So I guess I am an isolationist, I blocked almost all countries in the badcountry.txt file. I just looked at a 24hr stat and I have gotten close to 5,000 blocked connections. anyone else get this kind of port 23 traffic?

|11ú|03-|09Ä|01Ä· |15K|07¡|08dd |01ÖÄÄ|09ú-|03ú |11ú
|01Ó |15W|07¡ck|08ed |01Ó

--- Mystic BBS v1.12 A69 (Android)
* Origin: SH 2.0 (21:1/169)

close to 5,000 blocked connections. anyone else get this kind of port 23 traffic?

Hello Kidd,

it is a week now, I'm under HEAVY FIRE - multiple attempts, and I'm not the only one, I guess - is that telnet worm/virus doing other damage around? Or these attempts are made by scanning bots?

¯¯ÅndçŒd Cíld®®

"What do you look like?"
"It depends on who is looking."

--- Mystic BBS v1.12 A31 (Raspberry Pi)
* Origin: Miskatonic BBS | telnet://rasppi.servebbs.org (21:1/165)

On 09/20/16, Kidd Wicked said the following...

So I guess I am an isolationist, I blocked almost all countries in the badcountry.txt file. I just looked at a 24hr stat and I have gotten
close to 5,000 blocked connections. anyone else get this kind of port 23 traffic?

Most of us actually, there was a badip.txt sent out I think from mprah while back that helped with some of that.

--- Mystic BBS v1.12 A31 (Linux)
* Origin: Twinkle BBS (21:1/126)

On 09/20/16, Kidd Wicked said the following...

So I guess I am an isolationist, I blocked almost all countries in the badcountry.txt file. I just looked at a 24hr stat and I have gotten
close to 5,000 blocked connections. anyone else get this kind of port 23

4,563 here in my badip.txt, not using badcountry currently.

-=>Richard Miles<=-
-=>Captain Obvious<=-
-=>bbs.shadowscope.com<=-

--- Mystic BBS v1.12 A31 (Windows)
* Origin: Shadowscope BBS | bbs.shadowscope.com | Temple, GA (21:1/157)

On 09/20/16, Indrid Cold said the following...

close to 5,000 blocked connections. anyone else get this kind of port traffic?

it is a week now, I'm under HEAVY FIRE - multiple attempts, and I'm not the only one, I guess - is that telnet worm/virus doing other damage around? Or these attempts are made by scanning bots?

There is about 15 countries hammering me. I just save the telnet log files then one day, when I am bored, I will snoop around and find out more on them.

|11ú|03-|09Ä|01Ä· |15K|07¡|08dd |01ÖÄÄ|09ú-|03ú |11ú
|01Ó |15W|07¡ck|08ed |01Ó

--- Mystic BBS v1.12 A69 (Android)
* Origin: SH 2.0 (21:1/169)

On 09/20/16, Kidd Wicked pondered and said...

So I guess I am an isolationist, I blocked almost all countries in the

I'm almost the reverse, there are very few blocked and auto ban does the
heavy lifting based on whichever IP and country is being naughty.

Best, Paul

--- Mystic BBS v1.12 A31 (Windows)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (21:1/101)

On 09/20/16, Captain Obvious said the following...

4,563 here in my badip.txt, not using badcountry currently.

My badip isnt that big. The bad country works good. Like why would I have china open or brazil. Those are 2 big offenders. Russia and korea hit me a
lot also..

|11ú|03-|09Ä|01Ä· |15K|07¡|08dd |01ÖÄÄ|09ú-|03ú |11ú
|01Ó |15W|07¡ck|08ed |01Ó

--- Mystic BBS v1.12 A69 (Android)
* Origin: SH 2.0 (21:1/169)

On 09/21/16, Avon said the following...

On 09/20/16, Kidd Wicked pondered and said...

So I guess I am an isolationist, I blocked almost all countries in

I'm almost the reverse, there are very few blocked and auto ban does the heavy lifting based on whichever IP and country is being naughty.

I dont get a lot of worldly foot traffic. Barely any locally. But if
someone would make a good phone app for mystic we would pick up. the nntp and fido apps for andriod arent up to snuff..

|11ú|03-|09Ä|01Ä· |15K|07¡|08dd |01ÖÄÄ|09ú-|03ú |11ú
|01Ó |15W|07¡ck|08ed |01Ó

--- Mystic BBS v1.12 A69 (Android)
* Origin: SH 2.0 (21:1/169)

My badip isnt that big. The bad country works good. Like why would I have china open or brazil. Those are 2 big offenders. Russia and korea
hit me a lot also..

I actually wrote a script to parse out the badip list by country of origin
and then sorted it so that it showed the list of countries sorted by the one hitting the most. I ended up blocking China, Vietnam, N Korea and India.
That had a dramatic impact on the number of telnet ports being occupied by intrusion attepts.

--
Karl
The Search BBS

--- Mystic BBS v1.12 A31 (Raspberry Pi)
* Origin: The Search BBS (21:1/161)

--
Karl
The Search BBS

--- Mystic BBS v1.12 A31 (Raspberry Pi)
* Origin: The Search BBS (21:1/161)

someone would make a good phone app for mystic we would pick up. the
nntp and fido apps for andriod arent up to snuff..

I started trying to make a theme that was 40 characters wide so it would fit better on my phone with ConnectBot - I have not gotten very far though.

