1. Forum
  2. FidoNet
  3. SYNC SYSOPS

  • Important IRC updates.

    From nelgin@1:103/705 to IRC Sysops on Sunday, October 08, 2023 01:56:08
    TL;DR; - Upgrade your IRC server :)

    For more details...read below...

    I wanted to give a quick status of the IRC network, for those who care. We've been invaded by spambots recently. Cyan added dronebl lookups to the IRC server, which is now at Version 1.10. All sysops are encouraged to use this version which will help protect the network, plus it includes bugfixes for both IRC and SBBS. You'll need the latest SBBS 3.20a to take advantage of new features.

    I had services issue an infinite ban on IPs that we catch. I am going to change this to 30 days otherwise our servers are going to get overloaded with AKILLs that may no longer be relevant.

    Also, rather than using "spamtard" as the reason, I have created a misc faq section on the wiki that will be pointed to. One thing to note, servers on version less than 1.10 will NOT process the RAKILL message. This is used to remove AKILLs. You will have to either restart your irc server and/or upgrade which will also restart your ircd. Hit me up with any services questions here or on IRC.

    These are our Hall of Fame boards, running the latest 1.10.
    vert.synchro.net
    magnumuk.synchro.net
    mortal.synchro.net
    hoval.synchro.net
    bggrscyn.synchro.net
    cjsplace.synchro.net
    richardf.synchro.net
    reality.synchro.net
    syncnix.synchro.net
    pharcyde.synchro.net
    veleno.synchro.net
    docksud.synchro.net
    digdist.synchro.net
    kn6q.synchro.net
    hzbbs.synchro.net
    cvs.synchro.net

    The Booby Prize goes to sysops of the following boards that are running ircd 1.9. You're so close and just a couple of commands away from upgrading to the latest and greatest. Please consider upgrading as soon as possible. Your servers are gateways for spamtards.

    ensemble.synchro.net
    trn.synchro.net
    qrift.synchro.net
    tlcbbs.synchro.net
    bbsdev.synchro.net
    dungeon.synchro.net
    cpugod.synchro.net
    extricat.synchro.net

    Wooden Spoon prize goes to the following two boards that are still at 1.3a. I know sestar has mitigating circumstances but these both desperately could do with an update.

    frugalbb.synchro.net
    sestar.synchro.net

    Wall of Shame to these sysops for not maintaing DYNDNS for their hostnames. Please fix your DYNDNS script accordingly.

    deckhvn2.synchro.net
    msrdbbs.synchro.net
    fatcats.synchro.net

    Again, if anyone has any questions, feel free to reach out.
    ---
    þ Synchronet þ End Of The Line BBS - endofthelinebbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From fusion@1:103/705 to nelgin on Monday, October 09, 2023 17:31:00
    On 08 Oct 2023, nelgin said the following...

    We've been invaded by spambots recently. Cyan added dronebl lookups to
    the IRC server, which is now at Version 1.10. All sysops are encouraged

    do the bots run identd? does it work correctly? for a given port pair, you
    get a 'real' username, trying ident on the same port pair a second time returns the same username? trying identd for a random port pair or something that shouldn't work for a normal user like 23, 23 returns an error?

    maybe call that strike one..

    then capture the first channel they join.. did it exist already? no? strike two. do they set it invite only immediately? what else goes on?

    what EXACTLY is the progression they make from connection to the bot channel? is it the same every single time? if your force umodes on them do they unset them? if you tell them they can't join their first channel do they immediately join a different one or retry the first? strikeeee

    rate limit their commands.. message the user "please wait 10 seconds.." do the bots give up and start a new connection? are they sensitive to timing?

    perhaps at this point you have nickserv or some service tell them to register a nick to prove they're not a bot or solve a simple 'captcha' type thing or something..

    just brainstorming but i bet they provide enough info themselves to give you confidence to blacklist them.

    --- Mystic BBS v1.12 A47 2021/12/25 (Windows/32)
    # Origin: cold fusion - cfbbs.net - grand rapids, mi
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to fusion on Monday, October 09, 2023 18:08:02
    Re: Re: Important IRC updates.
    By: fusion to nelgin on Mon Oct 09 2023 05:31 pm

    do the bots run identd? does it work correctly? for a given port pair, you get a 'real' username, trying ident on the same port pair a second time returns the same username? trying identd for a random port pair or something that shouldn't work for a normal user like 23, 23 returns an error?

    Is identd really used any more? I implemented it long ago in Synchronet, but I didn't think it was really used/relied-upon much any more as it's not really for secure/authoritative (easy to spoof). It's one of those features that I figured would be removed from Synchronet some day.
    --
    digital man (rob)

    Synchronet/BBS Terminology Definition #91:
    XOFF = Transmit Off (ASCII 19, Ctrl-S)
    Norco, CA WX: 77.7øF, 50.0% humidity, 0 mph SE wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From fusion@1:103/705 to Digital Man on Tuesday, October 10, 2023 01:16:00
    On 09 Oct 2023, Digital Man said the following...

    Is identd really used any more? I implemented it long ago in Synchronet, but I didn't think it was really used/relied-upon much any more as it's not really for secure/authoritative (easy to spoof). It's one of those features that I figured would be removed from Synchronet some day.

    well, in a bbs user use case, i'd imagine since i don't currently run an ircd, i'd point an irc door at yours.. and would want the user's nick to show up via identd so you don't just ban my whole bbs when one user is a dip.

    was just a thought if they both happened to have it (some servers on DALnet or others require it still), and it was predictably flawed. but yes, generally identd isn't relevant anymore.

    could have a connection password.. i think the ircnet japanese server connection password has been the same for 20 years ;) not sure how the bots find your servers, but if it's only via port scanning they might never find it on the wiki..

    --- Mystic BBS v1.12 A47 2021/12/25 (Windows/32)
    # Origin: cold fusion - cfbbs.net - grand rapids, mi
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nigel Reed@1:124/5016 to fusion on Wednesday, October 11, 2023 10:36:02
    Re: Re: Important IRC updates.
    By: fusion to nelgin on Mon Oct 09 2023 17:31:00

    perhaps at this point you have nickserv or some service tell them to register a nick to prove they're not a bot or solve a simple 'captcha' type thing or something..

    They are actually trying to register with fake email addresses. I've had to expend the amount of time a user must be online before they can register the nick to avoid tons of bounces.

    just brainstorming but i bet they provide enough info themselves to give you confidence to blacklist them.

    I think what we have in place now is working just fine.
    --- SBBSecho 3.20-Linux
    * Origin: End Of The Line BBS - endofthelinebbs.com (1:124/5016)