• QWK

    From Mortifis@1:103/705 to Digital Man on Thu Aug 8 09:34:41 2019
    Well, I discovered one issue with not receiving some Dove-Net posts/replies ...
    somehow one of your IP addresses (vert to be specific) ended up in ip.can, so none of those messages were be imported ... I discovered it by logging onto vert and resetting the pointers and watching the import ... 137 messages in all
    were imported once I deleted your IP from ip.can :-/

    Hopefully the corrupt message ID's I have been experiencing are resolved

    Sorry, DM, I didn't realize vert was blocked (TOO MANY FAILED LOGIN ATTEMPTS)

    Cheers

    ~mortifis


    My doctor said I have the body of a 25 year old ... and the mind of a 10 :-/

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Mortifis on Thu Aug 8 11:33:36 2019
    Re: QWK
    By: Mortifis to Digital Man on Thu Aug 08 2019 09:34 am

    Well, I discovered one issue with not receiving some Dove-Net posts/replies ... somehow one of your IP addresses (vert to be specific) ended up in ip.can, so none of those messages were be imported ... I discovered it by logging onto vert and resetting the pointers and watching the import ...
    137
    messages in all were imported once I deleted your IP from ip.can :-/

    Hopefully the corrupt message ID's I have been experiencing are resolved

    Sorry, DM, I didn't realize vert was blocked (TOO MANY FAILED LOGIN ATTEMPTS)

    That's interesting. Other than the daily sbbslist verification, I can't think of any reason why my system would be trying to connect to yours over TCP. Do have a log of these failed login attempts?

    digital man

    Synchronet/BBS Terminology Definition #76:
    TLS = Transport Layer Security (successor to SSL)
    Norco, CA WX: 80.6øF, 58.0% humidity, 1 mph ESE wind, 0.00 inches rain/24hrs --- SBBSecho 3.08-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to Digital Man on Thu Aug 8 17:09:52 2019
    Re: QWK
    By: Mortifis to Digital Man on Thu Aug 08 2019 09:34 am

    Well, I discovered one issue with not receiving some Dove-Net posts/replies ... somehow one of your IP addresses (vert to be specific) ended up in ip.can, so none of those messages were be imported ... I discovered it by logging onto vert and resetting the pointers and watching the import ... 137 messages in all were imported once I deleted your IP from ip.can :-/

    Hopefully the corrupt message ID's I have been experiencing are resolved

    Sorry, DM, I didn't realize vert was blocked (TOO MANY FAILED LOGIN ATTEMPTS)

    That's interesting. Other than the daily sbbslist verification, I can't think of any reason why my system would be trying to connect to yours over TCP. Do have a log of these failed login attempts?

    digital man

    Other than that entry in ip.can (I deleted the entry before I noted the date/time) I do not see your IP address in any data/logs/ file ... odd indeed


    My doctor said I have the body of a 25 year old ... and the mind of a 10 :-/

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Mortifis on Thu Aug 8 15:38:45 2019
    Re: Re: QWK
    By: Mortifis to Digital Man on Thu Aug 08 2019 05:09 pm

    Re: QWK
    By: Mortifis to Digital Man on Thu Aug 08 2019 09:34 am

    Well, I discovered one issue with not receiving some Dove-Net posts/replies ... somehow one of your IP addresses (vert to be specific) ended up in ip.can, so none of those messages were be imported ... I discovered it by logging onto vert and resetting the pointers and watching the import ... 137 messages in all were
    imported
    once I deleted your IP from ip.can :-/

    Hopefully the corrupt message ID's I have been experiencing are resolved

    Sorry, DM, I didn't realize vert was blocked (TOO MANY FAILED LOGIN ATTEMPTS)

    That's interesting. Other than the daily sbbslist verification, I can't think of any reason why my system would be trying to connect to yours over TCP. Do have a log of these failed login attempts?

    Other than that entry in ip.can (I deleted the entry before I noted the date/time) I do not see your IP address in any data/logs/ file ... odd indeed

    Not in data/hack.log?

    Anything address auto-added to ip.can should be reflected in hack.log. I'm pretty sure.

    digital man

    This Is Spinal Tap quote #32:
    Derek Smalls: [A jog?] We don't have time for that.
    Norco, CA WX: 87.2øF, 34.0% humidity, 18 mph ESE wind, 0.00 inches rain/24hrs --- SBBSecho 3.08-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to Digital Man on Thu Aug 8 20:14:47 2019
    Other than that entry in ip.can (I deleted the entry before I noted the date/time) I do not see your IP address in any data/logs/ file ... odd indeed

    Not in data/hack.log?

