• Timeouts - Hack Attempts

    From Ben Ritchey@46:1/175 to Gryphon on Monday, August 01, 2016 21:14:38
    My New User Login timer is set to 10 mins fyi

    ---
    Keep the faith,

    Ben aka cMech Web: http|ftp|binkp|telnet://cmech.dynip.com
    Email: fido4cmech(at)lusfiber.net
    Home page: http://cmech.dynip.com/homepage/
    WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1

    --- Mystic BBS v1.12 A27 (Raspberry Pi)
    * Origin: AgoraNet - Positronium Repository Pi (46:1/175)
  • From Gryphon@46:1/116 to Fat Rastus on Monday, August 01, 2016 11:05:08
    On 08/01/16, Fat Rastus said the following...

    On 07/31/16, Gryphon said the following...
    I fixed up your first account, 'Fat Rastus' as it had 0 minutes left. suspect that this a situation that happens only during the new user login. I have the new user login timeout set to 3 minutes. Would yo say that you needed more than 3 minutes? If so, then I can adjust it future use. I believe that you would have been able to get in after midnight, after the minutes per day got reset. I give everybody 1440 minutes per day, and there is no longer any keyboard inactivity timeo so the only thing that could have bit you was the new user login time

    Did you email the password to me? I didn't save it, because I didn't think that an account was created. Three minutes is not enough time, unless you do away with the New User letter. The second account I tried to setup didn't seem like 3 minutes.. I hurried, but it too got disconnected while I was writing the New User letter.

    No, I never did email the password to you. What is your email address? Or would you rather me to netmail it to you?

    I suppose I can up the new user time out to 5 minutes. What does everybody else have for their new user time out?

    "No matter where you go, there you are!" - Buckaroo Bonzai

    --- Mystic BBS v1.12 A30 (Raspberry Pi)
    * Origin: Cyberia BBS | Cyberia.Darktech.Org | Kingwood, TX (46:1/116)
  • From Fat Rastus@46:1/107.2 to Gryphon on Monday, August 01, 2016 10:37:14
    On 07/31/16, Gryphon said the following...
    I fixed up your first account, 'Fat Rastus' as it had 0 minutes left. I suspect that this a situation that happens only during the new user
    login. I have the new user login timeout set to 3 minutes. Would you
    say that you needed more than 3 minutes? If so, then I can adjust it for future use. I believe that you would have been able to get in after midnight, after the minutes per day got reset. I give everybody 1440 minutes per day, and there is no longer any keyboard inactivity timeout, so the only thing that could have bit you was the new user login timeout.


    Did you email the password to me? I didn't save it, because I didn't think that an account was created. Three minutes is not enough time, unless you do away with the New User letter. The second account I tried to setup didn't
    seem like 3 minutes.. I hurried, but it too got disconnected while I was writing the New User letter.

    I recently setup Fail2Ban on my system to block the hack attempts on telnet.
    To get that to work I had to create a custom log file which was pretty
    easy with Sync since it's login script is written in JavaScript.

    It seems to me that the problem port is SSH. It gets hammered far more than Telnet and I don't run the BBS's SSH on it's standard port because of that.
    I share the correct port with any of my boards Users who wish to use it; surprisingly, there have been very few to use ssh over the years. I normally log into my bbs using telnet, but I do so through an ssh tunnel to keep my activities as sysop secure. Also, I have the standard ssh port (for shell access)firewalled with access limited to me.

    With 8 nodes running, one or two nodes sometimes get tied up for a few
    seconds by scripted multi-port scans but I have never noticed a complete
    denial of service from such scans. I have considered setting up fail2ban to block these scans too..but since they are quick and don't cause a DOS it
    hasn't been a priority. That said, I have seen a few, actually very few, intentional DDOS attacks on my BBS.. but with thorough logs to back up the claim, filing reports with the attackers service provider has been effective. While the attacks sometimes come from hacked machines, reporting them, and following up on the report, can lead to the hacked machine getting cleaned
    up at least.

    Just my 2 cents,

    Fat Rastus

    --- Mystic BBS v1.12 A30 (Linux)
    * Origin: CombatNet Support BBS (46:1/107.2)