• Getting hammered!

    From Sniper@DIGDIST/BATTLEST/FREEWAY to All on Thursday, March 16, 2017 22:53:00
    So, its been a long time... My BBS has been running on auto-pilot. With
    daily observation, just not participating. ANyway, over the last few months, it seems that my IP address, host name, or something has been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't exist, but that doesn't seem to stop them). They try to brute force the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand! So today, I did a google search for a list of all the world domains. ANd I found a wiki listing them. So I dropped the list into the filter/hostname. I'm still getting attacked... but now its scrolling off the screen:

    3/16 10:33:30p 1284 Telnet connection accepted from: 14.175.124.99 port 34238
    3/16 10:33:30p 1284 Hostname: static.vnpt.vn
    3/16 10:33:31p 1284 !CLIENT BLOCKED in host.can: static.vnpt.vn

    So that list is helping, but, I could seriosuly use a "Silent" mode, like the IP block (Silence).

    But that's only about 1/2 of the constant hammering I'm getting. The rest are "No Name":

    3/16 10:42:50p Node 2 10:42p Thu Mar 16 2017 Node 2
    3/16 10:42:50p Node 2 Telnet <no name> [45.114.83.11]
    3/16 10:42:50p 1260 Telnet connection accepted from: 123.168.185.171 port 43422
    3/16 10:42:50p Terminal Server connection reset by peer on send

    3/16 10:40:33p Node 2 connection reset by peer on receive
    3/16 10:40:33p Node 2 10:40p Thu Mar 16 2017 Node 2
    3/16 10:40:33p Node 2 Telnet <no name> [27.54.54.208]
    3/16 10:40:39p Node 2 thread terminated (1 node threads remain, 110 clients served)

    Usually, you'll see them connect, then shortly after a second connect... the first one drops off then the second one starts sending commands:

    3/16 10:21:30p Node 1 Unknown User 'Root'
    3/16 10:21:31p Node 1 Unknown User 'Nable'
    3/16 10:21:31p Node 1 Unknown User 'Ystem'
    3/16 10:21:32p Node 1 Unknown User 'Bin/busybox Mirai'
    3/16 10:21:34p Node 1 socket closed by peer on input

    I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore! Anyone have a good comprehensive list they might send me?

    Help! :)

    Sniper

    Sniper

    Killed In Action BBS, telnet://kiabbs.org

    ---
    þ Synchronet þ Killed In Action BBS - kiabbs.org
  • From Ennev@DIGDIST/BATTLEST/FREEWAY to Sniper on Friday, March 17, 2017 14:03:00

    I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore! Anyone have a good comprehensive list they might send me?

    Help! :)

    Sniper

    Sniper

    Killed In Action BBS, telnet://kiabbs.org

    you should see my logs :-) the problem is hacker will hack, some of them will scanport every ip addresses that they will get a ping back from, hopping to
    get a big honeypot of unsecured valuable data. So when they'll find a open telnet, ssh, rpc port they'll try it. And what you see in your log was automated, it would just had notify the hacker if it found a system it could got it and they do. Just put a machine up somewhere and don't even mention on
    a board that it exist you'll endup getting traffic anyway.

    I think there is little we can do except to block all the ports we can, don't use common usernames and passwords.

    We are in an era of the IOT (internet of things) and not the SIOT, now even a connected light bulb can be hacked and be controlled by a botnet. So blocking ip is a lost battle.

    So keeping our os up to date with all the security patches and by not opening ports that don't need to be and backup regularly is the best defence.

    The main problem is that we have chosen to open a service to the public.

    I knew of a few lists but they are more focused on crawlers and slurpers on http websites.

    Maybe somebody will bring a more positive light that I did.

    ---
    þ Synchronet þ MtlGeek - Geeks in Montreal - http://mtlgeek.com/ -
  • From Lord Time@DIGDIST/BATTLEST/FREEWAY to Sniper on Friday, March 17, 2017 10:19:00
    So, its been a long time... My BBS has been running on auto-pilot. With daily observation, just not participating. ANyway, over the last few months, it seems that my IP address, host name, or something has been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't exist, but that doesn't seem to stop them). They try to brute force the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand! So today, I did a google search for a list of all the world domains. ANd I found a wiki listing them. So I dropped the list into the filter/hostname. I'm still getting attacked... but now its scrolling off the screen:

    3/16 10:33:30p 1284 Telnet connection accepted from: 14.175.124.99 port 34238
    3/16 10:33:30p 1284 Hostname: static.vnpt.vn
    3/16 10:33:31p 1284 !CLIENT BLOCKED in host.can: static.vnpt.vn

    So that list is helping, but, I could seriosuly use a "Silent" mode, like the IP block (Silence).

