Hello All,

I wonder. How do You proceed with the bot's scanners? I mean I opened the BBS to the world and all I got was just scanning and bot connecting with default passwords. And after several days I usually found my BBS's binaries
corrupted. I don't know whether anyone exploited the open access or it was my fault. But how to handle this kind of situations?

Thanks & best regards

Shinobi

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
* Origin: INFOLINKA BBS (21:1/153)

I wonder. How do You proceed with the bot's scanners? I mean I opened
the BBS to the world and all I got was just scanning and bot connecting with default passwords. And after several days I usually found my BBS's binaries corrupted. I don't know whether anyone exploited the open
access or it was my fault. But how to handle this kind of situations?

Personally, never had this kind of issue. From the start i chose a "weird" port(9999) and even my badip file is empty. :)

Scanners, normally scan the most well known ports. Port scanning to all ports, or too many ports its detectable by ISP sys admins, so they avoid that.

.----- --- -- -
| Another Droid BBS
: Telnet : andr01d.zapto.org:9999 [UTC 11:00 - 20:00]
. Contact : xqtr.xqtr@gmail.com

--- Mystic BBS v1.12 A38 2018/01/01 (Raspberry Pi/32)
* Origin: Another Droid BBS (21:1/111)

On 02/12/18, shinobi said the following...

I wonder. How do You proceed with the bot's scanners? I mean I opened
the BBS to the world and all I got was just scanning and bot connecting with default passwords. And after several days I usually found my BBS's binaries corrupted. I don't know whether anyone exploited the open
access or it was my fault. But how to handle this kind of situations?

Well, I am from Brazil, so you can imagine that my system gets pounded
with scanners all the time.

I have restriced access with the country blocker to accept calls only
from Latin American countries, Canada, the USA and a few European countries
and I did not have any further issues... In my case when I blocked Asia my system stopped to crash due these scanners.

----
Regards from Nighthawk - AKA Flavio Bessa
Sysop of Saturn's Orbit BBS - Rio de Janeiro, Brazil
fcbessa@gmail.com - saturnsorbit.hopto.org

--- Mystic BBS v1.12 A38 2018/01/01 (macOS/64)
* Origin: Chiron, orbiting Saturn - Brazil (21:1/146.1)

On 02/12/18, shinobi said the following...

I wonder. How do You proceed with the bot's scanners? I mean I opened the BBS to the world and all I got was just scanning and bot connecting with default passwords. And after several days I usually found my BBS's binaries corrupted. I don't know whether anyone exploited the open access or it was my fault. But how to handle this kind of situations?

Well, I am from Brazil, so you can imagine that my system gets pounded with scanners all the time.
I have restriced access with the country blocker to accept calls only from Latin American countries, Canada, the USA and a few European countries and I did not have any further issues... In my case when I blocked Asia my system stopped to crash due these scanners.

It's unfortunately true. I had to do the same and the scanners are at a minimum
now. Although can't say that I've ever crashed due to them.

--- ENiGMA 1/2 v0.0.9-alpha (linux; arm; 8.9.4)
* Origin: Into the Wurmhole .-:<intothewurmhole.ddns.net:8888>:-. (21:4/113.1)

Re: Under bot scanning
By: shinobi to All on Mon Feb 12 2018 02:02 pm

I wonder. How do You proceed with the bot's scanners? I mean I opened the BBS to the world and all I got was just scanning and bot connecting with default passwords. And after several days I usually found my BBS's binaries corrupted. I don't know whether anyone exploited the open access or it was my fault. But how to handle this kind of situations?

This is the reality on port 23. I don't think any of that will be a problem for Mystic but it can be a pain to watch. You could try using a non standard port like 2323 or somesuch.

They will hammer away but they are not going anywhere and are not much more than an eye sore.

Ttyl :-),
Al


... If you don't think women are explosive, drop one!
--- SBBSecho 3.03-Linux
* Origin: The Rusty MailBox - Penticton, BC trmb.synchro.net (21:4/106)

On 02/12/18, Al said the following...

This is the reality on port 23. I don't think any of that will be a problem for Mystic but it can be a pain to watch. You could try using a non standard port like 2323 or somesuch.

They will hammer away but they are not going anywhere and are not much more than an eye sore.

