Subj : Re: Getting hammered!
To   : Lord Time
From : Sniper
Date : Fri Mar 17 2017 21:40:00

  [1m[34mRe[0m[34m: [1m[36mRe: Getting hammered!
  [34mBy[0m[34m: [1m[36mLord Time [34mto [36mSniper [34mon [36mFri Mar 17 2017 10:19 am[0m

 >  > So, its been a long time...  My BBS has been running on auto-pilot.  With
 >  > daily observation, just not participating.  ANyway, over the last few
 >  > months, it seems that my IP address, host name, or something has been
 >  > given to the hackers of the world.  My system is constantly being
 >  > connected to and they are trying to log in with unknown users.  I've
 >  > checked on the system and 2 or 3 nodes are scrolling off the screen as
 >  > someone is attempting to brute force the Guest account.  (Doesn't exist,
 >  > but that doesn't seem to stop them).  They try to brute force the "root"
 >  > and "admin" as well.  The large majority of these are coming from
 >  > oversees.  .jp, .ru, .au, etc.  So I was attempting to block them by IP,
 >  > but, as soon as I block one, 50 more show up.  Now all this is occuring
 >  > on a little 18 meg Uverse setup.  Its getting a little out of hand!  So
 >  > today, I did a google search for a list of all the world domains.  ANd I
 >  > found a wiki listing them.   So I dropped the list into the
 >  > filter/hostname.  I'm still getting attacked... but now its scrolling off
 >  > the screen:
 > 
 >  >   3/16  10:33:30p  1284 Telnet connection accepted from: 14.175.124.99
 >  > port 34238
 >  >   3/16  10:33:30p  1284 Hostname: static.vnpt.vn
 >  >   3/16  10:33:31p  1284 !CLIENT BLOCKED in host.can: static.vnpt.vn
 > 
 >  > So that list is helping, but, I could seriosuly use a "Silent" mode, like
 >  > the IP block (Silence).
 > 
 >  > But that's only about 1/2 of the constant hammering I'm getting.  The
 >  > rest are "No Name":
 > 
 >  >  3/16  10:42:50p  Node 2 10:42p  Thu Mar 16 2017            Node   2
 >  >   3/16  10:42:50p  Node 2 Telnet  <no name> [45.114.83.11]
 >  >   3/16  10:42:50p  1260 Telnet connection accepted from: 123.168.185.171
 >  > port 43422
 >  >   3/16  10:42:50p  Terminal Server connection reset by peer on send
 > 
 >  >  3/16  10:40:33p  Node 2 connection reset by peer on receive
 >  >   3/16  10:40:33p  Node 2 10:40p  Thu Mar 16 2017            Node   2
 >  >   3/16  10:40:33p  Node 2 Telnet  <no name> [27.54.54.208]
 >  >   3/16  10:40:39p  Node 2 thread terminated (1 node threads remain, 110
 >  > clients served)
 > 
 >  > Usually, you'll see them connect, then shortly after a second connect...
 >  > the first one drops off then the second one starts sending commands:
 > 
 >  >   3/16  10:21:30p  Node 1 Unknown User 'Root'
 >  >   3/16  10:21:31p  Node 1 Unknown User 'Nable'
 >  >   3/16  10:21:31p  Node 1 Unknown User 'Ystem'
 >  >   3/16  10:21:32p  Node 1 Unknown User 'Bin/busybox Mirai'
 >  >   3/16  10:21:34p  Node 1 socket closed by peer on input
 > 
 >  > I'm at my wits end over this.  Can we enter IP's for entire domains?
 >  > 1.1.1.1/32 ??  Because one at a time is just not feasiable anymore!
 >  > Anyone have a good comprehensive list they might send me?
 > 
 >  > Help!  :)
 > 
 > if your running the 3.17a (with the other *.js files) yes
 > 
 > 

Thanks for that info Lord Time.  Sorry, I'm not a bleeding edge type person. 
Since I'm gone for extended periods, I need the stablest system I can do.  :)  


Sniper

Killed In Action BBS, telnet://kiabbs.org
[0m
---
 þ [32mSynchronet[0m þ Killed In Action BBS - kiabbs.org

.