Subj : Bot attacks
To   : Cozmo
From : deon
Date : Thu Apr 25 2024 08:57 pm

  Re: Bot attacks
  By: Cozmo to All on Wed Apr 24 2024 05:57 pm

Howdy,

 > What are sysops using to combat this? What are my options besides changing
 > my port. (i'not using port 23). What mods or programs are you all using?

I have a couple of things in play here.

I use MikroTik routers, so I have preloaded it with nets of countries that I reject any connection from - their is a github repository with a map of IP segments to countries. I wrote a tool that collapses nets to a larger mask (since I block several countries), to reduce the definitions - and while that is effective, it isnt 100% (anybody can spin up a VM in another country and run their spaming from it.

In front of the BBS I also use haproxy, with a rule that an IP address cannot have more than 1 concurrent connection, and can only connect once every 60 secs. (I whitelist some addresses so they bypass this rule.)

I also use haproxy in front of my mail servers (for mail clients), together with ssl certs so a connection needs to use the a SNI enabled client to connect to the appropriate server - an IP address wont make it. This is pretty effective.

The SBBS has it's own things as well...


....כמון
--- SBBSecho 3.20-Linux
 * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

.