I've recently started having problems with remote sites opening all available nodes, tying up my BBS. I have 12 nodes configured, and all 12 will be sitting at the login prompt and all from the same IP. I have been blocking entire blocks of IP addresses at my router, and more keep cropping up. Lately there have been 75 or 80 different addresses each day now. I have been blocking entire CIDR ranges after looking up the ASN and blocking all of their addresses.

Is there some way to prevent the same IP from connecting multiple times?

---
þ Synchronet þ TW Lounge BBS - bbs.twlounge.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: All terminal nodes in-use
By: Morpheus to All on Sat May 02 2026 08:28 am

I've recently started having problems with remote sites opening all available nodes, tying up my BBS. I have 12 nodes configured, and all 12 will be sitting at the login prompt and all from the same IP. I have been blocking entire blocks of IP addresses at my router, and more keep cropping up. Lately there have been 75 or 80 different addresses each day now. I have been blocking entire CIDR ranges after looking up the ASN and blocking all of their addresses.

Have a look at this: https://wiki.synchro.net/howto:block-hackers

If all of your nodes are filled by the same IP, it sounds like you need to set your MaxConcurrentConnections to something way lower than it is.

I lowered mine from 3 to 2 a couple days ago. We've all been seeing an increase of the thing you're describing.

Adjusting the MaxLoginInactivity and MaxDumbTermInactivity can help as well, something between 10-20 seconds.

|08ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
|15 Ü|07 Ü |08Ü |11codefenix |08³
|15 Û|07ÛÛÛ|08Û |09ConstructiveChaos BBS |08³
|15 Þ|07ÜÛÜ|08Ý |01conchaos.synchro.net |08³ |08ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
|07
---
þ Synchronet þ -=[ ConstructiveChaos BBS | conchaos.synchro.net ]=-
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: All terminal nodes in-use
By: Morpheus to All on Sat May 02 2026 08:28 am

Is there some way to prevent the same IP from connecting multiple times?

Had the same thing happening the past day or two. Running my system on Debian -- hit them with iptables to solve that issue. Best I could do on the fly.
_________
kurisu Yamato
www.xadara.com

---
þ Synchronet þ Revertive Pulse - revertivepulse.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: All terminal nodes in-use
By: Morpheus to All on Sat May 02 2026 08:28 am

I've recently started having problems with remote sites opening all available nodes, tying up my BBS. I have 12 nodes configured, and all 12 will be sitting at the login prompt and all from the same IP. I have been blocking entire blocks of IP addresses at my router, and more keep cropping up. Lately there have been 75 or 80 different addresses each day now. I have been blocking entire CIDR ranges after looking up the ASN and blocking all of their addresses.

In your sbbs.ini (in sbbs/ctrl), under the [BBS] section, try decreasing (or setting) the value of the MaxConcurrentConnections setting. I was having the same issue lately, and I noticed my MaxConcurrentConnections was 8, meaning it would allow up to 8 connections from the same IP address. Per a suggestion from Digital Man, I decreased that to 2, and that helped a lot.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: All terminal nodes in-use
By: Morpheus to All on Sat May 02 2026 08:28 am

I've recently started having problems with remote sites opening all available nodes, tying up my BBS. I have 12 nodes configured, and all 12 will be sitting at the login prompt and all from the same IP. I have been blocking entire blocks of IP addresses at my router, and more keep cropping up. Lately there have been 75 or 80 different addresses each day now. I have been blocking entire CIDR ranges after looking up the ASN and blocking all of their addresses.

have you tried fail2ban?

Denn

...CURSOR: What you become when your system crashes.

---
þ Synchronet þ the Outwest BBS - outwest.synchro.net - Home of BBSBASE 6.0
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Denn wrote to Morpheus <=-

I've recently started having problems with remote sites opening all available nodes, tying up my BBS. I have 12 nodes configured, and all 12 will be sitting at the login prompt and all from the same IP. I have been blocking entire blocks of IP addresses at my router, and more keep cropping up. Lately there have been 75 or 80 different addresses each day now. I have been blocking entire CIDR ranges after looking up the ASN and blocking all of their addresses.

have you tried fail2ban?

I have thought about trying fail2ban many times, but just haven't ever
had the need, although this recent bot crap is making me think about it
again.

I'm in need of some info, which surprisingly can't seem to find good
answers for by searching. Here are a few questions I have if anyone
could answer them:

1. I understand it monitors log(s) and then adds lines/rules to
iptables to block/ban that IP address. But... what if you're not using iptables on the BBS computer? I'm not, because why would I be? It's
behind a router/firewall already and isn't needed in my experience.
So... how can I use fail2ban?

2. Is the answer to #1 to *start* using iptables? That sounds simple,
but a quick look into that revealed a horribly complicated setup/config
file just to get it going.

So I'd be appreciative of a "Fail2ban for Dummies" type of setup guide,
and especially on how to initially set up iptables for this use.

Thanks in advance.



... Gone crazy, be back later, please leave message.
--- MultiMail/Linux v0.52
þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: All terminal nodes in-use
By: Gamgee to Denn on Sun May 03 2026 08:55 am

Denn wrote to Morpheus <=-

I've recently started having problems with remote sites opening all available nodes, tying up my BBS. I have 12 nodes configured, and all 12 will be sitting at the login prompt and all from the same IP. I have been blocking entire blocks of IP addresses at my router, and more keep cropping up. Lately there have been 75 or 80 different addresses each day now. I have been blocking entire CIDR ranges after looking up the ASN and blocking all of their addresses.

have you tried fail2ban?

I have thought about trying fail2ban many times, but just haven't ever
had the need, although this recent bot crap is making me think about it again.

