• Autoban settings

    From McDoob@21:4/135 to All on Tuesday, December 14, 2021 16:49:34
    Hi All!

    I am hosting PiBBS on the default telnet port (23) and, as you can imagine,
    I'm getting a lot of...shall we say...unwanted traffic. By default, Mystic is doing a pretty good job of banning the ones that are actively trying to brute-force the login.

    The thing that concerns me is the constant stream of not-quite-logins from
    the same IP over and over again. Here's where the autoban settings come in,
    of course.

    My question is, what is a good setting? I don't want to be too conservative, nor too lax. I'm interested in hearing opinions from my fellow SysOps on what settings they use.

    For now, I'm set to 4 attempts in 120 sec, as seen in one of Mystic Guy's videos. And my blacklist is growing at what appears to be an exponential
    rate, so obviously it's working.

    But...is it working TOO well? o_O

    McDoob
    SysOp, PiBBS
    pibbs.sytes.net

    --- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
    * Origin: PiBBS (21:4/135)
  • From Black Panther@21:1/186 to McDoob on Tuesday, December 14, 2021 15:35:06
    On 14 Dec 2021, 04:49p, McDoob said the following...

    I am hosting PiBBS on the default telnet port (23) and, as you can imagine, I'm getting a lot of...shall we say...unwanted traffic. By default, Mystic is doing a pretty good job of banning the ones that are actively trying to brute-force the login.

    Ah, yes. The never-ending bots... Mystic actually handles them quite well, in my opinion.

    For now, I'm set to 4 attempts in 120 sec, as seen in one of Mystic Guy's videos. And my blacklist is growing at what appears to be an exponential rate, so obviously it's working.

    It does work. I'm running the same settings here, 4 attempts in 120 seconds. Right now, my blacklist.txt file is at 81529 lines, so Mystic has blocked a few. ;)

    Another thing you can do, is run a 'Press Esc Twice to Continue' script. This will reduce the amount of time Mystic will sit on the login screen before disconnecting them. I have one running here at CRBBS that I wrote, and hasn't been released. But, there is at least one other one out there from Phenom that will work as well.

    But...is it working TOO well? o_O

    I think it'll be fine. You will have quite a few being blacklisted for awhile, but the numbers will slow down. Also, how many nodes are your running in Mystic? I have mine set to 10 nodes. When I started running Mystic, there were times I couldn't log in, as all 10 nodes were being occupied by bots... Now, it's pretty rare that I'm not able to log in on either node 1 or 2, still out of 10.


    ---

    Black Panther(RCS)
    aka Dan Richter
    Castle Rock BBS
    telnet://bbs.castlerockbbs.com
    http://www.castlerockbbs.com
    http://github.com/DRPanther
    The sparrows are flying again...

    ... Psssst!!! Little boy!!!! Want to see my tagline???

    --- Mystic BBS v1.12 A47 2021/09/07 (Linux/64)
    * Origin: Castle Rock BBS - bbs.castlerockbbs.com (21:1/186)
  • From McDoob@21:4/135 to Black Panther on Tuesday, December 14, 2021 19:13:16
    It does work. I'm running the same settings here, 4 attempts in 120 seconds. Right now, my blacklist.txt file is at 81529 lines, so Mystic
    has blocked a few. ;)

    Damn. And I was getting surprised by 250 lines (in a couple of days, to be fair)...Looks like I have some big shoes to fill...

    Another thing you can do, is run a 'Press Esc Twice to Continue' script. This will reduce the amount of time Mystic will sit on the login screen before disconnecting them. I have one running here at CRBBS that I
    wrote, and hasn't been released. But, there is at least one other one
    out there from Phenom that will work as well.

    I saw a very retro-cool looking 'Press Esc Twice' screen on 20forbeers BBS. I was immediately impressed by that and the 'captcha'-esque secondary. These
    are goals for my BBS, for sure!

