Subj : Block admin and root access attempts
To   : nightcrawler
From : Digital Man
Date : Tue Oct 28 2014 05:37 pm

  Re: Block admin and root access attempts
  By: nightcrawler to Digital Man on Tue Oct 28 2014 09:04 pm

 >   Re: Block admin and root access attempts
 >   By: Digital Man to nightcrawler on Mon Oct 27 2014 04:38 pm
 >
 >  DM>  Re: Block admin and root access attempts
 >  DM>  By: nightcrawler to All on Sat Oct 25 2014 12:08 am
 >
 >  >> Hey guys.
 >
 >  >> Can someone tell me something I can add to my login script that will
 >  >> automatically add Ip's to the IP.can file that try to log in as root
 >  >> or admin. It is becoming a full time job adding all the hack attempt
 >  >> IP's manually. There was some discussion on the Facebook group about
 >  >> this, but wasn't given a definitive answer. Also, I figured it would
 >  >> be more helpful to other Sysops if it was asked and answered on here.
 >
 >  DM> There's an auto-filtering capability built-into Synchronet. See
 >  DM> "LoginAttemptFilterThreshold" at
 >  DM> http://wiki.synchro.net/config:sbbs.ini for details.
 >
 >  DM>  digital man
 >
 > Thanks.
 >
 > I set the LoginAttemptFilterThreshold to 3, but doesn't seem to be having
 > any effect.I've noticed a dozen or more attempts from an IP and it isn't
 > being added to the ip.can. Do you have any idea what I am doing wrong?
 >
 > This is what I have:
 >
 > LoginAttemptDelay=5000
 > LoginAttemptThrottle=1000
 > LoginAttemptHackThreshold=3
 > LoginAttemptFilterThreshold=3

That looks fine. Are you getting entries in your data/hack.log for these 3+ consecutive login failures from the same IP?

The failed login attempts have to be from the same IP address and consecutive without the BBS being restarted/recycled.

                                            digital man

Synchronet "Real Fact" #24:
The Digital Dynamics company ceased day-to-day opperations in late 1995.
Norco, CA WX: 77.0øF, 48.0% humidity, 6 mph SE wind, 0.00 inches rain/24hrs

.