    But that's only about 1/2 of the constant hammering I'm getting. The rest are "No Name":

    3/16 10:42:50p Node 2 10:42p Thu Mar 16 2017 Node 2
    3/16 10:42:50p Node 2 Telnet <no name> [45.114.83.11]
    3/16 10:42:50p 1260 Telnet connection accepted from: 123.168.185.171 port 43422
    3/16 10:42:50p Terminal Server connection reset by peer on send

    3/16 10:40:33p Node 2 connection reset by peer on receive
    3/16 10:40:33p Node 2 10:40p Thu Mar 16 2017 Node 2
    3/16 10:40:33p Node 2 Telnet <no name> [27.54.54.208]
    3/16 10:40:39p Node 2 thread terminated (1 node threads remain, 110 clients served)

    Usually, you'll see them connect, then shortly after a second connect... the first one drops off then the second one starts sending commands:

    3/16 10:21:30p Node 1 Unknown User 'Root'
    3/16 10:21:31p Node 1 Unknown User 'Nable'
    3/16 10:21:31p Node 1 Unknown User 'Ystem'
    3/16 10:21:32p Node 1 Unknown User 'Bin/busybox Mirai'
    3/16 10:21:34p Node 1 socket closed by peer on input

    I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore! Anyone have a good comprehensive list they might send me?

    Help! :)

    if your running the 3.17a (with the other *.js files) yes


    ---

    Rob Starr
    Lord Time SysOp of
    Time Warp of the Future BBS
    Telnet://Time.Darktech.Org:24 or
    Telnet://Time.Synchro.Net:24 (qwk or ftn & e-mail)
    ICQ # 11868133 or # 70398519 Jabber : lordtime2000@gmail.com
    Yahoo : lordtime2000 AIM : LordTime20000 Astra : lord_time
    X-Box : Lord Time 2000 oovoo : lordtime2000 Skype : lordtime@tds.net
    ---
    þ Synchronet þ Time Warp of the Future BBS - Home of League 10 IBBS Games
  • From Bill McGarrity@DIGDIST/BATTLEST/FREEWAY to Sniper on Friday, March 17, 2017 17:44:00
    Sniper wrote to All on 03-16-17 22:53 <=-

    So, its been a long time... My BBS has been running on auto-pilot.
    With daily observation, just not participating. ANyway, over the last
    few months, it seems that my IP address, host name, or something has
    been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't
    exist, but that doesn't seem to stop them). They try to brute force
    the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them
    by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand! So today, I did a google search for a list of all the world domains. ANd I found a wiki listing them. So I dropped the list into the filter/hostname. I'm still getting attacked... but now its
    scrolling off the screen:

    3/16 10:33:30p 1284 Telnet connection accepted from: 14.175.124.99 port 34238
    3/16 10:33:30p 1284 Hostname: static.vnpt.vn
    3/16 10:33:31p 1284 !CLIENT BLOCKED in host.can: static.vnpt.vn

    So that list is helping, but, I could seriosuly use a "Silent" mode,
    like the IP block (Silence).

    But that's only about 1/2 of the constant hammering I'm getting. The
    rest are "No Name":

    3/16 10:42:50p Node 2 10:42p Thu Mar 16 2017 Node 2
    3/16 10:42:50p Node 2 Telnet <no name> [45.114.83.11]
    3/16 10:42:50p 1260 Telnet connection accepted from:
    123.168.185.171 port 43422
    3/16 10:42:50p Terminal Server connection reset by peer on send

    3/16 10:40:33p Node 2 connection reset by peer on receive
    3/16 10:40:33p Node 2 10:40p Thu Mar 16 2017 Node 2
    3/16 10:40:33p Node 2 Telnet <no name> [27.54.54.208]
    3/16 10:40:39p Node 2 thread terminated (1 node threads remain, 110 clients served)

    Usually, you'll see them connect, then shortly after a second
    connect... the first one drops off then the second one starts sending commands:

    3/16 10:21:30p Node 1 Unknown User 'Root'
    3/16 10:21:31p Node 1 Unknown User 'Nable'
    3/16 10:21:31p Node 1 Unknown User 'Ystem'
    3/16 10:21:32p Node 1 Unknown User 'Bin/busybox Mirai'
    3/16 10:21:34p Node 1 socket closed by peer on input

    I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore!
    Anyone have a good comprehensive list they might send me?