I run the BBS on port 23 here. I get plenty of bots hitting the BBS, and I silently chuckle when the bot is confronted with an ANSI login screen instead of the usual Linux prompt it's looking for :) I just spawn more sessions to make sure there's always an open session to connect to.

Ian

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/32)
* Origin: The Parity Error BBS - Kelowna, BC, Canada (21:1/133)

Personally, never had this kind of issue. From the start i chose a
"weird" port(9999) and even my badip file is empty. :)

Nice solution. No doubt anyone will ever try to scan port above 1024.

Thanks

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
* Origin: INFOLINKA BBS (21:1/153)

I have restriced access with the country blocker to accept calls only from Latin American countries, Canada, the USA and a few European countries and I did not have any further issues... In my case when I blocked Asia my system stopped to crash due these scanners.

That's a good idea. I wonder why most of the attacks come from Russia and
Asia. I guess there is plenty of unsecured computers included in botnets.

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
* Origin: INFOLINKA BBS (21:1/153)

It's unfortunately true. I had to do the same and the scanners are at a minimum now. Although can't say that I've ever crashed due to them.

Well... I guess that there are some nice features in Mystic like the badip
list and that spam list. But well.. I wasn't be able to hold the BBS for more than 24 hours. Guess it's my fault that I cannot configure it properly.

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
* Origin: INFOLINKA BBS (21:1/153)

I run the BBS on port 23 here. I get plenty of bots hitting the BBS, and
I silently chuckle when the bot is confronted with an ANSI login screen instead of the usual Linux prompt it's looking for :) I just spawn more sessions to make sure there's always an open session to connect to.

Thanks for the receipe. Is there like Sysop's shared badip to start with?

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
* Origin: INFOLINKA BBS (21:1/153)

On 02/12/18, Al said the following...

You could try using a non standard port like 2323 or somesuch.

2323 is actually used by a lot of IoT (Internet of Things) devices and still gets hammered pretty hard as bots try to find exploitable gadgets to take over.

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
* Origin: Subcarrier BBS (21:2/140)

On 02/12/18, CyntaxX said the following...

It's unfortunately true. I had to do the same and the scanners are at a minimum now. Although can't say that I've ever crashed due to them.

I run my system at port 23, so I get a couple of Runtime errors due to
that from time to time...

----
Regards from Nighthawk - AKA Flavio Bessa
Sysop of Saturn's Orbit BBS - Rio de Janeiro, Brazil
fcbessa@gmail.com - saturnsorbit.hopto.org

--- Mystic BBS v1.12 A38 2018/01/01 (macOS/64)
* Origin: Chiron, orbiting Saturn - Brazil (21:1/146.1)

On 02/13/18, shinobi said the following...

That's a good idea. I wonder why most of the attacks come from Russia and Asia. I guess there is plenty of unsecured computers included in botnets.

I do get bots from the USA, for instance, but they are rare. Never understood why.

But after restricting China, India, Taiwan and Korea, the bot
infiltration rate started to dwindle.

----
Regards from Nighthawk - AKA Flavio Bessa
Sysop of Saturn's Orbit BBS - Rio de Janeiro, Brazil
fcbessa@gmail.com - saturnsorbit.hopto.org

--- Mystic BBS v1.12 A38 2018/01/01 (macOS/64)
* Origin: Chiron, orbiting Saturn - Brazil (21:1/146.1)

RE: Under bot scanning
BY: Al(21:4/106)

This is the reality on port 23. I don't think any of that will be a
problem for

I would like to see more bbses using the standard port. If the bbs crashes when bots connect, the solution isn't to move to a different port, it's to fix the bbs. Agree that it's merely an eye sore and not a threat. Trying to figure out which weird port this or that bbs is listening on just makes the bbs less accessible.


--- WWIV 5.3.0.development
* Origin: Back to the Future (bttfbbs.com) (21:4/101)

RE: Under bot scanning
BY: Al(21:4/106)

This is the reality on port 23. I don't think any of that will be a problem for

I would like to see more bbses using the standard port. If the bbs
crashes when bots connect, the solution isn't to move to a different
port, it's to fix the bbs. Agree that it's merely an eye sore and not a threat. Trying to figure out which weird port this or that bbs is listening on just makes the bbs less accessible.