    Anything address auto-added to ip.can should be reflected in hack.log. I'm pretty sure.

    digital man

    I'm sure you are pretty sure; since you are SBBS :-) ... so I found this single entry:

    SUSPECTED NNTP LOGIN HACK ATTEMPT for user 'guest' on Mon Jul 15 2019 04:31 am Using port 60864 at <no name> [71.95.196.34]
    Details: 3.7042561

    Odd, since I do not believe I even have NNTP(s) enabled or the ports forwarded .. I will investigate further ... that seems about the time I created a GUEST account ... no worries ... you can hack my system any time you feel inclined, (please do), since you'd only improve it :-P





    My doctor said I have the body of a 25 year old ... and the mind of a 10 :-/

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Mortifis on Thu Aug 8 17:28:35 2019
    Re: Re: QWK
    By: Mortifis to Digital Man on Thu Aug 08 2019 08:14 pm

    Other than that entry in ip.can (I deleted the entry before I noted the date/time) I do not see your IP address in any data/logs/ file
    ...
    odd indeed

    Not in data/hack.log?

    Anything address auto-added to ip.can should be reflected in hack.log. I'm pretty sure.

    digital man

    I'm sure you are pretty sure; since you are SBBS :-) ... so I found this single entry:

    SUSPECTED NNTP LOGIN HACK ATTEMPT for user 'guest' on Mon Jul 15 2019 04:31 am Using port 60864 at <no name> [71.95.196.34]
    Details: 3.7042561

    Odd, since I do not believe I even have NNTP(s) enabled or the ports forwarded .. I will investigate further ... that seems about the time I created a GUEST account ... no worries ... you can hack my system any time you feel inclined, (please do), since you'd only improve it :-P

    That is pretty weird. Of course, *I* didn't try to login to your system via NNTP. We do have the nightly sbbslist verifications, but that's just a TCP connection (no login attempt). So I have no idea about that just yet.

    What do you have your LoginAttemptHackThreshold set to in your sbbs.ini file?

    Do you have a Guest account on your system?

    digital man

    Synchronet/BBS Terminology Definition #68:
    SSJS = Server-side JavaScript
    Norco, CA WX: 85.3øF, 30.0% humidity, 19 mph NE wind, 0.00 inches rain/24hrs --- SBBSecho 3.08-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Mortifis on Thu Aug 8 18:04:42 2019
    Re: Re: QWK
    By: Digital Man to Mortifis on Thu Aug 08 2019 05:28 pm

    Re: Re: QWK
    By: Mortifis to Digital Man on Thu Aug 08 2019 08:14 pm

    Other than that entry in ip.can (I deleted the entry before I
    noted
    the date/time) I do not see your IP address in any data/logs/ file ... odd indeed

    Not in data/hack.log?

    Anything address auto-added to ip.can should be reflected in
    hack.log.
    I'm pretty sure.

    digital man

    I'm sure you are pretty sure; since you are SBBS :-) ... so I found
    this
    single entry:

    SUSPECTED NNTP LOGIN HACK ATTEMPT for user 'guest' on Mon Jul 15 2019 04:31 am Using port 60864 at <no name> [71.95.196.34]
    Details: 3.7042561

    Odd, since I do not believe I even have NNTP(s) enabled or the ports forwarded .. I will investigate further ... that seems about the time I created a GUEST account ... no worries ... you can hack my system any time you feel inclined, (please do), since you'd only improve it :-P

    That is pretty weird. Of course, *I* didn't try to login to your system via NNTP. We do have the nightly sbbslist verifications, but that's just a TCP connection (no login attempt). So I have no idea about that just yet.

    What do you have your LoginAttemptHackThreshold set to in your sbbs.ini file?

    Do you have a Guest account on your system?

    So... I guessing you either don't have a Guest account or you have a Guest account with a (non-blank) password. And there was a bug, but that's now fixed. So it shouldn't happen again even if you don't change anything (but do update to the latest and greatest dev build).

    digital man

    Synchronet/BBS Terminology Definition #3:
    ASCII = American Standard Code for Information Interchange
    Norco, CA WX: 84.1øF, 35.0% humidity, 11 mph ENE wind, 0.00 inches rain/24hrs --- SBBSecho 3.08-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to Digital Man on Fri Aug 9 00:19:06 2019
    That is pretty weird. Of course, *I* didn't try to login to your system via NNTP. We do have the nightly sbbslist verifications, but that's just a TCP connection (no login attempt). So I have no idea about that just yet.

    What do you have your LoginAttemptHackThreshold set to in your sbbs.ini file?

    ... LoginAttempthackThreshold = 3
    ... AttemptDelay = 5000
    ... Throttle = 1000
    ... Filter = 3
    ... Ban 6000
    ... Duration - 1D


    Do you have a Guest account on your system?


    Yes, After 25 years or so, I do have a Guest account now, as of last month ... huh, was my lame u-dev method the culprit? :-P

    So... I guessing you either don't have a Guest account or you have a Guest account with a (non-blank) password.

    ... NO IT IS BLANK!

    And there was a bug, but that's now
    fixed. So it shouldn't happen again even if you don't change anything (but do update to the latest and greatest dev build).

    digital man

    .. as always, I need to keep up with a full dev-update and not a half-assed one like I usually do :-P ... thank you DM ... keep me on my toes :-)



    My doctor said I have the body of a 25 year old ... and the mind of a 10 :-/

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Mortifis on Thu Aug 8 20:48:05 2019
    Re: Re: QWK
    By: Mortifis to Digital Man on Fri Aug 09 2019 12:19 am

    That is pretty weird. Of course, *I* didn't try to login to your system via NNTP. We do have the nightly sbbslist verifications, but that's just a TCP connection (no login attempt). So I have no idea about that just yet.

