Subj : Automatically blocking co
To   : Dumas Walker
From : fluid
Date : Wed Jun 05 2024 03:34 pm

  Re: Automatically blocking co
  By: Dumas Walker to DIGITAL MAN on Tue Jun 04 2024 09:34 am

 > I ran into issues (with 3.19 and before, anyway) where people or bots were
 > hitting the telnet port rapidly and apparently not trying to log in, which
 > meant they were not being throttled.

 > It would eventually "crash" telnet.  I would have expected it to take down
 > the whole terminal server but SSH would still be working.  I would only
 > find out about it when a user complained that the BBS was down.  A recycle
 > of sbbs would fix it.

I did not have this issue specifically, but I had an issue where running telnet on port 23 led to me being unable to connect to my own system while no real users were connected multiple times over the past 3 days.

My solution was the old-school "press escape twice to enter the system" prompt that times out in 15 seconds. I keep track of people that hit that screen. I check for connections for each IP and then see how many times they have connected in the past ten minutes. Anything older than ten minutes gets deleted. If they fail that screen 20 times in ten minutes they get added to ip.can and are effectively banned.

I realize the amount of bots and scripts running these scans is basically endless...but it is keeping nodes freed up about as well as I expected. About half the nodes are occupied by bots, and I have not been blocked yet. So far manual checks of all of the IP addresses in the ip.can file are all Lithuania, Turkey, China, and Russia... The code is a bit messy (I have not really coded for several years)...but so far I am pleased with it.

---
 þ Synchronet þ crisis/line úù [ crisisbbs.net ]

.