    But...at this point...I need to spend a lot of time learning Mystic first. Like...how to run a script before login...XD

    Don't tell me! I prefer to find out the hard way!

    [...]Also, how many nodes are your
    running in Mystic? I have mine set to 10 nodes. When I started running Mystic, there were times I couldn't log in, as all 10 nodes were being occupied by bots... Now, it's pretty rare that I'm not able to log in on either node 1 or 2, still out of 10.


    I've set a hard limit of 8 on all of my servers. Then 5 on telnet, 2 on
    BinkP, and 3 on HTTP. I have duplicate logins turned off. So far, (*a whole
    two weeks*) I haven't ever had a problem logging in. I've also been online while other users were also logged in.

    I sometimes spend hours skimming (or reading) the logs. The most telnet connections I've seen is 3 (me, that user, and probably a bot) at the time of writing. If I start seeing congestion, I'll consider opening up a few more nodes.

    I don't expect that to be a problem in the near future, since PiBBS simply won't see the same amount of traffic as the more established BBSes. At least...not yet... ;)

    Thanks for your advice...again!

    McDoob
    SysOp, PiBBS
    pibbs.sytes.net

    --- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
    * Origin: PiBBS (21:4/135)
  • From paulie420@21:2/150 to McDoob on Wednesday, December 15, 2021 07:15:14
    I saw a very retro-cool looking 'Press Esc Twice' screen on 20forbeers BBS. I was immediately impressed by that and the 'captcha'-esque secondary. These are goals for my BBS, for sure!

    So 2o runs modified versions of:

    Phenom Bot-Check
    Phenom Maptcha

    and they also offer
    Phenom ThreatSentry

    You can download all of these @ 2o in the Phenom Mystic Mods file area.
    IMO the most important one is the Bot-Check - not ONLY because it keeps away the bots, but since it has a 15second count down before user even gets to the user/pass section, it allows for ACTUAL HUMAN users who just make a mistake and weren't ready to login NOT get blacklisted. :P

    Later, if you feel froggy, you can modify the code(s) using Mystic's Pascal-like MPL language. (Its pretty easy to change things a little... and a bit more tricky to make the big flashy modifications.) :P



    |07p|15AULIE|1142|07o
    |08.........

    --- Mystic BBS v1.12 A47 2021/10/25 (Raspberry Pi/32)
    * Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)
  • From Ragnarok@21:2/151 to McDoob on Thursday, January 27, 2022 04:24:55
    El 14/12/21 a las 18:49, McDoob escribió:
    Hi All!

    I am hosting PiBBS on the default telnet port (23) and, as you can imagine, I'm getting a lot of...shall we say...unwanted traffic. By default, Mystic is doing a pretty good job of banning the ones that are actively trying to brute-force the login.

    if you use raspian, you have fail2ban.
    --- SBBSecho 3.14-Linux
    * Origin: Dock Sud BBS - bbs.docksud.com.ar - Argentina (21:2/151)
  • From opicron@21:3/126 to Ragnarok on Thursday, January 27, 2022 13:04:45
    I am hosting PiBBS on the default telnet port (23) and, as you can imagi I'm getting a lot of...shall we say...unwanted traffic. By default, Myst doing a pretty good job of banning the ones that are actively trying to brute-force the login.

    Yeah I have both port 22 and 23 for mystic. Im getting rammed with logins.
    But what I did is:

    - Auto whitelist logged in users
    - Ban on 4 failed attemps in 2 minutes

    That seems to keep the bruteforces at a minimum. I do not like to change the port as I do not believe in security by obscurity.

    oP!

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: TheForze - bbs.opicron.eu:23 (21:3/126)
  • From Avon@21:1/101 to opicron on Friday, January 28, 2022 16:21:52
    On 27 Jan 2022 at 01:04p, opicron pondered and said...

    - Ban on 4 failed attemps in 2 minutes

    I do this, works fine for me :)

    --- Mystic BBS v1.12 A47 2021/11/06 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)