    What do you have your LoginAttemptHackThreshold set to in your sbbs.ini file?

    ... LoginAttempthackThreshold = 3
    ... AttemptDelay = 5000
    ... Throttle = 1000
    ... Filter = 3
    ... Ban 6000
    ... Duration - 1D

    Wow, that's pretty harsh: 3 failed password attempts and you permantly ban a user's IP addrss!

    Your TempBanThreshold is 6000? That seems.... oddly high.

    If you directly copy/pasted from the sbbs.ini file, I might get a more accurate view of your configuration settings.

    Do you have a Guest account on your system?


    Yes, After 25 years or so, I do have a Guest account now, as of last
    month
    ... huh, was my lame u-dev method the culprit? :-P

    So... I guessing you either don't have a Guest account or you have a
    Guest
    account with a (non-blank) password.

    ... NO IT IS BLANK!

    Okay, but you didn't have a Guest account on July 15th, so that explain why the login failures (though technically, not really login attempts - but that's now fixed).

    And there was a bug, but that's now
    fixed. So it shouldn't happen again even if you don't change anything (but do update to the latest and greatest dev build).

    .. as always, I need to keep up with a full dev-update and not a
    half-assed
    one like I usually do :-P ... thank you DM ... keep me on my toes :-)

    Cool. Well anyway, we found and fixed and issue, so good job!

    digital man

    This Is Spinal Tap quote #4:
    David St. Hubbins: He died in a bizarre gardening accident...
    Norco, CA WX: 73.5øF, 63.0% humidity, 5 mph ENE wind, 0.00 inches rain/24hrs --- SBBSecho 3.08-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to Digital Man on Fri Aug 9 09:18:30 2019
    Wow, that's pretty harsh: 3 failed password attempts and you permantly ban user's IP addrss!

    Your TempBanThreshold is 6000? That seems.... oddly high.


    LOL I suppose it is :-P I set that to 3 after watching the same ip addresses the stock 10 attempts since if it was a real user they'd see the prompt "Did you forget your password?"

    If you directly copy/pasted from the sbbs.ini file, I might get a more accurate view of your configuration settings.


    ; Failed login-attempt tracking, throttling, logging, and filtering:
    LoginAttemptDelay = 5000
    LoginAttemptThrottle = 1000
    LoginAttemptHackThreshold = 3 (I changed it to 10)
    LoginAttemptFilterThreshold = 3 (I changed it to 10)
    LoginAttemptTempBanThreshold = 6000 (I changed it to 20)
    LoginAttemptTempBanDuration = 1D (Might change it to 1Y :)
    OutgoingV4=0.0.0.0
    OutgoingV6=::
    OutboundInterface = 0.0.0.0
    OutboundV6Interface = ::

    And, yes, I am not sure how LoginAttemptTempBanThreshold ended up being 6000 instead of the typical 20 :-?

    I'll do a full, proper, update this weekend, Thank you DM


    My doctor said I have the body of a 25 year old ... and the mind of a 10 :-/

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Mortifis on Fri Aug 9 08:50:49 2019
    Re: Re: QWK
    By: Mortifis to Digital Man on Fri Aug 09 2019 09:18 am

    Wow, that's pretty harsh: 3 failed password attempts and you permantly ban a user's IP addrss!

    Your TempBanThreshold is 6000? That seems.... oddly high.


    LOL I suppose it is :-P I set that to 3 after watching the same ip
    addresses
    the stock 10 attempts since if it was a real user they'd see the prompt "Did you forget your password?"

    If you directly copy/pasted from the sbbs.ini file, I might get a more accurate view of your configuration settings.


    ; Failed login-attempt tracking, throttling, logging, and filtering:
    LoginAttemptDelay = 5000
    LoginAttemptThrottle = 1000
    LoginAttemptHackThreshold = 3 (I changed it to 10)
    LoginAttemptFilterThreshold = 3 (I changed it to 10)
    LoginAttemptTempBanThreshold = 6000 (I changed it to 20)
    LoginAttemptTempBanDuration = 1D (Might change it to 1Y :)
    OutgoingV4=0.0.0.0
    OutgoingV6=::
    OutboundInterface = 0.0.0.0
    OutboundV6Interface = ::

    Okay, the numbers in parens look a bit more sane. :-)

    And, yes, I am not sure how LoginAttemptTempBanThreshold ended up being
    6000
    instead of the typical 20 :-?

    Yeah, weird.

    I'll do a full, proper, update this weekend, Thank you DM

    Cool.

    digital man

    This Is Spinal Tap quote #17:
    David St. Hubbins: It's such a fine line between stupid, and uh... and clever. Norco, CA WX: 72.5øF, 68.0% humidity, 0 mph SSW wind, 0.00 inches rain/24hrs --- SBBSecho 3.08-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)