Hi All,

I was just watching the 'mis server' screen thinking about what else to do with the BBS (aside for setting up doors :P), when I noticed (and still am) connections to SSH that are being blocked.

Since the incoming SSH port is set to something non-standard, I can only trust that these are either port-scanners or <insert favorite expletives> trying to hack into my system via ssh.

In that past when the BBS was connected to a phone line, we wouldn't have this problem. But with the advent of BBS connected to networks, this seems to be a problem.

Thank goodness g00r00 implemented the blocked connections feature.

That said, how do you guys deal with this annoyance? At this point in time, I'm not accepting users; but I do log on to my BBS via telnet or ssh (both on non-standard ports).

Thanks

Edmund

... There are two types of people; those who finish what they start and

--- Mystic BBS v1.12 A47 2021/11/22 (Linux/32)
* Origin: Eagle's BBS (1:153/7083)

On 25 Nov 2021, Edmund Wong said the following...

I was just watching the 'mis server' screen thinking about what else to
do with the BBS (aside for setting up doors :P), when I noticed (and
still am) connections to SSH that are being blocked.

That said, how do you guys deal with this annoyance?

I use iptables to block certain county IP blocks from connecting in the first place. Doesn't stop all of them, but it is a lot quieter when you can filter out the riftraft in the first place.

Here's what I do:

# Create the ipset lists
ipset -q -N block4 hash:net
ipset -q -N block6 hash:net family inet6

# Download the aggregated country ipsets
wget https://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone
wget https://www.ipdeny.com/ipv6/ipaddresses/aggregated/cn-aggregated.zone

(Note: ipdeny.com hasn't renewed their ssl cert since May, but their site still works and they're lists are still good).

# Populate the ipset lists
for i in $( cat /tmp/cn4-aggregated.zone ); do ipset -q -A block4 $i; done
for i in $( cat /tmp/cn6-aggregated.zone ); do ipset -q -A block6 $i; done


Just repeat this step for any other regions you'd like to block (I personally do cn, ru, ir, kp & kr). A strong case could also be made for blocking br.

Maybe geocheck the IPs that are connecting to you to see which regions may be the best to block in your circumstance.

Once you have them all loaded you can save the ipset:

ipset save > /etc/ipset.conf

And then you can re-load the list on bootup:

ipset restore < /etc/ipset.conf

I have a rule in iptables just to drop traffic from any IP address listed in the ipset:

iptables -A INPUT -p tcp -m set --match-set block4 src -j DROP
ip6tables -A INPUT -p tcp -m set --match-set block6 src -j DROP


I also use Phenom Production's botcheck mpl which makes users press ESC twice when connecting via telnet. If they don't it'll hang up on them after 15 seconds.


Jay

... If everything seems easy, you have obviously overlooked something.
--- Mystic BBS v1.12 A47 2021/11/24 (Raspberry Pi/32)
* Origin: Northern Realms (1:229/664)

On 25 Nov 2021, Edmund Wong said the following...

That said, how do you guys deal with this annoyance? At this point in time, I'm not accepting users; but I do log on to my BBS via telnet or
ssh (both on non-standard ports).

You could always turn of SSH connections or just let mis continue to do it's job and block the connections.

... The person who snores the loudest will fall asleep first

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: fidonet.winserver.org * Cordova, TN USA (1:116/18)

Hi Jay,

I use iptables to block certain county IP blocks from connecting in the first place. Doesn't stop all of them, but it is a lot quieter when you can filter out the riftraft in the first place.

As a quick measure, I just disabled the ssh server part. Sure, it won't prevent them from using the telnet port ;/

That said, I think using your iptables way might be the best way. That way I can ssh and/or telnet into my system and not worry about 'them'.

Thanks!

Edmund

... Just another prisoner of gravity!
--- Mystic BBS v1.12 A47 2021/11/22 (Linux/32)
* Origin: Eagle's BBS (1:153/7083)

Hi Robert,

You could always turn of SSH connections or just let mis continue to do it's job and block the connections.

I ended up blocking ssh connections; but will most likely implement Jay's method when I get time.

Thanks

Edmund

... I think I am, therefore, I am... I think.
--- Mystic BBS v1.12 A47 2021/11/22 (Linux/32)
* Origin: Eagle's BBS (1:153/7083)