    Why not add those user names to your name.can file in the ../sbbs/text folder and adjust your LoginAttemptTempBanDuration in sbbs.ini to 20 or 30 minutes.

    Also think about getting 'PeerBlock' if you can't work with your router in banning said IP's.


    --

    Bill

    Telnet: tequilamockingbirdonline.net
    Web: bbs.tequilamockingbirdonline.net:81
    FTP: ftp.tequilamockingbirdonline.net:2121
    IRC: irc.tequilamockingbirdonline.net Ports: 6661-6670 SSL: +6697
    Radio: radio.tequilamockingbirdonline.net:8010/live


    ... Look Twice... Save a Life!!! Motorcycles are Everywhere!!!
    --- MultiMail/Win32 v0.50
    þ Synchronet þ TequilaMockingbird Online - Toms River, NJ
  • From KK4QBN@DIGDIST/BATTLEST/FREEWAY to Sniper on Friday, March 17, 2017 18:46:00
    Re: Re: Getting hammered!
    By: Lord Time to Sniper on Fri Mar 17 2017 10:19 am

    Anyone have a good comprehensive list they might send me?

    Help! :)

    if your running the 3.17a (with the other *.js files) yes

    Same here. If you have been on autopilot for a while then you probably have'nt updated to the latest and greatest which includes some nice auto ip blocking, etc. BTW, nice to see you around, have'nt talked to you since the Warzone BBS days.

    Take Care

    --

    Tim Smith (KK4QBN)
    KK4QBN BBS

    ---
    þ Synchronet þ KK4QBN + (706)-422-9538 + kk4qbn.synchro.net + 24/7/365
  • From Digital Man@DIGDIST/BATTLEST/FREEWAY to Sniper on Friday, March 17, 2017 16:35:00
    Re: Getting hammered!
    By: Sniper to All on Thu Mar 16 2017 10:53 pm

    So, its been a long time... My BBS has been running on auto-pilot. With daily observation, just not participating. ANyway, over the last few months, it seems that my IP address, host name, or something has been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't exist, but that doesn't seem to stop them). They try to brute force the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand!

    Read this: http://wiki.synchro.net/howto:block-hackers

    digital man

    Synchronet/BBS Terminology Definition #16:
    DOVE = Domain/Vertrauen
    Norco, CA WX: 80.7øF, 37.0% humidity, 10 mph ESE wind, 0.00 inches rain/24hrs

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From thumper@DIGDIST/BATTLEST/FREEWAY to Sniper on Friday, March 17, 2017 13:00:00
    Sniper wrote to All <=-

    I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore!
    Anyone have a good comprehensive list they might send me?

    Help! :)

    Sniper

    Sniper

    Killed In Action BBS, telnet://kiabbs.org

    ---
    þ Synchronet þ Killed In Action BBS - kiabbs.org

    I'm having the same issue here at The Wastelands.... Been going on for a few years or so, but seems to be worse lately. Sometimes the same thing on all my Nodes, different addresses, even blocking normal logins at times. If you get it

    figured out, or something to help, let me know!

    Donald


    ... MultiMail, the new multi-platform, multi-format offline reader!
    --- MultiMail/Win32 v0.49
    þ Synchronet þ -=The Wastelands BBS=- wastelands-bbs.net -=Since 1990=-
  • From Sniper@DIGDIST/BATTLEST/FREEWAY to Digital Man on Friday, March 17, 2017 21:37:00
    Re: Getting hammered!
    By: Digital Man to Sniper on Fri Mar 17 2017 04:35 pm

    Re: Getting hammered!
    By: Sniper to All on Thu Mar 16 2017 10:53 pm

    So, its been a long time... My BBS has been running on auto-pilot. With daily observation, just not participating. ANyway, over the last few months, it seems that my IP address, host name, or something has been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't exist, but that doesn't seem to stop them). They try to brute force the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand!

    Read this: http://wiki.synchro.net/howto:block-hackers

    digital man

    Synchronet/BBS Terminology Definition #16:
    DOVE = Domain/Vertrauen
    Norco, CA WX: 80.7øF, 37.0% humidity, 10 mph ESE wind, 0.00 inches rain/24hrs


    Rob, as usual, you have the answer... I pushed it pretty high on the loginattemptdelay and loginattempthrottle. 10000 on each. Yes, they are still hitting, but its really slow... Awesome. So along with my .cn, .ru's in the host.can, this may have done the trick. They were filling up all my nodes and then attempting to force the passwords, and now... nothing... The way it was working, the connection would show up, and shortly after a second connection. The first would disconnect and the second would go start up the login process, and eventually go into the brute force attempt. Now, the first connection comes on, and it won't let the second connect, so the first quits and the second never starts. Awesome! :) Its stills scrolling off the screen pretty fast, but, none are completing. Someone can actually get in my BBS now! THey aren't filling up all the nodes!

