I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore! Anyone have a good comprehensive list they might send me?
Help! :)
Sniper
Sniper
Killed In Action BBS, telnet://kiabbs.org
So, its been a long time... My BBS has been running on auto-pilot. With daily observation, just not participating. ANyway, over the last few months, it seems that my IP address, host name, or something has been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't exist, but that doesn't seem to stop them). They try to brute force the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand! So today, I did a google search for a list of all the world domains. ANd I found a wiki listing them. So I dropped the list into the filter/hostname. I'm still getting attacked... but now its scrolling off the screen:
3/16 10:33:30p 1284 Telnet connection accepted from: 14.175.124.99 port 34238
3/16 10:33:30p 1284 Hostname: static.vnpt.vn
3/16 10:33:31p 1284 !CLIENT BLOCKED in host.can: static.vnpt.vn
So that list is helping, but, I could seriosuly use a "Silent" mode, like the IP block (Silence).
But that's only about 1/2 of the constant hammering I'm getting. The rest are "No Name":
3/16 10:42:50p Node 2 10:42p Thu Mar 16 2017 Node 2
3/16 10:42:50p Node 2 Telnet <no name> [45.114.83.11]
3/16 10:42:50p 1260 Telnet connection accepted from: 123.168.185.171 port 43422
3/16 10:42:50p Terminal Server connection reset by peer on send
3/16 10:40:33p Node 2 connection reset by peer on receive
3/16 10:40:33p Node 2 10:40p Thu Mar 16 2017 Node 2
3/16 10:40:33p Node 2 Telnet <no name> [27.54.54.208]
3/16 10:40:39p Node 2 thread terminated (1 node threads remain, 110 clients served)
Usually, you'll see them connect, then shortly after a second connect... the first one drops off then the second one starts sending commands:
3/16 10:21:30p Node 1 Unknown User 'Root'
3/16 10:21:31p Node 1 Unknown User 'Nable'
3/16 10:21:31p Node 1 Unknown User 'Ystem'
3/16 10:21:32p Node 1 Unknown User 'Bin/busybox Mirai'
3/16 10:21:34p Node 1 socket closed by peer on input
I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore! Anyone have a good comprehensive list they might send me?
Help! :)
Sniper wrote to All on 03-16-17 22:53 <=-
So, its been a long time... My BBS has been running on auto-pilot.
With daily observation, just not participating. ANyway, over the last
few months, it seems that my IP address, host name, or something has
been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't
exist, but that doesn't seem to stop them). They try to brute force
the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them
by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand! So today, I did a google search for a list of all the world domains. ANd I found a wiki listing them. So I dropped the list into the filter/hostname. I'm still getting attacked... but now its
scrolling off the screen:
3/16 10:33:30p 1284 Telnet connection accepted from: 14.175.124.99 port 34238
3/16 10:33:30p 1284 Hostname: static.vnpt.vn
3/16 10:33:31p 1284 !CLIENT BLOCKED in host.can: static.vnpt.vn
So that list is helping, but, I could seriosuly use a "Silent" mode,
like the IP block (Silence).
But that's only about 1/2 of the constant hammering I'm getting. The
rest are "No Name":
3/16 10:42:50p Node 2 10:42p Thu Mar 16 2017 Node 2
3/16 10:42:50p Node 2 Telnet <no name> [45.114.83.11]
3/16 10:42:50p 1260 Telnet connection accepted from:
123.168.185.171 port 43422
3/16 10:42:50p Terminal Server connection reset by peer on send
3/16 10:40:33p Node 2 connection reset by peer on receive
3/16 10:40:33p Node 2 10:40p Thu Mar 16 2017 Node 2
3/16 10:40:33p Node 2 Telnet <no name> [27.54.54.208]
3/16 10:40:39p Node 2 thread terminated (1 node threads remain, 110 clients served)
Usually, you'll see them connect, then shortly after a second
connect... the first one drops off then the second one starts sending commands:
3/16 10:21:30p Node 1 Unknown User 'Root'
3/16 10:21:31p Node 1 Unknown User 'Nable'
3/16 10:21:31p Node 1 Unknown User 'Ystem'
3/16 10:21:32p Node 1 Unknown User 'Bin/busybox Mirai'
3/16 10:21:34p Node 1 socket closed by peer on input
I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore!
Anyone have a good comprehensive list they might send me?
Anyone have a good comprehensive list they might send me?
Help! :)
if your running the 3.17a (with the other *.js files) yes
So, its been a long time... My BBS has been running on auto-pilot. With daily observation, just not participating. ANyway, over the last few months, it seems that my IP address, host name, or something has been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't exist, but that doesn't seem to stop them). They try to brute force the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand!
Sniper wrote to All <=-
I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore!
Anyone have a good comprehensive list they might send me?
Help! :)
Sniper
Sniper
Killed In Action BBS, telnet://kiabbs.org
---
þ Synchronet þ Killed In Action BBS - kiabbs.org
Re: Getting hammered!
By: Sniper to All on Thu Mar 16 2017 10:53 pm
So, its been a long time... My BBS has been running on auto-pilot. With daily observation, just not participating. ANyway, over the last few months, it seems that my IP address, host name, or something has been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't exist, but that doesn't seem to stop them). They try to brute force the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand!
