet. Learn to live with it, and use good passwords.

    it is the MIRAI critter looking for DVRs, TVs, IP Cameras and vulnerable routers that are exposed to the WAN... there's a very short list of usernames and passwords that it uses... one really only need to list those in the BBS' rejection files but it won't stop the connections...

    i just don't understand why folks can't or won't set up a perimeter firewall instead of using the shitty firewall in their ISP's modem thing... put the modem into bridge mode and let the firewall handle the connection... pfsense, smoothwall, and others work great for handling these types of things... you can
    even build and maintain a list of IPs to disallow and let the firewall block them on their initial SYN... stop the traffic at the perimeter and keep it out completely... it is a no brainer...

    Best is to abandon telnet altogether and switch to SSH.

    you cannot switch old-school BBSes to SSH when using virtual modem shims... there are not existing that speak SSH...

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... My middle name is H-E-N-7-R-Y... the 7 is silent, of course
    ---
    * Origin: (1:3634/12.73)
  • From Richard Menedetter@2:310/31 to mark lewis on Mon May 22 23:09:54 2017
    Hi mark!

    22 May 2017 13:05, from mark lewis -> Richard Menedetter:

    That is the reality of todays Internet. Learn to live with it,
    and use good passwords.
    it is the MIRAI critter

    Yes ... that is the reality if todays Internet ... any we have to live with it ;)

    Best is to abandon telnet altogether and switch to SSH.
    you cannot switch old-school BBSes to SSH when using virtual modem shims... there are not existing that speak SSH...

    Then it is time to abandon modem shims.
    We are not chiseling stone tablets any more ...

    CU, Ricsi

    --- GoldED+/LNX
    * Origin: Error failed! Press any key to resume error (2:310/31)
  • From mark lewis@1:3634/12.73 to Richard Menedetter on Tue May 23 02:34:58 2017

    On 2017 May 22 23:09:54, you wrote to me:

    That is the reality of todays Internet. Learn to live with it,
    and use good passwords.
    it is the MIRAI critter

    Yes ... that is the reality if todays Internet ... any we have to live with it ;)

    maybe, maybe not... with proper detection and prevention, not so much ;)

    Best is to abandon telnet altogether and switch to SSH.
    you cannot switch old-school BBSes to SSH when using virtual modem
    shims... there are not existing that speak SSH...

    Then it is time to abandon modem shims.
    We are not chiseling stone tablets any more ...

    perhaps you can explain how to put MBSE or BBBS on SSH then?

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... Avoid Quiet and Placid persons unless you are in Need of Sleep.
    ---
    * Origin: (1:3634/12.73)
  • From Shawn Highfield@1:229/452.3 to mark lewis on Tue May 23 05:19:28 2017

    Hello mark!

    23 May 17 02:34, you wrote to Richard Menedetter:

    perhaps you can explain how to put MBSE or BBBS on SSH then?

    MBSE doesn't need to be told anything about ssh. Once your account is created you simply ssh to the machine and login.

    I haven't tried creating a new account via ssh, but I would assume that
    won't work due to the nature of ssh.

    Shawn

    ... Sow your wild oats on Saturday night, then on Sunday pray for crop failure --- GoldED+/LNX 1.1.5-b20160322
    * Origin: Tiny's BBS - www.tinysbbs.com (1:229/452.3)
  • From mark lewis@1:3634/12.73 to Shawn Highfield on Tue May 23 11:46:56 2017

    On 2017 May 23 05:19:28, you wrote to me:

    perhaps you can explain how to put MBSE or BBBS on SSH then?

    MBSE doesn't need to be told anything about ssh. Once your account is created you simply ssh to the machine and login.

    interesting... i was under the impression that it was spawned using telnet...

    I haven't tried creating a new account via ssh, but I would assume
    that won't work due to the nature of ssh.

    sounds legit ;)

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... Why are you wasting your time reading taglines?
    ---
    * Origin: (1:3634/12.73)
  • From Richard Menedetter@2:310/31 to mark lewis on Tue May 23 20:00:12 2017
    Hi mark!

