Subj : Block admin and root access attempts
To   : nightcrawler
From : Digital Man
Date : Tue Oct 28 2014 10:33 pm

  Re: Block admin and root access attempts
  By: nightcrawler to Digital Man on Tue Oct 28 2014 11:41 pm

 >   Re: Block admin and root access attempts
 >   By: Digital Man to nightcrawler on Tue Oct 28 2014 05:37 pm
 >
 >  DM> That looks fine. Are you getting entries in your data/hack.log for
 >  DM> these 3+ consecutive login failures from the same IP?
 >
 > No there doesn't appear to be any.

What protocol are they attacking with?

 >  DM> The failed login attempts have to be from the same IP address and
 >  DM> consecutive without the BBS being restarted/recycled.
 >
 > So do you mean consecutive as in the calls have to be concurrent, or can
 > they be staggerd throughout the day?

They can be staggered throughout days/weeks/whatever, so long as the server 
(the BBS) is not recycled or restarted during that time.

If you're using the Synchronet Control Panel (for Windows), you can view the 
failed login attempts with the View->Login Attempts menu option. It'll show you 
which login attempts from what IPs using what protocols with what username and 
password, etc. This list is cleared when the control panel is restarted. The 
"Unique" column shows the number that is compared against the thresholds we 
discussed for logging in the hack.log and filtering via ip.can.

If you're using 'sbbs', the console program (e.g. for Linux) instead, then the 
'a' command from the console prompt ("[Threads: x  Sockets: x  Clients: x 
Served: x Errors: x] (?=Help):" will show the same information (list of failed 
login attempts). This list is cleared when the sbbs program is restated.

                                            digital man

Synchronet "Real Fact" #57:
The last version of Synchronet to run on MS-DOS and OS/2 was v2.30c (1999).
Norco, CA WX: 66.6øF, 73.0% humidity, 0 mph NW wind, 0.00 inches rain/24hrs

.