Subj : Getting hammered!
To   : All
From : Sniper
Date : Thu Mar 16 2017 22:53:00

So, its been a long time...  My BBS has been running on auto-pilot.  With
daily observation, just not participating.  ANyway, over the last few months,
it seems that my IP address, host name, or something has been given to the
hackers of the world.  My system is constantly being connected to and they are
trying to log in with unknown users.  I've checked on the system and 2 or 3
nodes are scrolling off the screen as someone is attempting to brute force the
Guest account.  (Doesn't exist, but that doesn't seem to stop them).  They try
to brute force the "root" and "admin" as well.  The large majority of these are
coming from oversees.  .jp, .ru, .au, etc.  So I was attempting to block them
by IP, but, as soon as I block one, 50 more show up.  Now all this is occuring
on a little 18 meg Uverse setup.  Its getting a little out of hand!  So today,
I did a google search for a list of all the world domains.  ANd I found a wiki
listing them.   So I dropped the list into the filter/hostname.  I'm still
getting attacked... but now its scrolling off the screen:

  3/16  10:33:30p  1284 Telnet connection accepted from: 14.175.124.99 port
34238
  3/16  10:33:30p  1284 Hostname: static.vnpt.vn
  3/16  10:33:31p  1284 !CLIENT BLOCKED in host.can: static.vnpt.vn

So that list is helping, but, I could seriosuly use a "Silent" mode, like the
IP block (Silence).   

But that's only about 1/2 of the constant hammering I'm getting.  The rest are
"No Name":

 3/16  10:42:50p  Node 2 10:42p  Thu Mar 16 2017            Node   2
  3/16  10:42:50p  Node 2 Telnet  <no name> [45.114.83.11]
  3/16  10:42:50p  1260 Telnet connection accepted from: 123.168.185.171 port
43422
  3/16  10:42:50p  Terminal Server connection reset by peer on send

 3/16  10:40:33p  Node 2 connection reset by peer on receive
  3/16  10:40:33p  Node 2 10:40p  Thu Mar 16 2017            Node   2
  3/16  10:40:33p  Node 2 Telnet  <no name> [27.54.54.208]
  3/16  10:40:39p  Node 2 thread terminated (1 node threads remain, 110 clients
served)

Usually, you'll see them connect, then shortly after a second connect... the
first one drops off then the second one starts sending commands:

  3/16  10:21:30p  Node 1 Unknown User 'Root'
  3/16  10:21:31p  Node 1 Unknown User 'Nable'
  3/16  10:21:31p  Node 1 Unknown User 'Ystem'
  3/16  10:21:32p  Node 1 Unknown User 'Bin/busybox Mirai'
  3/16  10:21:34p  Node 1 socket closed by peer on input

I'm at my wits end over this.  Can we enter IP's for entire domains? 
1.1.1.1/32 ??  Because one at a time is just not feasiable anymore!  Anyone
have a good comprehensive list they might send me?  

Help!  :)

Sniper

Sniper

Killed In Action BBS, telnet://kiabbs.org
[0m
---
 þ [32mSynchronet[0m þ Killed In Action BBS - kiabbs.org

.