    23 May 2017 02:34, from mark lewis -> Richard Menedetter:

    Then it is time to abandon modem shims.
    We are not chiseling stone tablets any more ...
    perhaps you can explain how to put MBSE or BBBS on SSH then?

    By abandoning them?

    I can only say that I would not dare to make anything listen on a public telnet
    port in todays internet ...

    CU, Ricsi

    --- GoldED+/LNX
    * Origin: Don't rattle my cage. The door is not locked! (2:310/31)
  • From mark lewis@1:3634/12.73 to Richard Menedetter on Tue May 23 14:43:46 2017

    On 2017 May 23 20:00:12, you wrote to me:

    Then it is time to abandon modem shims. We are not chiseling stone
    tablets any more ...
    perhaps you can explain how to put MBSE or BBBS on SSH then?

    By abandoning them?

    they're relatively new tech, man...

    I can only say that I would not dare to make anything listen on a
    public telnet port in todays internet ...

    and here i have no problems with several frontdoor nodes on one system as well as SBBS on another dealing with these... they connect, they get blocked, done...

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... Always make sure you understand completely what you're jumping into.
    ---
    * Origin: (1:3634/12.73)
  • From Andrew Leary@1:320/219 to Shawn Highfield on Tue May 23 16:41:58 2017
    Hello Shawn!

    23 May 17 05:19, you wrote to mark lewis:

    I haven't tried creating a new account via ssh, but I would assume
    that won't work due to the nature of ssh.

    Correct. The bbs account (used for new user registration) does not have a password, and therefore cannot be logged into via SSH.

    In theory one could add a password to that account, but then you would need a method to distribute the password to potential new users.

    Andrew

    --- GoldED+/LNX 1.1.5-b20170303
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Andrew Leary@1:320/219 to mark lewis on Tue May 23 16:46:04 2017
    Hello mark!

    23 May 17 11:46, you wrote to Shawn Highfield:

    MBSE doesn't need to be told anything about ssh. Once your
    account is created you simply ssh to the machine and login.

    interesting... i was under the impression that it was spawned using telnet...

    MBSE's mblogin program replaces the standard login for telnet connections. For SSH connections, the standard ssh login procedure prevails. Since the BBS users have unix accounts with /opt/mbse/bin/mbsebbs as their shell, the SSH users are connected directly to the BBS after they successfully log in.

    Andrew

    --- GoldED+/LNX 1.1.5-b20170303
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Shawn Highfield@1:229/452.3 to mark lewis on Tue May 23 17:27:04 2017

    Hello mark!

    23 May 17 11:46, you wrote to me:

    interesting... i was under the impression that it was spawned using telnet...

    MBSE unlike the rest doesn't have a built in telnet daemon, it uses the
    tools in the OS itself. That's why when creating a new user it logs you
    off and you have to reconnect using the newly created account (as the 'bbs' user runs the newuser script)

    I haven't tried creating a new account via ssh, but I would
    assume that won't work due to the nature of ssh.
    sounds legit ;)

    I just tried... It didn't work for me, however I also didn't try
    with syncterm ssh which /may/ allow it to work.

    If you want to try, the telnet port is 2323 and the ssh port is 22
    here at tinysbbs.com and those ports direct you to my pi.

    Shawn

    ... Go on, be yourself! There isn't anyone better qualified.
    --- GoldED+/LNX 1.1.5-b20160322
    * Origin: Tiny's BBS - www.tinysbbs.com (1:229/452.3)
  • From mark lewis@1:3634/12.73 to Andrew Leary on Tue May 23 18:27:06 2017

    On 2017 May 23 16:41:58, you wrote to Shawn Highfield:

    I haven't tried creating a new account via ssh, but I would assume
    that won't work due to the nature of ssh.

    Correct. The bbs account (used for new user registration) does not
    have a password, and therefore cannot be logged into via SSH.

    In theory one could add a password to that account, but then you would need a method to distribute the password to potential new users.

    similar to how some underground and scene boards have one hidden in their text screens that you're supposed to read when signing up... possibly something on the initial screen with the initial prompts... assuming that SSH servers can even transmit a login screen in the first place...