I use that port for other reasons , thats why I went with a different port

if there is no port number then asume 23, yes but anytime I post my bbs info
I have the port number

U.S.S. Alliance BBS CMRK.NET:2113

I dont think its that hard for a sysop to post a port number

Richard Szajkowski AKA The Wizzard

U.S.S. Alliance BBS (Brampton) (Born 1984 Reborn 2017)

--- Mystic BBS v1.12 A38 2018/01/01 (Windows/32)
* Origin: U.S.S. Alliance (BBS Brampton) (21:4/111)

On 02/13/18, Nighthawk said the following...

On 02/12/18, CyntaxX said the following...

It's unfortunately true. I had to do the same and the scanners are at minimum now. Although can't say that I've ever crashed due to them.

I run my system at port 23, so I get a couple of Runtime errors due
to that from time to time...

Wow, really! I never would have thought it'd be that devistating.

--- Mystic BBS v1.12 A38 2018/01/01 (Raspberry Pi/32)
* Origin: Digital Wurmhole | digitalwurmhole.ddns.net:2323 (21:4/113)

On 02/13/18, Nighthawk said the following...

On 02/13/18, shinobi said the following...

That's a good idea. I wonder why most of the attacks come from Russia Asia. I guess there is plenty of unsecured computers included in botn

I do get bots from the USA, for instance, but they are rare. Never understood why.

But after restricting China, India, Taiwan and Korea, the bot infiltration rate started to dwindle.

I run on 2323 and I only ever get bots from Japan.

--- Mystic BBS v1.12 A38 2018/01/01 (Raspberry Pi/32)
* Origin: Digital Wurmhole | digitalwurmhole.ddns.net:2323 (21:4/113)

Re: Re: Under bot scanning
By: Outatime to Al on Tue Feb 13 2018 12:22 pm

This is the reality on port 23. I don't think any of that will be a
problem for

I would like to see more bbses using the standard port. If the bbs crashes when bots connect, the solution isn't to move to a different port, it's to fix the bbs. Agree that it's merely an eye sore and not a threat. Trying to figure out which weird port this or that bbs is listening on just makes the bbs less accessible.

That's true. It's easy enough to connect to a BBS on a different port but you have to know (and remember) what port.

I'm running synchronet so I have telnet, rlogin and shh servers here, all on the standard port. I haven't noticed much with rlogin but telnet and ssh are always busy dealing with bots.

None of that is a problem but it is an eye sore.

Ttyl :-),
Al


... You! What PLANET is this? McCoy, stardate 3134.0.
--- SBBSecho 3.03-Linux
* Origin: The Rusty MailBox - Penticton, BC trmb.synchro.net (21:4/106)

On 02/13/18, Outatime said the following...

I would like to see more bbses using the standard port. If the bbs
crashes when bots connect, the solution isn't to move to a different
port, it's to fix the bbs. Agree that it's merely an eye sore and not a threat. Trying to figure out which weird port this or that bbs is listening on just makes the bbs less accessible.

I completely agree. This is why I leave things running on port 23. I haven't experienced a crash that I can pinpoint to a bot causing it. I highly doubt that any bot will be able to understand the ANSI login screens and figure out if it's logged in correctly or not.

The only inconvenience is sometimes I have so many botts hammering away that
it ties up all of the 'lines' i have running. In the age of IP, it's trivial
to fire up additional 'lines' - no more paying $1000 for a new 9600 baud
modem :)

Ian

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/32)
* Origin: The Parity Error BBS - Kelowna, BC, Canada (21:1/133)

Hey xqtr,

I noticed your InterBBS video poker release. I was checking things over and
I couldn't help but notice that the method for sending IBBS data was a bit kludgy, what with having to form a mutil.ini file and running mutil to post
the file. I'm pretty sure that an MPY script can be used to do the same
thing. Just call the MX menu command within the MPY to post the file to the echomail area, like double-up does within the MPL script. Your outgoing ibbs.mpy script can read the same ibbs.ini file to gather the needed info
when calling the MX command.

I think I can whip something up if you want. Let me know what you think.

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
* Origin: Cyberia BBS | cyberia.darktech.org | San Jose, CA (21:1/120)

On 02/13/18, Outatime said the following...