    :)

    Sniper

    Killed In Action BBS, telnet://kiabbs.org

    ---
    þ Synchronet þ Killed In Action BBS - kiabbs.org
  • From Sniper@DIGDIST/BATTLEST/FREEWAY to Lord Time on Friday, March 17, 2017 21:40:00
    Re: Re: Getting hammered!
    By: Lord Time to Sniper on Fri Mar 17 2017 10:19 am

    So, its been a long time... My BBS has been running on auto-pilot. With daily observation, just not participating. ANyway, over the last few months, it seems that my IP address, host name, or something has been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't exist, but that doesn't seem to stop them). They try to brute force the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand! So today, I did a google search for a list of all the world domains. ANd I found a wiki listing them. So I dropped the list into the filter/hostname. I'm still getting attacked... but now its scrolling off the screen:

    3/16 10:33:30p 1284 Telnet connection accepted from: 14.175.124.99 port 34238
    3/16 10:33:30p 1284 Hostname: static.vnpt.vn
    3/16 10:33:31p 1284 !CLIENT BLOCKED in host.can: static.vnpt.vn

    So that list is helping, but, I could seriosuly use a "Silent" mode, like the IP block (Silence).

    But that's only about 1/2 of the constant hammering I'm getting. The rest are "No Name":

    3/16 10:42:50p Node 2 10:42p Thu Mar 16 2017 Node 2
    3/16 10:42:50p Node 2 Telnet <no name> [45.114.83.11]
    3/16 10:42:50p 1260 Telnet connection accepted from: 123.168.185.171 port 43422
    3/16 10:42:50p Terminal Server connection reset by peer on send

    3/16 10:40:33p Node 2 connection reset by peer on receive
    3/16 10:40:33p Node 2 10:40p Thu Mar 16 2017 Node 2
    3/16 10:40:33p Node 2 Telnet <no name> [27.54.54.208]
    3/16 10:40:39p Node 2 thread terminated (1 node threads remain, 110 clients served)

    Usually, you'll see them connect, then shortly after a second connect... the first one drops off then the second one starts sending commands:

    3/16 10:21:30p Node 1 Unknown User 'Root'
    3/16 10:21:31p Node 1 Unknown User 'Nable'
    3/16 10:21:31p Node 1 Unknown User 'Ystem'
    3/16 10:21:32p Node 1 Unknown User 'Bin/busybox Mirai'
    3/16 10:21:34p Node 1 socket closed by peer on input

    I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore! Anyone have a good comprehensive list they might send me?

    Help! :)

    if your running the 3.17a (with the other *.js files) yes



    Thanks for that info Lord Time. Sorry, I'm not a bleeding edge type person. Since I'm gone for extended periods, I need the stablest system I can do. :)


    Sniper

    Killed In Action BBS, telnet://kiabbs.org

    ---
    þ Synchronet þ Killed In Action BBS - kiabbs.org
  • From Sniper@DIGDIST/BATTLEST/FREEWAY to Bill McGarrity on Friday, March 17, 2017 21:51:00
    Re: Getting hammered!
    By: Bill McGarrity to Sniper on Fri Mar 17 2017 05:44 pm

    Sniper wrote to All on 03-16-17 22:53 <=-

    So, its been a long time... My BBS has been running on auto-pilot. With daily observation, just not participating. ANyway, over the last few months, it seems that my IP address, host name, or something has been given to the hackers of the world. My system is constantly being connected to and they are trying to log in with unknown users. I've checked on the system and 2 or 3 nodes are scrolling off the screen as someone is attempting to brute force the Guest account. (Doesn't exist, but that doesn't seem to stop them). They try to brute force the "root" and "admin" as well. The large majority of these are coming from oversees. .jp, .ru, .au, etc. So I was attempting to block them by IP, but, as soon as I block one, 50 more show up. Now all this is occuring on a little 18 meg Uverse setup. Its getting a little out of hand! So today, I did a google search for a list of all the world domains. ANd I found a wiki listing them. So I dropped the list into the filter/hostname. I'm still getting attacked... but now its scrolling off the screen:

    3/16 10:33:30p 1284 Telnet connection accepted from: 14.175.124.99 port 34238
    3/16 10:33:30p 1284 Hostname: static.vnpt.vn
    3/16 10:33:31p 1284 !CLIENT BLOCKED in host.can: static.vnpt.vn

    So that list is helping, but, I could seriosuly use a "Silent" mode, like the IP block (Silence).

