• Captcha

    From MRO@VERT/BBSESINF to Lord Blackfair on Fri Jul 30 08:26:05 2021
    Re: Captcha
    By: Lord Blackfair to All on Thu Jul 29 2021 05:48 pm

    This is probally off topic. But i will post it here so everyone can see it. Since I innitiated my Captcha program on my BBS. Its been keeping the bots out and I have not seen any attempts at seeing any scripted bots trying to logon using SSH,ROOT,ADMIN ETC...
    With the help of another sysop he made a scripted batch file that changes the captcha number every 10 minutes, so its not the same with every login. I am still working on the process of using the Randam INT, but am having problems trying to get it to work with the compare. So if anyone wishes to use it. I do have it posted for Download on Vert. and if we have any programers out there in Baja that want to help me improve it feel free to drop a line.
    Lord Blackfair (Blackfair's Manor) blackf.synchro.net

    INT I RANDOM I 3 COMPARE I 0 IF_EQUAL [WHATEVER COMMAND YOU WANT] else [WHATEVER COMMAND YOU WANT]
    END_IF
    ---
    Synchronet ::: BBSES.info - free BBS services :::
  • From Lord Blackfair@VERT/BLACKF to MRO on Fri Jul 30 23:21:21 2021
    Re: Captcha
    By: MRO to Lord Blackfair on Fri Jul 30 2021 08:26 am

    Re: Captcha
    By: Lord Blackfair to All on Thu Jul 29 2021 05:48 pm

    This is probally off topic. But i will post it here so everyone can see it. Since I innitiated my Captcha program on my BBS. Its been keeping the bots out and I have not seen any attempts at seeing any scripted bots trying to logon using SSH,ROOT,ADMIN ETC...
    With the help of another sysop he made a scripted batch file that changes the captcha number every 10 minutes, so its not the same with every login. I am still working on the process of using the Randam INT, but am having problems trying to get it to work with the compare. So if anyone wishes to use it. I do have it posted for Download on Vert. and if we have any programers out there in Baja that want to help me improve it feel free to drop a line.
    Lord Blackfair (Blackfair's Manor) blackf.synchro.net

    INT I
    RANDOM I 3
    COMPARE I 0
    IF_EQUAL
    [WHATEVER COMMAND YOU WANT]
    else
    [WHATEVER COMMAND YOU WANT]
    END_IF
    By using that, wouldnt that only allow if the script picks 0?
    i want to COMPARE I with the STR

    Lord Blackfair (Blackfair's Manor) blackf.synchro.net

    ---
    Synchronet Blackfair's Manor - blackf.synchro.net
  • From MRO@VERT/BBSESINF to Lord Blackfair on Sat Jul 31 02:33:55 2021
    Re: Captcha
    By: Lord Blackfair to MRO on Fri Jul 30 2021 11:21 pm

    Re: Captcha
    By: MRO to Lord Blackfair on Fri Jul 30 2021 08:26 am

    Re: Captcha
    By: Lord Blackfair to All on Thu Jul 29 2021 05:48 pm

    This is probally off topic. But i will post it here so everyone

    can
    see it. Since I innitiated my Captcha program on my BBS. Its been keeping the bots out and I have not seen any attempts at seeing any scripted bots trying to logon using SSH,ROOT,ADMIN ETC...
    With the help of another sysop he made a scripted batch file that changes the captcha number every 10 minutes, so its not the same with every login. I am still working on the process of using the Randam INT, but am having problems trying to get it to work with the compare. So if anyone wishes to use it. I do have it posted for Download on Vert. and if we have any programers out there in Baja that want to help me improve it feel free to drop a line.
    Lord Blackfair (Blackfair's Manor) blackf.synchro.net

    INT I
    RANDOM I 3
    COMPARE I 0
    IF_EQUAL
    [WHATEVER COMMAND YOU WANT]
    else
    [WHATEVER COMMAND YOU WANT]
    END_IF
    By using that, wouldnt that only allow if the script picks 0?
    i want to COMPARE I with the STR

    i believe you copy it to a str and compare it

    just by checking if it's an exact number you can use that code i posted.
    and that's what your capcha does, right

    anyways, those bots will not solve your capcha. they will get confused and sit on the connection.

