Hi All!

I am hosting PiBBS on the default telnet port (23) and, as you can imagine,
I'm getting a lot of...shall we say...unwanted traffic. By default, Mystic is doing a pretty good job of banning the ones that are actively trying to brute-force the login.

The thing that concerns me is the constant stream of not-quite-logins from
the same IP over and over again. Here's where the autoban settings come in,
of course.

My question is, what is a good setting? I don't want to be too conservative, nor too lax. I'm interested in hearing opinions from my fellow SysOps on what settings they use.

For now, I'm set to 4 attempts in 120 sec, as seen in one of Mystic Guy's videos. And my blacklist is growing at what appears to be an exponential
rate, so obviously it's working.

But...is it working TOO well? o_O

McDoob
SysOp, PiBBS
pibbs.sytes.net

--- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
* Origin: PiBBS (21:4/135)

On 14 Dec 2021, 04:49p, McDoob said the following...

I am hosting PiBBS on the default telnet port (23) and, as you can imagine, I'm getting a lot of...shall we say...unwanted traffic. By default, Mystic is doing a pretty good job of banning the ones that are actively trying to brute-force the login.

Ah, yes. The never-ending bots... Mystic actually handles them quite well, in my opinion.

For now, I'm set to 4 attempts in 120 sec, as seen in one of Mystic Guy's videos. And my blacklist is growing at what appears to be an exponential rate, so obviously it's working.

It does work. I'm running the same settings here, 4 attempts in 120 seconds. Right now, my blacklist.txt file is at 81529 lines, so Mystic has blocked a few. ;)

Another thing you can do, is run a 'Press Esc Twice to Continue' script. This will reduce the amount of time Mystic will sit on the login screen before disconnecting them. I have one running here at CRBBS that I wrote, and hasn't been released. But, there is at least one other one out there from Phenom that will work as well.

But...is it working TOO well? o_O

I think it'll be fine. You will have quite a few being blacklisted for awhile, but the numbers will slow down. Also, how many nodes are your running in Mystic? I have mine set to 10 nodes. When I started running Mystic, there were times I couldn't log in, as all 10 nodes were being occupied by bots... Now, it's pretty rare that I'm not able to log in on either node 1 or 2, still out of 10.


---

Black Panther(RCS)
aka Dan Richter
Castle Rock BBS
telnet://bbs.castlerockbbs.com
http://www.castlerockbbs.com
http://github.com/DRPanther
The sparrows are flying again...

... Psssst!!! Little boy!!!! Want to see my tagline???

--- Mystic BBS v1.12 A47 2021/09/07 (Linux/64)
* Origin: Castle Rock BBS - bbs.castlerockbbs.com (21:1/186)

It does work. I'm running the same settings here, 4 attempts in 120 seconds. Right now, my blacklist.txt file is at 81529 lines, so Mystic
has blocked a few. ;)

Damn. And I was getting surprised by 250 lines (in a couple of days, to be fair)...Looks like I have some big shoes to fill...

Another thing you can do, is run a 'Press Esc Twice to Continue' script. This will reduce the amount of time Mystic will sit on the login screen before disconnecting them. I have one running here at CRBBS that I
wrote, and hasn't been released. But, there is at least one other one
out there from Phenom that will work as well.

I saw a very retro-cool looking 'Press Esc Twice' screen on 20forbeers BBS. I was immediately impressed by that and the 'captcha'-esque secondary. These
are goals for my BBS, for sure!

But...at this point...I need to spend a lot of time learning Mystic first. Like...how to run a script before login...XD

Don't tell me! I prefer to find out the hard way!

[...]Also, how many nodes are your
running in Mystic? I have mine set to 10 nodes. When I started running Mystic, there were times I couldn't log in, as all 10 nodes were being occupied by bots... Now, it's pretty rare that I'm not able to log in on either node 1 or 2, still out of 10.

I've set a hard limit of 8 on all of my servers. Then 5 on telnet, 2 on
BinkP, and 3 on HTTP. I have duplicate logins turned off. So far, (*a whole
two weeks*) I haven't ever had a problem logging in. I've also been online while other users were also logged in.

I sometimes spend hours skimming (or reading) the logs. The most telnet connections I've seen is 3 (me, that user, and probably a bot) at the time of writing. If I start seeing congestion, I'll consider opening up a few more nodes.

I don't expect that to be a problem in the near future, since PiBBS simply won't see the same amount of traffic as the more established BBSes. At least...not yet... ;)

Thanks for your advice...again!

McDoob
SysOp, PiBBS
pibbs.sytes.net

--- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
* Origin: PiBBS (21:4/135)

I saw a very retro-cool looking 'Press Esc Twice' screen on 20forbeers BBS. I was immediately impressed by that and the 'captcha'-esque secondary. These are goals for my BBS, for sure!

So 2o runs modified versions of:

Phenom Bot-Check
Phenom Maptcha

and they also offer
Phenom ThreatSentry

You can download all of these @ 2o in the Phenom Mystic Mods file area.
IMO the most important one is the Bot-Check - not ONLY because it keeps away the bots, but since it has a 15second count down before user even gets to the user/pass section, it allows for ACTUAL HUMAN users who just make a mistake and weren't ready to login NOT get blacklisted. :P

Later, if you feel froggy, you can modify the code(s) using Mystic's Pascal-like MPL language. (Its pretty easy to change things a little... and a bit more tricky to make the big flashy modifications.) :P



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A47 2021/10/25 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

El 14/12/21 a las 18:49, McDoob escribió:

Hi All!

I am hosting PiBBS on the default telnet port (23) and, as you can imagine, I'm getting a lot of...shall we say...unwanted traffic. By default, Mystic is doing a pretty good job of banning the ones that are actively trying to brute-force the login.

if you use raspian, you have fail2ban.
--- SBBSecho 3.14-Linux
* Origin: Dock Sud BBS - bbs.docksud.com.ar - Argentina (21:2/151)

I am hosting PiBBS on the default telnet port (23) and, as you can imagi I'm getting a lot of...shall we say...unwanted traffic. By default, Myst doing a pretty good job of banning the ones that are actively trying to brute-force the login.

Yeah I have both port 22 and 23 for mystic. Im getting rammed with logins.
But what I did is:

- Auto whitelist logged in users
- Ban on 4 failed attemps in 2 minutes

That seems to keep the bruteforces at a minimum. I do not like to change the port as I do not believe in security by obscurity.

oP!

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: TheForze - bbs.opicron.eu:23 (21:3/126)

On 27 Jan 2022 at 01:04p, opicron pondered and said...

- Ban on 4 failed attemps in 2 minutes

I do this, works fine for me :)

--- Mystic BBS v1.12 A47 2021/11/06 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)