I've been getting hit by bots on Lunatics. Never seen it this bad and it's getting a bit ridiculous. I've blacklisted some countries but I'm still getting hit pretty hard.

What are sysops using to combat this? What are my options besides changing my port. (i'not using port 23). What mods or programs are you all using?

Thanks!

|02-=|10Cozmo|02=-

... "No comment" is a comment.

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Lunatics Unleashed BBS (21:3/135)

On 24 Apr 2024, Cozmo said the following...

I've been getting hit by bots on Lunatics. Never seen it this bad and
it's getting a bit ridiculous. I've blacklisted some countries but I'm still getting hit pretty hard.

What are sysops using to combat this? What are my options besides
changing my port. (i'not using port 23). What mods or programs are you
all using?

I use the bot blocker by Phenom Productions.. (Google them they have a website) it works well. It blocks the bots before they get into the Mystic.

AL

... The shortest distance between two points is under construction

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)

I've been getting hit by bots on Lunatics. Never seen it
this bad and it's getting a bit ridiculous. I've
blacklisted some countries but I'm still getting hit
pretty hard.
What are sysops using to combat this? What are my
options besides changing my port. (i'not using port 23).
What mods or programs are you all using?

A lot of boards seem to use a system that requires users to press Escape twice after connecting, before passing them to the BBS. From what I gather it works quite well.

I saw Phenom Productions mentioned, I haven't used their mods but there's some neat stuff there for sure. ThreatSentry is always eye catching, with the geo-location on the world map. BotCheck seems to be in use on loads of boards.
https://www.phenomprod.com/Mods

On my own board, I implemented some simple bot detection into a 'telnet ringdown' server I use. It watches for automated login attempts, based on a list of keywords, and temporarily bans IPs. It's worked pretty well at greatly reducing the number of bots that reach the login sequence of the BBS, while being invisible to callers.
https://github.com/akacastor/ringdown


Chris/akacastor

--- Maximus 3.01
* Origin: Another Millennium - Canada - another.tel (21:1/162)

I saw Phenom Productions mentioned, I haven't used their mods but
there's some neat stuff there for sure. ThreatSentry is always eye catching, with the geo-location on the world map. BotCheck seems to be
in use on loads of boards. https://www.phenomprod.com/Mods

I've seen this mod on a few boards. I'll check it out.

On my own board, I implemented some simple bot detection into a 'telnet ringdown' server I use. It watches for automated login attempts, based
on a list of keywords, and temporarily bans IPs. It's worked pretty
well at greatly reducing the number of bots that reach the login
sequence of the BBS, while being invisible to callers. https://github.com/akacastor/ringdown

Luantics is runnning on a Windows box so can't try out your system unfortunately.

These bot have gone crazy lately.

Thanks!

|02-=|10Cozmo|02=-

... The seminar on time travel will be held two weeks ago

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Lunatics Unleashed BBS (21:3/135)

On 24 Apr 2024 at 05:23p, AKAcastor pondered and said...

A lot of boards seem to use a system that requires users to press Escape twice after connecting, before passing them to the BBS. From what I gather it works quite well.

I saw Phenom Productions mentioned, I haven't used their mods but
there's some neat stuff there for sure. ThreatSentry is always eye

for what it's worth you don't need the Phenom mod any more as there is a script that ships with Mystic that does this also :)

Look for botcheck.mps and check whatsnew.txt for more

Kerr Avon [Blake's 7] 'I'm not expendable, I'm not stupid and I'm not going' avon[at]bbs.nz | bbs.nz | fsxnet.nz

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 24 Apr 2024 at 05:57p, Cozmo pondered and said...

I've been getting hit by bots on Lunatics. Never seen it this bad and
it's getting a bit ridiculous. I've blacklisted some countries but I'm still getting hit pretty hard.

What are sysops using to combat this? What are my options besides
changing my port. (i'not using port 23). What mods or programs are you
all using?

I'm running port 23 and no bot check and seemingly doing OK... I have blocked (from memory) about 3 countries ... but asides that I just rely on the auto blocker in Mystic that kicks in after the third attempt by a bot to connect and this is within the time allowed for that triggers an auto-ban.

Kerr Avon [Blake's 7] 'I'm not expendable, I'm not stupid and I'm not going' avon[at]bbs.nz | bbs.nz | fsxnet.nz

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Re: Bot attacks
By: Cozmo to All on Wed Apr 24 2024 05:57 pm

Howdy,

What are sysops using to combat this? What are my options besides changing my port. (i'not using port 23). What mods or programs are you all using?

I have a couple of things in play here.

I use MikroTik routers, so I have preloaded it with nets of countries that I reject any connection from - their is a github repository with a map of IP segments to countries. I wrote a tool that collapses nets to a larger mask (since I block several countries), to reduce the definitions - and while that is effective, it isnt 100% (anybody can spin up a VM in another country and run their spaming from it.