    ---
    Synchronet ::: BBSES.info - free BBS services :::
  • From Digital Man@VERT to MRO on Sat Jul 31 12:26:15 2021
    Re: Captcha
    By: MRO to Lord Blackfair on Sat Jul 31 2021 02:33 am

    anyways, those bots will not solve your capcha. they will get confused and sit on the connection.

    Yup. Truth be told, you could just print "Hit ESC now to continue" and disconnect if the ESC key (or whatever key you like) isn't hit within a few seconds. No bot is going to hit the ESC key - problem solved. You don't really *need* to display/prompt for a random anything since nobody is going to build a BBS-specific bot (they just aren't a target of interest).

    If you're running a recent build of Synchronet with a recent login.js, it'll disconnect dumb terminals (those not supporting ANSI or any other emulation) very quickly when no input is sent and that disconnect time is configurable.
    --
    digital man

    Rush quote #57:
    He picks up scraps of information, he's adept at adaptation .. Digital Man Norco, CA WX: 92.3F, 35.0% humidity, 2 mph E wind, 0.00 inches rain/24hrs
    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Lord Blackfair@VERT/BLACKF to All on Wed Aug 4 22:35:21 2021
    Got it running, had to tweak some things.
    made it start before anything else. then load the login matrix as a xtrn_prog.

    #Captcha program by Keith Cunningham edit to how you would like
    :Home
    INT R
    STR A
    random r 999999
    CLS
    #menu "Gate"
    Print "\r\n Welcome to Lord Blackfair's Captcha for Synchronet BBS v4.00\r\n"
    Print "\r\n To Prove you are not a BOT please enter [ The Number ] below.\r\n"

    print R
    Print " "
    GETLINE A 6
    COMPARE R A
    IF_false
    goto wrong
    PAUSE
    #Print "Welcome to The BBS!!!"

    end_if
    goto start
    :wrong
    Print "\r\nThat is not correct, Please try again.\r\n"
    pause
    goto home
    :start
    Print "Welcome to The BBS!!!"
    exec_xtrn matrix

    Lord Blackfair (Blackfair's Manor) blackf.synchro.net

    ---
    Synchronet Blackfair's Manor - blackf.synchro.net
  • From MRO@VERT/BBSESINF to Lord Blackfair on Thu Aug 5 09:20:03 2021
    Re: Captcha
    By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

    Got it running, had to tweak some things.
    made it start before anything else. then load the login matrix as a xtrn_prog.


    so you have something for the bots to sit there and perhaps loop back if they enter any input.

    and your users have to enter a long number each time.

    i would rethink that.
    ---
    Synchronet ::: BBSES.info - free BBS services :::
  • From Digital Man@VERT to MRO on Thu Aug 5 11:53:47 2021
    Re: Captcha
    By: MRO to Lord Blackfair on Thu Aug 05 2021 09:20 am

    Re: Captcha
    By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

    Got it running, had to tweak some things.
    made it start before anything else. then load the login matrix as a xtrn_prog.


    so you have something for the bots to sit there and perhaps loop back if they enter any input.

    and your users have to enter a long number each time.

    i would rethink that.

    If his goal is to experiment with/learn Baja, then he's achieving that. If the goal is keep bots from tieing up nodes, there's much easier solutions. If the goal is prevent bots from trying to authenticate with a username and password (why?), there's easier solutions (e.g. just prompt for a specific key, like ESC).

    Actually letting a bot send a username and password is a good way to detect and auto-block them and that support is built-into SBBS:
    https://wiki.synchro.net/howto:block-hackers
    --
    digital man

    Synchronet "Real Fact" #1:
    Development began in 1990 of the (unnamed at the time) Synchronet BBS software. Norco, CA WX: 89.5F, 40.0% humidity, 4 mph WNW wind, 0.00 inches rain/24hrs ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Lord Blackfair@VERT/BLACKF to MRO on Thu Aug 5 21:31:05 2021
    Re: Captcha
    By: MRO to Lord Blackfair on Thu Aug 05 2021 09:20 am

    Re: Captcha
    By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

    Got it running, had to tweak some things.
    made it start before anything else. then load the login matrix as a xtrn_prog.
    I could always rewite it so that a user has to press a key, but so far its working and i get no complaints yet.

