After several years on backup. I decided to take out my BBS again and turn it on. I left it on overnight and when i woke up in the morning, i noticed on web, terminal and ftp i had numerous hack attempts. Trying to get access. They were using userames like admin and generic passwords. is that normal for everyone to see those actvities showing up?


---
þ Synchronet þ Wizards Realm

Re: Hack Attempts - Is it normal?
By: cheartsdale to All on Tue Jul 17 2012 08:17:09

After several years on backup. I decided to take out my BBS again and turn on. I left it on overnight and when i woke up in the morning, i noticed on web, terminal and ftp i had numerous hack attempts. Trying to get access. They were using userames like admin and generic passwords. is that normal f everyone to see those actvities showing up?

Prettymuch the norm.... there are piles of automated hackers (bots)
running around out there... scanning IP addresses all day long looking
for stuff to pop up and become active. Once an active IP is found they
port scan it to see what sockets are listening.

When they see common stuff like 21, 22, 23, etc (ftp,ssh,telnet) running
they fire off automated login attempts trying common admin user ID's and common passwords.

IT's friggen annoying. So all the more reason to make sure you use good passwords on stuff. And possibly a firewall that can notice hack
attempts and block automatically.

One th ing that will keep a bunch of bots away tho is to simply disable
ICMP echo responses (block ping). Most bots if they can't ping an IP
will just give up. Now that doesn't work against someone activly trying
to hack you specifically... just prevents a bunch of the automated stuff
from hassling you.

--Chris

------------------------------------------
| Chris Trainor - FleetHQ BBS
| telnet://bbs.fleethq.org
| http://www.facebook.com/FleetHQ
| +1-401-949-0465 (V.34/HST/CrankyAtTimes) ------------------------------------------

---
þ Synchronet þ FleetHQ BBS - Greenville, RI

Re: Hack Attempts - Is it normal?
By: cheartsdale to All on Tue Jul 17 2012 08:17 am

on. I left it on overnight and when i woke up in the morning, i noticed on web, terminal and ftp i had numerous hack attempts. Trying to get access. They were using userames like admin and generic passwords. is that normal f everyone to see those actvities showing up?

I see them all the time. Makes me wonder what someone could do with a non-priveliged BBS user ID/pass.

---
þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org

Re: Hack Attempts - Is it normal?
By: cheartsdale to All on Tue Jul 17 2012 08:17:09

After several years on backup. I decided to take out my BBS again and turn on. I left it on overnight and when i woke up in the morning, i noticed on web, terminal and ftp i had numerous hack attempts. Trying to get access. They were using userames like admin and generic passwords. is that normal f everyone to see those actvities showing up?

Yes, very normal. Kind of a fact of life on the internet today (actually has been for some time, in my experience.) It's generally nothing to worry about, but if one particular address is hammering away at you, you should be able to filter it out (see ip.can.)

See http://wiki.synchro.net/howto:hardening if you're really concerned. Disallow users from relaying mail through your system. Stuff like that will minimize your risk, such as it is.

echicken
electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

Re: Hack Attempts - Is it normal?
By: cheartsdale to All on Tue Jul 17 2012 08:17:09

After several years on backup. I decided to take out my BBS again and turn on. I left it on overnight and when i woke up in the morning, i noticed on web, terminal and ftp i had numerous hack attempts. Trying
to get access. They were using userames like admin and generic
passwords. is that normal f everyone to see those actvities showing up?

echicken
electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

I just implemented a web application firewall and proxy server that looks for these kinds of activities. I have noticed several attempts that were put to rest by the WAF. I use Apache2 with ModSecurity and crs rules.
Does anybody have any experience with this or good advice in it's use in
actual practice?


Thanks



A life devoid of integrity and fairness is no life at all!
MGH AKA Jeff Clayton

---
þ Synchronet þ DOVE.net:SciNet:ILink: Seven Kilns Of Enshiu BBS

Re: Hack Attempts - Is it normal?
By: Nightfox to Poindexter Fortran on Mon Jul 23 2012 12:31 pm

I see them all the time. Makes me wonder what someone could do with a non-priveliged BBS user ID/pass.

I have wondered the same thing. Not many people these days even know what
a BBS is (and some might not care anyway), and I wonder what they really expect to do if they were to actually gain access to one of our BBSs.

Mostly, relay SPAM (using SMTP) and store/share files (FTP).

digital man

Synchronet "Real Fact" #12:
Synchronet was the first BBS software to ship with internal QWK networking. Norco, CA WX: 82.2øF, 46.0% humidity, 20 mph WNW wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

On 7/17/2012 1:18 PM, Chris Trainor wrote:> Re: Hack Attempts - Is it normal?

One th ing that will keep a bunch of bots away tho is to simply disable
ICMP echo responses (block ping). Most bots if they can't ping an IP
will just give up. Now that doesn't work against someone activly trying
to hack you specifically... just prevents a bunch of the automated stuff from hassling you.

How about something like redirect them back to themselves? :)


--

4 Mindless Automaton Artifact Creature - Construct 0/0
(Artifact Rare)
Mindless Automaton comes into play with two +1/+1 counters on it. 1,
Discard a card: Put a +1/+1 counter on Mindless Automaton. Remove two
+1/+1 counters from Mindless Automaton: Draw a card.
---
þ Synchronet þ Eldritch Clockwork BBS - eldritch.darktech.org

RE: Hack Attempts - Is it normal?
BY: "cheartsdale" <cheartsdale@PORTWIZ>

After several years on backup. I decided to take out my BBS again and
turn it
on. I left it on overnight and when i woke up in the morning, i
noticed on
web, terminal and ftp i had numerous hack attempts. Trying to get
access.
They were using userames like admin and generic passwords. is that
normal for
everyone to see those actvities showing up?

I see the same thing all the time. Just make sure your system is fairly well locked down and you chould be fine. What I actually did on my FTP server was create an account called Administrator with a super easy password and locked it down to a folder which has nothing but read only access to a few text files about the Commodore C64. I think I even changed my FTP banner to show something silly.
Naturally, the first thing I always do when setting up a server is change the admin account name to something quite random and apply a very (relatively) strong password.



Origin: Skulls & Crossbones - telnet://skulls.sytes.net

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

I see the same thing all the time. Just make sure your system is fairly
well locked down and you chould be fine. What I actually did on my FTP server was create an account called Administrator with a super easy
password and locked it down to a folder which has nothing but read only

I remove all accounts with admin or administrator and don't even use that login.
Wrote a script, when the BBS does it's maintenance it scans the log files, and if a IP attempts to login with admin, more then 4 times the IP is placed in
the ban list.

Since I don't use the admin user name, no reason anyone should be trying to
use it.











PhantomRage Studios BBS!

---
þ Synchronet þ PhantomRage Studios: Telnet://phantomrage.org