In front of the BBS I also use haproxy, with a rule that an IP address cannot have more than 1 concurrent connection, and can only connect once every 60 secs. (I whitelist some addresses so they bypass this rule.)

I also use haproxy in front of my mail servers (for mail clients), together with ssl certs so a connection needs to use the a SNI enabled client to connect to the appropriate server - an IP address wont make it. This is pretty effective.

The SBBS has it's own things as well...


...ëîåï
--- SBBSecho 3.20-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

I've been getting hit by bots on Lunatics. Never seen it this bad and
it's getting a bit ridiculous. I've blacklisted some countries but I'm What are sysops using to combat this? What are my options besides
changing my port. (i'not using port 23). What mods or programs are you

What I did was, I switched to that "Matrix menu" as it is called
and I changed the prompts to read "If you are human, press 1"
- This forces someone to actually press 1 before they are
taken to the actual logon screen. Bots still hit all the time
but they never get anywhere.

... There are three kinds of people: Those who can count, and those who can't

--- Mystic BBS v1.12 A48 (Windows/64)
* Origin: From the depths of Bunker 3 (21:1/130)

I've been getting hit by bots on Lunatics. Never seen it this bad and it's getting a bit ridiculous. I've blacklisted some countries but

I'm

What are sysops using to combat this? What are my options besides changing my port. (i'not using port 23). What mods or programs are

you

What I did was, I switched to that "Matrix menu" as it is called and
I changed the prompts to read "If you are human, press 1" - This
forces someone to actually press 1 before they are taken to the
actual logon screen. Bots still hit all the time but they never get anywhere.

I've found thst disallowing any non-ANSI connections seems to do the job.

--- shsbbs.net
Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
,wss) (Ports 22,23,110,21,119,8080) (ssh login 'bbs' pass 'shsbbs').


*** THE READER V4.50 [freeware]
---
* Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (21:2/148)

What are sysops using to combat this? What are my options besides
changing my port. (i'not using port 23). What mods or programs are you
all using?

I have a second instance (hidden) running on port 23 that blocks all the IPs (blocking countries isn't going to work here).

I then edit the end of the IP to .* to block the entire 254 series. (eg. 192.168.101.* will block 192.168.101.1-255). That is copied over to my live BBS and keeps MOST of the bots away. I do get one or two here and there, but it doesn't take down my BBS or cause a DoS (Denial of Service).

Change your port if you can.

The standard BOT CHECKER during an initial Mystic Login works good, but ties up your BBS until the IP is blocked. Previously (prior to the bot checker), I could see how many of the logins tried the simple admin/admin, admin/123456, etc. (aka default passwords for a lot of devices). That was enough to scare me into installing a firewall since I run my BBS from my home.

--
Timothy Norris aka SirRonmit
admin@f4fbbs.com
bbs.f4fbbs.com:2323 or :62323

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Files 4 Fun BBS (21:2/120)

I saw Phenom Productions mentioned, I haven't used their mods but
there's some neat stuff there for sure. ThreatSentry is always eye catching, with the geo-location on the world map. BotCheck seems to be
in use on loads of boards. https://www.phenomprod.com/Mods

That IS the ESC TWICE TO LOGIN. It was a separate instance, but now included with Msystic.

--
Timothy Norris aka SirRonmit
admin@f4fbbs.com
bbs.f4fbbs.com:2323 or :62323

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Files 4 Fun BBS (21:2/120)

On 24 Apr 2024, AKAcastor said the following...

A lot of boards seem to use a system that requires users to press Escape twice after connecting, before passing them to the BBS. From what I gather it works quite well.

I saw Phenom Productions mentioned, I haven't used their mods but
there's some neat stuff there for sure. ThreatSentry is always eye catching, with the geo-location on the world map. BotCheck seems to be
in use on loads of boards. https://www.phenomprod.com/Mods

You can Mod-the-Mod to replace Escape with something else.

Escape is tricky for those using eReaders and iPhones/iPads and the like.

Mine is changed to require two dollar signs ($) instead of Escape.

--- Steve K9ZW via SPOT BBS

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: SPOT BBS / k9zw (21:1/224)

That IS the ESC TWICE TO LOGIN. It was a separate instance, but now included with Msystic.

It is? Is it a MPL?

--- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
* Origin: Clutch BBS * telnet://clutchbbs.com (21:1/199)

I'm running port 23 and no bot check and seemingly doing OK... I have blocked (from memory) about 3 countries ... but asides that I just rely
on the auto blocker in Mystic that kicks in after the third attempt by a bot to connect and this is within the time allowed for that triggers an auto-ban.

I don't seem to have the auto blocker in my version of Mystic. I'm using A48.
I have blocked some countries but like I said it's been pretty bad lately.

|02-=|10Cozmo|02=-

... What does it mean to pre-board? Do you get on before you get on?