Read this: http://wiki.synchro.net/howto:block-hackers
digital man
Synchronet/BBS Terminology Definition #16:
DOVE = Domain/Vertrauen
Norco, CA WX: 80.7øF, 37.0% humidity, 10 mph ESE wind, 0.00 inches rain/24hrs
So, its been a long time... My BBS has been running on auto-pilot. With daily observation, just not participating. ANyway, over the last few months, it seems that my IP address, host name, or something has been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't exist, but that doesn't seem to stop them). They try to brute force the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand! So today, I did a google search for a list of all the world domains. ANd I found a wiki listing them. So I dropped the list into the filter/hostname. I'm still getting attacked... but now its scrolling off the screen:
3/16 10:33:30p 1284 Telnet connection accepted from: 14.175.124.99 port 34238
3/16 10:33:30p 1284 Hostname: static.vnpt.vn
3/16 10:33:31p 1284 !CLIENT BLOCKED in host.can: static.vnpt.vn
So that list is helping, but, I could seriosuly use a "Silent" mode, like the IP block (Silence).
But that's only about 1/2 of the constant hammering I'm getting. The rest are "No Name":
3/16 10:42:50p Node 2 10:42p Thu Mar 16 2017 Node 2
3/16 10:42:50p Node 2 Telnet <no name> [45.114.83.11]
3/16 10:42:50p 1260 Telnet connection accepted from: 123.168.185.171 port 43422
3/16 10:42:50p Terminal Server connection reset by peer on send
3/16 10:40:33p Node 2 connection reset by peer on receive
3/16 10:40:33p Node 2 10:40p Thu Mar 16 2017 Node 2
3/16 10:40:33p Node 2 Telnet <no name> [27.54.54.208]
3/16 10:40:39p Node 2 thread terminated (1 node threads remain, 110 clients served)
Usually, you'll see them connect, then shortly after a second connect... the first one drops off then the second one starts sending commands:
3/16 10:21:30p Node 1 Unknown User 'Root'
3/16 10:21:31p Node 1 Unknown User 'Nable'
3/16 10:21:31p Node 1 Unknown User 'Ystem'
3/16 10:21:32p Node 1 Unknown User 'Bin/busybox Mirai'
3/16 10:21:34p Node 1 socket closed by peer on input
I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore! Anyone have a good comprehensive list they might send me?
Help! :)
if your running the 3.17a (with the other *.js files) yes
Sniper wrote to All on 03-16-17 22:53 <=-
So, its been a long time... My BBS has been running on auto-pilot. With daily observation, just not participating. ANyway, over the last few months, it seems that my IP address, host name, or something has been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't exist, but that doesn't seem to stop them). They try to brute force the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand! So today, I did a google search for a list of all the world domains. ANd I found a wiki listing them. So I dropped the list into the filter/hostname. I'm still getting attacked... but now its scrolling off the screen:
3/16 10:33:30p 1284 Telnet connection accepted from: 14.175.124.99 port 34238
3/16 10:33:30p 1284 Hostname: static.vnpt.vn
3/16 10:33:31p 1284 !CLIENT BLOCKED in host.can: static.vnpt.vn
So that list is helping, but, I could seriosuly use a "Silent" mode, like the IP block (Silence).
But that's only about 1/2 of the constant hammering I'm getting. The rest are "No Name":
3/16 10:42:50p Node 2 10:42p Thu Mar 16 2017 Node 2
3/16 10:42:50p Node 2 Telnet <no name> [45.114.83.11]
3/16 10:42:50p 1260 Telnet connection accepted from: 123.168.185.171 port 43422
3/16 10:42:50p Terminal Server connection reset by peer on send
3/16 10:40:33p Node 2 connection reset by peer on receive
3/16 10:40:33p Node 2 10:40p Thu Mar 16 2017 Node 2
3/16 10:40:33p Node 2 Telnet <no name> [27.54.54.208]
3/16 10:40:39p Node 2 thread terminated (1 node threads remain, 110 clients served)
Usually, you'll see them connect, then shortly after a second connect... the first one drops off then the second one starts sending commands:
3/16 10:21:30p Node 1 Unknown User 'Root'
3/16 10:21:31p Node 1 Unknown User 'Nable'
3/16 10:21:31p Node 1 Unknown User 'Ystem'
3/16 10:21:32p Node 1 Unknown User 'Bin/busybox Mirai'
3/16 10:21:34p Node 1 socket closed by peer on input
I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore! Anyone have a good comprehensive list they might send me?
Why not add those user names to your name.can file in the ../sbbs/text folder and adjust your LoginAttemptTempBanDuration in sbbs.ini to 20 or 30 minutes.
Also think about getting 'PeerBlock' if you can't work with your router in banning said IP's.
--
Bill
Telnet: tequilamockingbirdonline.net
Web: bbs.tequilamockingbirdonline.net:81
FTP: ftp.tequilamockingbirdonline.net:2121
IRC: irc.tequilamockingbirdonline.net Ports: 6661-6670 SSL: +6697
Radio: radio.tequilamockingbirdonline.net:8010/live
... Look Twice... Save a Life!!! Motorcycles are Everywhere!!!I put all the names they are using in the name.can but that doesn't seem to be working. Enable, Guest, Root, Aldo and all lower case for them as well... they still are showing up...
Re: Re: Getting hammered!
By: Lord Time to Sniper on Fri Mar 17 2017 10:19 am
Anyone have a good comprehensive list they might send me?
Help! :)
if your running the 3.17a (with the other *.js files) yes
Same here. If you have been on autopilot for a while then you probably have'nt updated to the latest and greatest which includes some nice auto ip blocking, etc. BTW, nice to see you around, have'nt talked to you since the Warzone BBS days.
Take Care
--
Tim Smith (KK4QBN)
KK4QBN BBS
Sysop: | Gate Keeper |
---|---|
Location: | Shelby, NC |
Users: | 750 |
Nodes: | 20 (0 / 20) |
Uptime: | 04:55:10 |
Calls: | 10,873 |
Calls today: | 7 |
Files: | 5,288 |
D/L today: |
1 files (36K bytes) |
Messages: | 510,715 |