I'm in need of some info, which surprisingly can't seem to find good
answers for by searching. Here are a few questions I have if anyone
could answer them:

1. I understand it monitors log(s) and then adds lines/rules to
iptables to block/ban that IP address. But... what if you're not using iptables on the BBS computer? I'm not, because why would I be?

I'm not using it. When I have issues (on Vertrauen or reported) with bots, I add features to Synchronet to mitigate those issues. I see you're running a development build of Synchronet (v3.22a), so if you update to the latest, you should have this feature available in SCFG->Servers->Terminal Server:

É[þ][?]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
º Max Concurrent Connections º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹
º ³Maximum (Unauthenticated) 2 º
º ³Auto-Filter Threshold 10 º
º ³Auto-Filter Duration 1 day º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ

This feature has auto-banned 50 IP addresses on Vertrauen over the last 24 hours. Lower the threshold or increase the duration as you like.
--
digital man (rob)

Rush quote #81:
Catch the witness, catch the wit, catch the spirit, catch the spit
Norco, CA WX: 67.1øF, 65.0% humidity, 4 mph WSW wind, 0.00 inches rain/24hrs --- SBBSecho 3.37-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Digital Man wrote to Gamgee <=-

I have thought about trying fail2ban many times, but just haven't ever
had the need, although this recent bot crap is making me think about it again.

I'm in need of some info, which surprisingly can't seem to find good
answers for by searching. Here are a few questions I have if anyone
could answer them:

1. I understand it monitors log(s) and then adds lines/rules to
iptables to block/ban that IP address. But... what if you're not using iptables on the BBS computer? I'm not, because why would I be?

I'm not using it. When I have issues (on Vertrauen or reported) with
bots, I add features to Synchronet to mitigate those issues. I see
you're running a development build of Synchronet (v3.22a), so if you update to the latest, you should have this feature available in SCFG->Servers->Terminal Server:

.[=][?]================================.
I Max Concurrent Connections I }======================================{
I |Maximum (Unauthenticated) 2 I
I |Auto-Filter Threshold 10 I
I |Auto-Filter Duration 1 day I `======================================'

This feature has auto-banned 50 IP addresses on Vertrauen over the last
24 hours. Lower the threshold or increase the duration as you like.

Wow. Well, that is certainly easier, and sounds like it works great.

Thank you, Digital Man. I am continually amazed at your responsiveness
to user's questions and needs. It truly is un-matched and is so greatly appreciated. Thank you very much!

I feel sorry for users of other BBS software. :-)


... Pros are those who do their jobs well, even when they don't feel like it. === MultiMail/Linux v0.52
--- SBBSecho 3.37-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (1:135/115)

Re: Re: All terminal nodes in-use
By: Gamgee to Denn on Sun May 03 2026 08:55 am

have you tried fail2ban?

I have thought about trying fail2ban many times, but just haven't ever had the need, although this recent bot crap is making me think about it again.

I have used fail2ban in the past, I don't use it at this point as my router has built in DDOS protection and If you read the wiki it also gives a few tips to midigate attacks - https://wiki.synchro.net/howto:block-hackers

So I'd be appreciative of a "Fail2ban for Dummies" type of setup guide, and especially on how to initially set up iptables for this use.

https://www.youtube.com/watch?v=kmy8F5XTkoE

Are you using Debian or Ubuntu?

Denn

...Whaddya mean you don't staple-on diskette labels!?

---
þ Synchronet þ the Outwest BBS - outwest.synchro.net - Home of BBSBASE 6.0
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: All terminal nodes in-use
By: Denn to Gamgee on Sun May 03 2026 01:29 pm

I have thought about trying fail2ban many times, but just haven't ever had the need, although this recent bot crap is making me think about it again.

I have used fail2ban in the past, I don't use it at this point as my router has built in DDOS protection and If you read the wiki it also gives a few tips to midigate attacks - https://wiki.synchro.net/howto:block-hackers

So I'd be appreciative of a "Fail2ban for Dummies" type of setup guide, and especially on how to initially set up iptables for this use.

https://www.youtube.com/watch?v=kmy8F5XTkoE

Thanks, that's a decent video, but... it leaves out the most important part for me... It says that F2B will "ban the IP" when needed, but exactly *HOW* does it do that? As far as I know, it adds something to the iptables data which actually does the blocking of an IP. That's great if your system is running iptables (to support a firewall app). I think Ubuntu and similar run something called "UFW" for this purpose, but I am not running anything like that.

Are you using Debian or Ubuntu?

No, using Slackware here. No firewall running on the local machine, because it's behind a router anyway.

Thanks for the video anyway. If you saw one of Digital Man's messages to me, he has provided some new functionality to auto-ban IP addresses based on exceeding thresholds for too many concurrent connections. I have updated to the latest SBBS version to get that, and it is definitely working/helping. Worth getting for anyone reading this... ;-)

---
þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: All terminal nodes in-use
By: Codefenix to Morpheus on Sat May 02 2026 12:42 pm

If all of your nodes are filled by the same IP, it sounds like you need to set your MaxConcurrentConnections to something way lower than it is.

Thank you. I will give that a try.

---
þ Synchronet þ TW Lounge BBS - bbs.twlounge.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: All terminal nodes in-use
By: Nightfox to Morpheus on Sat May 02 2026 11:49 am

In your sbbs.ini (in sbbs/ctrl), under the [BBS] section, try decreasing (or setting) the value of the MaxConcurrentConnections setting. I was

Just set it to 2 connections. I'll keep an eye on it and see how it goes.

Thanks.

---
þ Synchronet þ TW Lounge BBS - bbs.twlounge.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: All terminal nodes in-use
By: Denn to Morpheus on Sat May 02 2026 09:57 pm

have you tried fail2ban?

No, haven't tried that yet.

---
þ Synchronet þ TW Lounge BBS - bbs.twlounge.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)