Subj : Block admin and root access attempts
To : nightcrawler
From : Digital Man
Date : Tue Oct 28 2014 05:37 pm
Re: Block admin and root access attempts
By: nightcrawler to Digital Man on Tue Oct 28 2014 09:04 pm
> Re: Block admin and root access attempts
> By: Digital Man to nightcrawler on Mon Oct 27 2014 04:38 pm
>
> DM> Re: Block admin and root access attempts
> DM> By: nightcrawler to All on Sat Oct 25 2014 12:08 am
>
> >> Hey guys.
>
> >> Can someone tell me something I can add to my login script that will
> >> automatically add Ip's to the IP.can file that try to log in as root
> >> or admin. It is becoming a full time job adding all the hack attempt
> >> IP's manually. There was some discussion on the Facebook group about
> >> this, but wasn't given a definitive answer. Also, I figured it would
> >> be more helpful to other Sysops if it was asked and answered on here.
>
> DM> There's an auto-filtering capability built-into Synchronet. See
> DM> "LoginAttemptFilterThreshold" at
> DM>
http://wiki.synchro.net/config:sbbs.ini for details.
>
> DM> digital man
>
> Thanks.
>
> I set the LoginAttemptFilterThreshold to 3, but doesn't seem to be having
> any effect.I've noticed a dozen or more attempts from an IP and it isn't
> being added to the ip.can. Do you have any idea what I am doing wrong?
>
> This is what I have:
>
> LoginAttemptDelay=5000
> LoginAttemptThrottle=1000
> LoginAttemptHackThreshold=3
> LoginAttemptFilterThreshold=3
That looks fine. Are you getting entries in your data/hack.log for these 3+ consecutive login failures from the same IP?
The failed login attempts have to be from the same IP address and consecutive without the BBS being restarted/recycled.
digital man
Synchronet "Real Fact" #24:
The Digital Dynamics company ceased day-to-day opperations in late 1995.
Norco, CA WX: 77.0�F, 48.0% humidity, 6 mph SE wind, 0.00 inches rain/24hrs
---
� Synchronet � Vertrauen � Home of Synchronet � telnet://vert.synchro.net