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Lunatics Unleashed BBS (21:3/135)

I also use haproxy in front of my mail servers (for mail clients), together with ssl certs so a connection needs to use the a SNI enabled client to connect to the appropriate server - an IP address wont make
it. This is pretty effective.

All of that is a bit beyond my tech level :(

|02-=|10Cozmo|02=-

... Evil triumphs when good people do nothing. - Einstein

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Lunatics Unleashed BBS (21:3/135)

What I did was, I switched to that "Matrix menu" as it is called
and I changed the prompts to read "If you are human, press 1"
- This forces someone to actually press 1 before they are
taken to the actual logon screen. Bots still hit all the time
but they never get anywhere.

Tha seems like a simple enough solution. I would've never thought of that.

|02-=|10Cozmo|02=-

... I know a good tagline when I steal one!

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Lunatics Unleashed BBS (21:3/135)

Change your port if you can.

I'm not using the standard port 23 for telnet I use 2333. I don't relly want to change ports idf i don't have to.

|02-=|10Cozmo|02=-

... I think I am, therefore, I am... I think.

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Lunatics Unleashed BBS (21:3/135)

On 25 Apr 2024 at 06:02p, Cozmo pondered and said...

I don't seem to have the auto blocker in my version of Mystic. I'm using A48. I have blocked some countries but like I said it's been pretty bad lately.

Hmm perhaps try the A49 pre-alpha version. I am not at home at the moment but can look when I get home if you don't beat me to it.

Kerr Avon [Blake's 7] 'I'm not expendable, I'm not stupid and I'm not going' avon[at]bbs.nz | bbs.nz | fsxnet.nz

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On Thursday April 25 2024, Cozmo said the following...

I don't seem to have the auto blocker in my version of Mystic. I'm
using A48. I have blocked some countries but like I said it's been
pretty bad lately.

It should be located in your mystic\themes\default\scripts folder.

If it's not there you can download Mytsic A48 again and run:

install extract botcheck.mps c:\path\to\mystic\scripts


Jay

... I made a pencil with two erasers. It was pointless
--- GoldED+/LNX 1.1.5-b20240309
* Origin: Northern Realms (21:3/110)

That IS the ESC TWICE TO LOGIN. It was a separate instance, but now included with Msystic.

It is? Is it a MPL?

That is correct. You had to download, compile, and setup before, but now it
is included within the .rar package.

from the WHATS NEW .TXT :

By request: Added a "botcheck.mps" which is a small MPL script to force the
user to press escape twice immediately after connecting. Rename to
connect.mps and compile in your scripts directory (assuming you are not
already using a connect script) if you wish to use it.

--
Timothy Norris aka SirRonmit
admin@f4fbbs.com
bbs.f4fbbs.com:2323 or :62323

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Files 4 Fun BBS (21:2/120)

I'm not using the standard port 23 for telnet I use 2333. I don't relly want to change ports idf i don't have to.

At least you aren't on 23 as I assumed you were reading your original post. I have 23 on the bot blocker, and 2323 on my instance and 62323 on another.

--
Timothy Norris aka SirRonmit
admin@f4fbbs.com
bbs.f4fbbs.com:2323 or :62323

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Files 4 Fun BBS (21:2/120)

That is correct. You had to download, compile, and setup before, but now it is included within the .rar package.

from the WHATS NEW .TXT :

By request: Added a "botcheck.mps" which is a small MPL script to force the user to press escape twice immediately after connecting. Rename
to connect.mps and compile in your scripts directory (assuming you
are not already using a connect script) if you wish to use it.

--

Nice, didn't know that.

--- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
* Origin: Clutch BBS * telnet://clutchbbs.com (21:1/199)

I don't seem to have the auto blocker in my version of Mystic. I'm us A48. I have blocked some countries but like I said it's been pretty b lately.

Hmm perhaps try the A49 pre-alpha version. I am not at home at the
moment but can look when I get home if you don't beat me to it.

I installed the Phenom Botchecker for now. I will try out the Mystic one also.

|02-=|10Cozmo|02=-

... Consultant: A person who makes good on a salesman's promises!

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Lunatics Unleashed BBS (21:3/135)

Nice, didn't know that.

Yeah I thought it was awesome they collaborated on it.
I'm not sure if it is a setting or not, but my main BBS (non-23) shows the logo when telling you to hit esc twice, whereas my 23 closed BBS doesn't show a graphic, just says his esc twice. I believe (but honestly don't remember) that was how you could tell the difference between the manual MPL add-on versus the included with Mystic version.

Maybe someone who remembers can chime in and slap me sane?

--
Timothy Norris aka SirRonmit
admin@f4fbbs.com
bbs.f4fbbs.com:2323 or :62323

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Files 4 Fun BBS (21:2/120)