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... My hard disk is full! Maybe I'll try this message section thing.
    ---
    * Origin: (1:3634/12.73)
  • From mark lewis@1:3634/12.73 to Andrew Leary on Tue May 23 18:29:00 2017

    On 2017 May 23 16:46:04, you wrote to me:

    MBSE doesn't need to be told anything about ssh. Once your account
    is created you simply ssh to the machine and login.

    interesting... i was under the impression that it was spawned using
    telnet...

    MBSE's mblogin program replaces the standard login for telnet
    connections. For SSH connections, the standard ssh login procedure prevails. Since the BBS users have unix accounts with /opt/mbse/bin/mbsebbs as their shell, the SSH users are connected
    directly to the BBS after they successfully log in.

    interesting... i'm learning, slowly over time, that MBSE is truely built into/around the *nix system it is installed on... much like Waffle BBS was initially before they developed the DOS mimic which so many ran...

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... Tell me, have you ever woken up and realized you were doomed?
    ---
    * Origin: (1:3634/12.73)
  • From Phil Taylor@1:275/201 to Joseph Larsen on Thu Sep 20 22:19:15 2018
    Joseph Larsen wrote to All <=-

    Hi all,

    I want to run my board on port 23, but I keep getting unwanted
    connections to it. Mostly from Chinese hackers, I presume. Anyone know
    a way to solve this, with iptables or the like?

    Joseph

    I know it's a real pain to try and deal with it. Try google and search for the keyword iptables block ip address. To block a whole country there is some information posted on google that will explain how to do it.

    Phil
    ... MultiMail, the new multi-platform, multi-format offline reader!
    ___ MultiMail/Win v0.51

    --- Mystic BBS/QWK v1.12 A39 2018/04/21 (Windows/32)
    * Origin: Mystic.dynu.net 2310 (1:275/201)
  • From Phil Taylor@1:275/201 to Stephen Walsh on Thu Sep 20 22:19:15 2018
    Stephen Walsh wrote to Joseph Larsen <=-


    Hello Joseph!

    21 May 17 23:52, you wrote to all:

    I want to run my board on port 23, but I keep getting unwanted
    connections to it. Mostly from Chinese hackers, I presume. Anyone know
    a way to solve this, with iptables or the like?

    I allow my bbs system to conenct to port 23 but due to getting to much abuse I switched it to port 2300.


    ... MultiMail, the new multi-platform, multi-format offline reader!
    ___ MultiMail/Win v0.51

    --- Mystic BBS/QWK v1.12 A39 2018/04/21 (Windows/32)
    * Origin: Mystic.dynu.net 2310 (1:275/201)
  • From Joacim Melin@2:201/120 to Phil Taylor on Fri Sep 21 06:53:44 2018
    You should all try this:

    https://github.com/punktniklas/NiKom/tree/master/Extras/Botcheck

    Me and others have been using it for quite a while to stop script kiddies taking down our Amiga BBS:es with too many telnet connections and it works great.


    --- NiKom v2.4.0
    * Origin: Delta City (deltacity.se, Vallentuna, Sweden) (2:201/120.0)
  • From Dark Angel67@1:135/369 to Phil Taylor on Wed Jul 31 12:11:05 2019
    I personally have no problem blocking countries that want to act like dumb asses...

    --- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
    * Origin: Black Flag <ACiD Telnet HQ> blackflagbbs.com (1:135/369)
  • From Dark Angel67@1:135/369 to Joacim Melin on Wed Jul 31 12:13:20 2019
    Great, now how do I get a copy of it without downloading some swedish BBS system I do not need? LOL

    --- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
    * Origin: Black Flag <ACiD Telnet HQ> blackflagbbs.com (1:135/369)
  • From aaron thomas@1:123/525 to Dark Angel67 on Thu Aug 1 18:30:22 2019
    Great, now how do I get a copy of it without downloading some swedish BBS system I do not need? LOL

    A Swedish BBS system sounds cool!? Where can I get a copy?

    --- Mystic BBS v1.12 A43 2019/03/03 (Raspberry Pi/32)
    * Origin: Alcoholiday / Est. 1995 / alco.bbs.io (1:123/525)