I would like to see more bbses using the standard port. If the bbs
crashes when bots connect, the solution isn't to move to a different
port, it's to fix the bbs. Agree that it's merely an eye sore and not a threat. Trying to figure out which weird port this or that bbs is listening on just makes the bbs less accessible.

I agree with you, and that's why I am running Saturn's Orbit on port 23.

----
Regards from Nighthawk - AKA Flavio Bessa
Sysop of Saturn's Orbit BBS - Rio de Janeiro, Brazil
fcbessa@gmail.com - saturnsorbit.hopto.org

--- Mystic BBS v1.12 A38 2018/01/01 (macOS/64)
* Origin: Chiron, orbiting Saturn - Brazil (21:1/146.1)

On 02/13/18, CyntaxX said the following...

I run on 2323 and I only ever get bots from Japan.

It's amazing how many connections from Japan get blocked here.

----
Regards from Nighthawk - AKA Flavio Bessa
Sysop of Saturn's Orbit BBS - Rio de Janeiro, Brazil
fcbessa@gmail.com - saturnsorbit.hopto.org

--- Mystic BBS v1.12 A38 2018/01/01 (macOS/64)
* Origin: Chiron, orbiting Saturn - Brazil (21:1/146.1)

I noticed your InterBBS video poker release. I was checking things over and I couldn't help but notice that the method for sending IBBS data was
a bit kludgy, what with having to form a mutil.ini file and running
mutil to post the file. I'm pretty sure that an MPY script can be used
to do the same thing. Just call the MX menu command within the MPY to post the file to the echomail area, like double-up does within the MPL script. Your outgoing ibbs.mpy script can read the same ibbs.ini file
to gather the needed info when calling the MX command.
I think I can whip something up if you want. Let me know what you think.

Sure! :) I am not very familiar with Python and MPY. I start learning some weeks ago. If you saw the package, i used your MPY script for getting the score but for sending them, i didn't have another option. If you can write also a script for sending msg, will be great :)

But i have a question about that. To execute a MPY script we must execute it using Mystic. If the user all ready runs the game, an instance of Mystic will also be running. Is it safe to invoke another instance of mystic, only to run another script? Also, to execute the MPY script we should use something like ./mystic -uuser -ppass -yscript... If i remember correct, because i did some tests with another script, the problem is that mystic loads up, but before executing the scripts, waits for a response ex. terminal, theme etc. end because this command will be in the background the user can't enter anything
so it stays like this doing nothing. :(

I made the door to use any external command, so the sysop can use whatever way prefers for sending/receiving the data. Maybe there are other ways too. In the past i tried writing a program to read JAM bases externally (out of mystic)
but i had some troubles and dropped the project. I can't understand why there aren't many JAM Libraries to read/write msg bases. I know there is one for PERL ,but i don't know a bit about PERL and some very old units for Pascal. A Python library would be great, to be more cross system compatible. This way we could have a nice way to send/receive msgs/data through JAM files.

Thank you for your interest and contacting me. :)
Best xqtr...

.----- --- -- -
| Another Droid BBS
: Telnet : andr01d.zapto.org:9999 [UTC 11:00 - 20:00]
. Contact : xqtr.xqtr@gmail.com

--- Mystic BBS v1.12 A38 2018/01/01 (Raspberry Pi/32)
* Origin: Another Droid BBS (21:1/111)

On 02/14/18, xqtr said the following...

I noticed your InterBBS video poker release. I was checking things o and I couldn't help but notice that the method for sending IBBS data a bit kludgy, what with having to form a mutil.ini file and running mutil to post the file. I'm pretty sure that an MPY script can be us to do the same thing. Just call the MX menu command within the MPY t post the file to the echomail area, like double-up does within the MP script. Your outgoing ibbs.mpy script can read the same ibbs.ini fil to gather the needed info when calling the MX command.
I think I can whip something up if you want. Let me know what you th

Sure! :) I am not very familiar with Python and MPY. I start learning
some weeks ago. If you saw the package, i used your MPY script for
getting the score but for sending them, i didn't have another option. If you can write also a script for sending msg, will be great :)