    Lord Blackfair (Blackfair's Manor) blackf.synchro.net

    ---
    Synchronet Blackfair's Manor - blackf.synchro.net
  • From MRO@VERT/BBSESINF to Digital Man on Thu Aug 5 21:43:26 2021
    Re: Captcha
    By: Digital Man to MRO on Thu Aug 05 2021 11:53 am

    Re: Captcha
    By: MRO to Lord Blackfair on Thu Aug 05 2021 09:20 am

    Re: Captcha
    By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

    Got it running, had to tweak some things.
    made it start before anything else. then load the login matrix as a xtrn_prog.


    so you have something for the bots to sit there and perhaps loop back if they enter any input.

    and your users have to enter a long number each time.

    i would rethink that.

    If his goal is to experiment with/learn Baja, then he's achieving that. If the goal is keep bots from tieing up nodes, there's much easier solutions. If the goal is prevent bots from trying to authenticate with a username and password (why?), there's easier solutions (e.g. just prompt for a specific key, like ESC).

    Actually letting a bot send a username and password is a good way to detect and auto-block them and that support is built-into SBBS: https://wiki.synchro.net/howto:block-hackers

    and in my case i block all the ones that fail my challenge code. so, eventually the .can file gets so huge it slows down synchronet.
    ---
    Synchronet ::: BBSES.info - free BBS services :::
  • From Digital Man@VERT to MRO on Thu Aug 5 20:11:39 2021
    Re: Captcha
    By: MRO to Digital Man on Thu Aug 05 2021 09:43 pm

    and in my case i block all the ones that fail my challenge code. so, eventually the .can file gets so huge it slows down synchronet.

    Maybe you should rethink that design then.
    --
    digital man

    Synchronet "Real Fact" #117:
    Synchronet v1b r0 (for MS-DOS) was released on September 25, 1992
    Norco, CA WX: 77.1F, 54.0% humidity, 3 mph ENE wind, 0.00 inches rain/24hrs ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From MRO@VERT/BBSESINF to Lord Blackfair on Fri Aug 6 08:31:41 2021
    Re: Captcha
    By: Lord Blackfair to MRO on Thu Aug 05 2021 09:31 pm

    Re: Captcha
    By: MRO to Lord Blackfair on Thu Aug 05 2021 09:20 am

    Re: Captcha
    By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

    Got it running, had to tweak some things.
    made it start before anything else. then load the login matrix as a xtrn_prog.
    I could always rewite it so that a user has to press a key, but so far its working and i get no complaints yet.


    i complained.
    ---
    Synchronet ::: BBSES.info - free BBS services :::
  • From MRO@VERT/BBSESINF to Digital Man on Fri Aug 6 08:32:00 2021
    Re: Captcha
    By: Digital Man to MRO on Thu Aug 05 2021 08:11 pm

    Re: Captcha
    By: MRO to Digital Man on Thu Aug 05 2021 09:43 pm

    and in my case i block all the ones that fail my challenge code. so, eventually the .can file gets so huge it slows down synchronet.

    Maybe you should rethink that design then.

    i just trim it down every year.
    ---
    Synchronet ::: BBSES.info - free BBS services :::
  • From Lord Blackfair@VERT/BLACKF to MRO on Fri Aug 6 17:59:27 2021
    Re: Captcha
    By: MRO to Lord Blackfair on Fri Aug 06 2021 08:31 am

    Re: Captcha
    By: Lord Blackfair to MRO on Thu Aug 05 2021 09:31 pm

    Re: Captcha
    By: MRO to Lord Blackfair on Thu Aug 05 2021 09:20 am

    Re: Captcha
    By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

    Got it running, had to tweak some things.
    made it start before anything else. then load the login matrix as a xtrn_prog.
    I could always rewite it so that a user has to press a key, but so far its working and i get no complaints yet.


    i complained.
    Yes you did. And you have a right to.
    Lord Blackfair (Blackfair's Manor) blackf.synchro.net

    ---
    Synchronet Blackfair's Manor - blackf.synchro.net