Subj : Re: Getting hammered!
To   : Sniper
From : Lord Time
Date : Fri Mar 17 2017 10:19:00

 > So, its been a long time...  My BBS has been running on auto-pilot.  With
 > daily observation, just not participating.  ANyway, over the last few
 > months, it seems that my IP address, host name, or something has been given
 > to the hackers of the world.  My system is constantly being connected to and
 > they are trying to log in with unknown users.  I've checked on the system
 > and 2 or 3 nodes are scrolling off the screen as someone is attempting to
 > brute force the Guest account.  (Doesn't exist, but that doesn't seem to
 > stop them).  They try to brute force the "root" and "admin" as well.  The
 > large majority of these are coming from oversees.  .jp, .ru, .au, etc.  So I
 > was attempting to block them by IP, but, as soon as I block one, 50 more
 > show up.  Now all this is occuring on a little 18 meg Uverse setup.  Its
 > getting a little out of hand!  So today, I did a google search for a list of
 > all the world domains.  ANd I found a wiki listing them.   So I dropped the
 > list into the filter/hostname.  I'm still getting attacked... but now its
 > scrolling off the screen:

 >   3/16  10:33:30p  1284 Telnet connection accepted from: 14.175.124.99 port
 > 34238
 >   3/16  10:33:30p  1284 Hostname: static.vnpt.vn
 >   3/16  10:33:31p  1284 !CLIENT BLOCKED in host.can: static.vnpt.vn

 > So that list is helping, but, I could seriosuly use a "Silent" mode, like
 > the IP block (Silence).   

 > But that's only about 1/2 of the constant hammering I'm getting.  The rest
 > are "No Name":

 >  3/16  10:42:50p  Node 2 10:42p  Thu Mar 16 2017            Node   2
 >   3/16  10:42:50p  Node 2 Telnet  <no name> [45.114.83.11]
 >   3/16  10:42:50p  1260 Telnet connection accepted from: 123.168.185.171
 > port 43422
 >   3/16  10:42:50p  Terminal Server connection reset by peer on send

 >  3/16  10:40:33p  Node 2 connection reset by peer on receive
 >   3/16  10:40:33p  Node 2 10:40p  Thu Mar 16 2017            Node   2
 >   3/16  10:40:33p  Node 2 Telnet  <no name> [27.54.54.208]
 >   3/16  10:40:39p  Node 2 thread terminated (1 node threads remain, 110
 > clients served)

 > Usually, you'll see them connect, then shortly after a second connect... the
 > first one drops off then the second one starts sending commands:

 >   3/16  10:21:30p  Node 1 Unknown User 'Root'
 >   3/16  10:21:31p  Node 1 Unknown User 'Nable'
 >   3/16  10:21:31p  Node 1 Unknown User 'Ystem'
 >   3/16  10:21:32p  Node 1 Unknown User 'Bin/busybox Mirai'
 >   3/16  10:21:34p  Node 1 socket closed by peer on input

 > I'm at my wits end over this.  Can we enter IP's for entire domains?
 > 1.1.1.1/32 ??  Because one at a time is just not feasiable anymore!  Anyone
 > have a good comprehensive list they might send me?  

 > Help!  :)

if your running the 3.17a (with the other *.js files) yes 
 
 
---
 
Rob Starr
Lord Time SysOp of
Time Warp of the Future BBS 
Telnet://Time.Darktech.Org:24 or
Telnet://Time.Synchro.Net:24 (qwk or ftn & e-mail)
ICQ # 11868133 or # 70398519  Jabber : lordtime2000@gmail.com
Yahoo : lordtime2000  AIM : LordTime20000 Astra : lord_time  
X-Box : Lord Time 2000  oovoo : lordtime2000  Skype : lordtime@tds.net
[0m---
 þ [32mSynchronet[0m þ [34mTime Warp of the Future BBS [37m- [31mHome of League 10 IBBS Games

.