--
Karl
The Search BBS

--- Mystic BBS v1.12 A31 (Raspberry Pi)
* Origin: The Search BBS (21:1/161)

On 09/20/16, Indrid Cold said the following...

it is a week now, I'm under HEAVY FIRE - multiple attempts, and I'm not the only one, I guess - is that telnet worm/virus doing other damage around? Or these attempts are made by scanning bots?
¯¯ÅndçŒd Cíld®®
--- Mystic BBS v1.12 A31 (Raspberry Pi)
* Origin: Miskatonic BBS | telnet://rasppi.servebbs.org (21:1/165)

224730 attempts since Aug 29 at noon for me. They've been heavy since June
when schools here let out. They're at it all the time - it can take a couple
of minutes to logon from outside at times. I run 8 nodes and they fill them
all from time to time, but most of the time there are some open. I do suspect the router bots. Every so often someone changes the script they run against
me making it tie things up a little more. Sometimes I add some of the newer stuff to trashcan.dat to knock them off quicker. It's nethack for real and
I'm playing sysop ;)

--- Mystic BBS v1.12 A31 (Raspberry Pi)
* Origin: Mystic Pi BBS bcw142.zapto.org (21:1/145)

I dont get a lot of worldly foot traffic. Barely any locally. But if someone would make a good phone app for mystic we would pick up. the
nntp and fido apps for andriod arent up to snuff..

You must have a much larger phone than me. I can't imagine trying to use my phone to log in a BBS. The screen is not large enough and typing on the
screen drives me nuts.

Maybe I just need a more current phone.

- Mark

--- Mystic BBS v1.12 A31 (Windows)
* Origin: Weather Station BBS * Bel Air, MD -USA (21:1/170)

Avon wrote to Kidd Wicked <=-

I'm almost the reverse, there are very few blocked and auto ban does
the heavy lifting based on whichever IP and country is being naughty.

I don't use country blocking either, just auto blocking. 7356 in my blacklist.txt now. :-)


... "Farfrompoopin'" - German word for constipation.
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (21:1/109)

Quoting Avon to Kidd Wicked <=-

I'm almost the reverse, there are very few blocked and auto ban does
the heavy lifting based on whichever IP and country is being naughty.

This is what I do as well. I also nightly run unix2dos on the file and
copy it to the windows box for net2bbs to have as well. ;) Even though that board runs on another port I figure to hell with them.

Shawn

... You call a plasma grenade a WARNING?

--- EzyBlueWave V3.00 01FB001F
* Origin: Tiny's BBS - www.tinysbbs.com (21:1/130)

On 09/20/16, karl said the following...

someone would make a good phone app for mystic we would pick up. the nntp and fido apps for andriod arent up to snuff..

I started trying to make a theme that was 40 characters wide so it would fit better on my phone with ConnectBot - I have not gotten very far though.

I did not think about going that route. good idea,,

|11ú|03-|09Ä|01Ä· |15K|07¡|08dd |01ÖÄÄ|09ú-|03ú |11ú
|01Ó |15W|07¡ck|08ed |01Ó

--- Mystic BBS v1.12 A69 (Android)
* Origin: SH 2.0 (21:1/169)

I actually wrote a script to parse out the badip list by country of
origin and then sorted it so that it showed the list of countries sorted by the one hitting the most. I ended up blocking China, Vietnam, N
Korea and India. That had a dramatic impact on the number of telnet
ports being occupied by intrusion attepts.

I've done something like that, with BASH scripting... thinking about taking extreme countermeasures, always under heavy fire here...

¯¯ÅndçŒd Cíld®®

"What do you look like?"
"It depends on who is looking."

--- Mystic BBS v1.12 A31 (Raspberry Pi)
* Origin: Miskatonic BBS | telnet://rasppi.servebbs.org (21:1/165)

I've done something like that, with BASH scripting... thinking about taking extreme countermeasures, always under heavy fire here...

I agree, it stinks when I watch nodespy and 4 or 5 out of 8 telnet
connections are taken by bad guys. Although I wish I did not have to do it, changing telnet from port 23 to another port would prevent a majority of the automated/bot attempts. Another option, I have thought about is to use ssh
(I currently do not have that mis server configured) either in addition or to replace the telnet server. I just wish that the ssh server could
authenticate with ssh public keys - I heard that this is not possible currently.

--
Karl
The Search BBS

--- Mystic BBS v1.12 A31 (Raspberry Pi)
* Origin: The Search BBS (21:1/161)

it, changing telnet from port 23 to another port would prevent a
majority of the automated/bot attempts. Another option, I have thought

When I just launched my BBS the other day, I saw all 19 of 20 ports busy by hackers, even after blocking China. So, port 2023 it is for me :) 2-3 nodes
are at most in use by someone trying something funky now.

-- Peconi
// Pattycake Mafia BBS SysOp
// bbs.pattycakemafia.com:2023 fsxNet/21:1/172

--- Mystic BBS v1.12 A31 (Linux)
* Origin: Pattycake Mafia BBS (21:1/172)

by the one hitting the most. I ended up blocking China, Vietnam, N
Korea and India. That had a dramatic impact on the number of telnet

Ditto, I blocked 11 countries (so far) including the ones you mentioned, the telnet attempts are now a fraction of what they were.

Cheers
J

--- Mystic BBS v1.12 A31 (Raspberry Pi)
* Origin: The Gatehouse BBS (bbs.digitaglatehouse.com) (21:1/159)