But i have a question about that. To execute a MPY script we must
execute it using Mystic. If the user all ready runs the game, an
instance of Mystic will also be running. Is it safe to invoke another instance of mystic, only to run another script? Also, to execute the MPY script we should use something like ./mystic -uuser -ppass -yscript...
If i remember correct, because i did some tests with another script, the problem is that mystic loads up, but before executing the scripts, waits for a response ex. terminal, theme etc. end because this command will be in the background the user can't enter anything so it stays like this doing nothing. :(

I think that you are over thinking it. If you look at my sbbl.mpy app, it gives an example of posting a file to an echo base using the MX menu command with the menucmd() function.

bbs.menucmd("MX",postfile+";"+str(mbaseid)+";"+useralias+";SBL;"+targ)

In your sysop.txt file you metion creating a
videopokerx.mps script to run the IBBS and then the doorgame. If you create
an ibbs_out.mpy script to post the file, I would just add it to that MPL
script after the game is run.

Uses Cfg;
Uses User;

Begin
GetThisUser;
MenuCMD('GY','vpibbs');
MenuCMD('DD','/home/bbs/doors/videopokerx/videopokerx
'+CfgSysPath+'temp'+Int2Str(NodeNum)+PathChar+'DOOR.SYS');
MenuCMD('GY','vpibbs_out');
End;

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
* Origin: Cyberia BBS | cyberia.darktech.org | San Jose, CA (21:1/120)

On 02/14/18, xqtr said the following...

I made the door to use any external command, so the sysop can use
whatever way prefers for sending/receiving the data. Maybe there are
other ways too. In the past i tried writing a program to read JAM bases externally (out of mystic) but i had some troubles and dropped the project. I can't understand why there aren't many JAM Libraries to read/write msg bases. I know there is one for PERL ,but i don't know a
bit about PERL and some very old units for Pascal. A Python library
would be great, to be more cross system compatible. This way we could
have a nice way to send/receive msgs/data through JAM files.

Yeah, I can relate to that. I too tried to use the Perl libraries to read
from the JAM bases. It did work ok, but yes, it is certainly a kind of
kludge. You are right; there are very few utilities to read/write from a JAM base. I sometimes wonder if it wouldn't be easier to just formulate a FTN mailer packet instead of posting to the message base. But I guess there are many ways to do the same thing.

--- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
* Origin: Cyberia BBS | cyberia.darktech.org | San Jose, CA (21:1/120)

Quoting Nighthawk to Outatime <=-

I agree with you, and that's why I am running Saturn's Orbit on
port 23.

I run the DOS board on port 23. Netfoss handles all those BS connections
pretty well so I've never worried about it.

Magicka defaults to 2023 so that's where it runs. If I ever totally do
away with ezycom I'll cross the port bridge when I come to it. :)

Shawn

... "Would you like to feed my dragon?" ... "Okay, in you go!"
--- Blue Wave/386
* Origin: A Tiny slice o pi (21:1/130.4)

On 02/15/18, Tiny said the following...

I run the DOS board on port 23. Netfoss handles all those BS connections pretty well so I've never worried about it.

Magicka defaults to 2023 so that's where it runs. If I ever totally do
away with ezycom I'll cross the port bridge when I come to it. :)

Nice!

----
Regards from Nighthawk - AKA Flavio Bessa
Sysop of Saturn's Orbit BBS - Rio de Janeiro, Brazil
fcbessa@gmail.com - saturnsorbit.hopto.org

--- Mystic BBS v1.12 A38 2018/01/01 (macOS/64)
* Origin: Chiron, orbiting Saturn - Brazil (21:1/146.1)

I think that you are over thinking it. If you look at my sbbl.mpy app,
it gives an example of posting a file to an echo base using the MX menu command with the menucmd() function.
Begin
GetThisUser;
MenuCMD('GY','vpibbs');
MenuCMD('DD','/home/bbs/doors/videopokerx/videopokerx
'+CfgSysPath+'temp'+Int2Str(NodeNum)+PathChar+'DOOR.SYS');
MenuCMD('GY','vpibbs_out');
End;

Well.. this would be a simpler way... :)

.----- --- -- -
| Another Droid BBS
: Telnet : andr01d.zapto.org:9999 [UTC 11:00 - 20:00]
. Contact : xqtr.xqtr@gmail.com

--- Mystic BBS v1.12 A38 2018/01/01 (Raspberry Pi/32)
* Origin: Another Droid BBS (21:1/111)