Well, I discovered one issue with not receiving some Dove-Net posts/replies ... somehow one of your IP addresses (vert to be specific) ended up in ip.can, so none of those messages were be imported ... I discovered it by logging onto vert and resetting the pointers and watching the import ...137
messages in all were imported once I deleted your IP from ip.can :-/
Hopefully the corrupt message ID's I have been experiencing are resolved
Sorry, DM, I didn't realize vert was blocked (TOO MANY FAILED LOGIN ATTEMPTS)
Re: QWK
By: Mortifis to Digital Man on Thu Aug 08 2019 09:34 am
Well, I discovered one issue with not receiving some Dove-Net posts/replies ... somehow one of your IP addresses (vert to be specific) ended up in ip.can, so none of those messages were be imported ... I discovered it by logging onto vert and resetting the pointers and watching the import ... 137 messages in all were imported once I deleted your IP from ip.can :-/
Hopefully the corrupt message ID's I have been experiencing are resolved
Sorry, DM, I didn't realize vert was blocked (TOO MANY FAILED LOGIN ATTEMPTS)
That's interesting. Other than the daily sbbslist verification, I can't think of any reason why my system would be trying to connect to yours over TCP. Do have a log of these failed login attempts?
digital man
importedRe: QWK
By: Mortifis to Digital Man on Thu Aug 08 2019 09:34 am
Well, I discovered one issue with not receiving some Dove-Net posts/replies ... somehow one of your IP addresses (vert to be specific) ended up in ip.can, so none of those messages were be imported ... I discovered it by logging onto vert and resetting the pointers and watching the import ... 137 messages in all were
once I deleted your IP from ip.can :-/
Hopefully the corrupt message ID's I have been experiencing are resolved
Sorry, DM, I didn't realize vert was blocked (TOO MANY FAILED LOGIN ATTEMPTS)
That's interesting. Other than the daily sbbslist verification, I can't think of any reason why my system would be trying to connect to yours over TCP. Do have a log of these failed login attempts?
Other than that entry in ip.can (I deleted the entry before I noted the date/time) I do not see your IP address in any data/logs/ file ... odd indeed
Other than that entry in ip.can (I deleted the entry before I noted the date/time) I do not see your IP address in any data/logs/ file ... odd indeed
Not in data/hack.log?
Anything address auto-added to ip.can should be reflected in hack.log. I'm pretty sure.
digital man
...Other than that entry in ip.can (I deleted the entry before I noted the date/time) I do not see your IP address in any data/logs/ file
odd indeed
Not in data/hack.log?
Anything address auto-added to ip.can should be reflected in hack.log. I'm pretty sure.
digital man
I'm sure you are pretty sure; since you are SBBS :-) ... so I found this single entry:
SUSPECTED NNTP LOGIN HACK ATTEMPT for user 'guest' on Mon Jul 15 2019 04:31 am Using port 60864 at <no name> [71.95.196.34]
Details: 3.7042561
Odd, since I do not believe I even have NNTP(s) enabled or the ports forwarded .. I will investigate further ... that seems about the time I created a GUEST account ... no worries ... you can hack my system any time you feel inclined, (please do), since you'd only improve it :-P
Re: Re: QWKnoted
By: Mortifis to Digital Man on Thu Aug 08 2019 08:14 pm
Other than that entry in ip.can (I deleted the entry before I
hack.log.the date/time) I do not see your IP address in any data/logs/ file ... odd indeed
Not in data/hack.log?
Anything address auto-added to ip.can should be reflected in
thisI'm pretty sure.
digital man
I'm sure you are pretty sure; since you are SBBS :-) ... so I found
single entry:
SUSPECTED NNTP LOGIN HACK ATTEMPT for user 'guest' on Mon Jul 15 2019 04:31 am Using port 60864 at <no name> [71.95.196.34]
Details: 3.7042561
Odd, since I do not believe I even have NNTP(s) enabled or the ports forwarded .. I will investigate further ... that seems about the time I created a GUEST account ... no worries ... you can hack my system any time you feel inclined, (please do), since you'd only improve it :-P
That is pretty weird. Of course, *I* didn't try to login to your system via NNTP. We do have the nightly sbbslist verifications, but that's just a TCP connection (no login attempt). So I have no idea about that just yet.
What do you have your LoginAttemptHackThreshold set to in your sbbs.ini file?
Do you have a Guest account on your system?
That is pretty weird. Of course, *I* didn't try to login to your system via NNTP. We do have the nightly sbbslist verifications, but that's just a TCP connection (no login attempt). So I have no idea about that just yet.
What do you have your LoginAttemptHackThreshold set to in your sbbs.ini file?
Do you have a Guest account on your system?
So... I guessing you either don't have a Guest account or you have a Guest account with a (non-blank) password.
And there was a bug, but that's now
fixed. So it shouldn't happen again even if you don't change anything (but do update to the latest and greatest dev build).
digital man
That is pretty weird. Of course, *I* didn't try to login to your system via NNTP. We do have the nightly sbbslist verifications, but that's just a TCP connection (no login attempt). So I have no idea about that just yet.
What do you have your LoginAttemptHackThreshold set to in your sbbs.ini file?
... LoginAttempthackThreshold = 3
... AttemptDelay = 5000
... Throttle = 1000
... Filter = 3
... Ban 6000
... Duration - 1D
Do you have a Guest account on your system?
Yes, After 25 years or so, I do have a Guest account now, as of lastmonth
... huh, was my lame u-dev method the culprit? :-PGuest
So... I guessing you either don't have a Guest account or you have a
account with a (non-blank) password.
... NO IT IS BLANK!
half-assedAnd there was a bug, but that's now
fixed. So it shouldn't happen again even if you don't change anything (but do update to the latest and greatest dev build).
.. as always, I need to keep up with a full dev-update and not a
one like I usually do :-P ... thank you DM ... keep me on my toes :-)
Wow, that's pretty harsh: 3 failed password attempts and you permantly ban user's IP addrss!
Your TempBanThreshold is 6000? That seems.... oddly high.
If you directly copy/pasted from the sbbs.ini file, I might get a more accurate view of your configuration settings.
Wow, that's pretty harsh: 3 failed password attempts and you permantly ban a user's IP addrss!
Your TempBanThreshold is 6000? That seems.... oddly high.
LOL I suppose it is :-P I set that to 3 after watching the same ipaddresses
the stock 10 attempts since if it was a real user they'd see the prompt "Did you forget your password?"
If you directly copy/pasted from the sbbs.ini file, I might get a more accurate view of your configuration settings.
; Failed login-attempt tracking, throttling, logging, and filtering:
LoginAttemptDelay = 5000
LoginAttemptThrottle = 1000
LoginAttemptHackThreshold = 3 (I changed it to 10)
LoginAttemptFilterThreshold = 3 (I changed it to 10)
LoginAttemptTempBanThreshold = 6000 (I changed it to 20)
LoginAttemptTempBanDuration = 1D (Might change it to 1Y :)
OutgoingV4=0.0.0.0
OutgoingV6=::
OutboundInterface = 0.0.0.0
OutboundV6Interface = ::
And, yes, I am not sure how LoginAttemptTempBanThreshold ended up being6000
instead of the typical 20 :-?
I'll do a full, proper, update this weekend, Thank you DM
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 285 |
Nodes: | 16 (2 / 14) |
Uptime: | 68:18:27 |
Calls: | 6,488 |
Calls today: | 1 |
Files: | 12,096 |
Messages: | 5,275,281 |