    But that's only about 1/2 of the constant hammering I'm getting. The rest are "No Name":

    3/16 10:42:50p Node 2 10:42p Thu Mar 16 2017 Node 2
    3/16 10:42:50p Node 2 Telnet <no name> [45.114.83.11]
    3/16 10:42:50p 1260 Telnet connection accepted from: 123.168.185.171 port 43422
    3/16 10:42:50p Terminal Server connection reset by peer on send

    3/16 10:40:33p Node 2 connection reset by peer on receive
    3/16 10:40:33p Node 2 10:40p Thu Mar 16 2017 Node 2
    3/16 10:40:33p Node 2 Telnet <no name> [27.54.54.208]
    3/16 10:40:39p Node 2 thread terminated (1 node threads remain, 110 clients served)

    Usually, you'll see them connect, then shortly after a second connect... the first one drops off then the second one starts sending commands:

    3/16 10:21:30p Node 1 Unknown User 'Root'
    3/16 10:21:31p Node 1 Unknown User 'Nable'
    3/16 10:21:31p Node 1 Unknown User 'Ystem'
    3/16 10:21:32p Node 1 Unknown User 'Bin/busybox Mirai'
    3/16 10:21:34p Node 1 socket closed by peer on input

    I'm at my wits end over this. Can we enter IP's for entire domains? 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore! Anyone have a good comprehensive list they might send me?

    Why not add those user names to your name.can file in the ../sbbs/text folder and adjust your LoginAttemptTempBanDuration in sbbs.ini to 20 or 30 minutes.

    Also think about getting 'PeerBlock' if you can't work with your router in banning said IP's.


    --

    Bill

    Telnet: tequilamockingbirdonline.net
    Web: bbs.tequilamockingbirdonline.net:81
    FTP: ftp.tequilamockingbirdonline.net:2121
    IRC: irc.tequilamockingbirdonline.net Ports: 6661-6670 SSL: +6697
    Radio: radio.tequilamockingbirdonline.net:8010/live


    ... Look Twice... Save a Life!!! Motorcycles are Everywhere!!!
    I put all the names they are using in the name.can but that doesn't seem to be working. Enable, Guest, Root, Aldo and all lower case for them as well... they still are showing up...

    But the modification of the:

    BindRetryCount=1
    BindRetryDelay=90
    LoginAttemptDelay=10000
    LoginAttemptThrottle=10000
    LoginAttemptHackThreshold=100
    LoginAttemptFilterThreshold=1

    Seems to have done the trick. IN a few months if things calm down, and take some of these back to normal. Until then... this is working. :)
    Sniper

    Killed In Action BBS, telnet://kiabbs.org

    ---
    þ Synchronet þ Killed In Action BBS - kiabbs.org
  • From Sniper@DIGDIST/BATTLEST/FREEWAY to KK4QBN on Friday, March 17, 2017 21:54:00
    Re: Re: Getting hammered!
    By: KK4QBN to Sniper on Fri Mar 17 2017 06:46 pm

    Re: Re: Getting hammered!
    By: Lord Time to Sniper on Fri Mar 17 2017 10:19 am

    Anyone have a good comprehensive list they might send me?

    Help! :)

    if your running the 3.17a (with the other *.js files) yes

    Same here. If you have been on autopilot for a while then you probably have'nt updated to the latest and greatest which includes some nice auto ip blocking, etc. BTW, nice to see you around, have'nt talked to you since the Warzone BBS days.

    Take Care

    --

    Tim Smith (KK4QBN)
    KK4QBN BBS


    I check on the BBS several times a day... especially recently with the full blow attack going on... But, Yea, don't much log in or call others... My life is complicated now, and I don't have much free time. :)

    I think these changes Rob suggested and some others that I made seem to be doing the trick for now. :)

    BindRetryCount=1
    BindRetryDelay=90
    LoginAttemptDelay=10000
    LoginAttemptThrottle=10000
    LoginAttemptHackThreshold=100
    LoginAttemptFilterThreshold=1

    We'll see how it goes. :)


    Sniper

    Killed In Action BBS, telnet://kiabbs.org

    ---
    þ Synchronet þ Killed In Action BBS - kiabbs.org