Subj : Re: Hacker making all Mystic nodes "BUSY"
To   : Gandalf
From : Warpslide
Date : Tue Feb 14 2023 03:18 am

On 13 Feb 2023, Gandalf said the following...

Ga> Greetings and Salutations!  I am having an issue with a hacker who trys
Ga> to crack my system password eventually making all of my nodes busy so
Ga> that users cannot login.

Ga> something I can do other than removing the system password prompt to
Ga> keep this from happening?

Check out botcheck.mps in your mystic/themes/default/scripts directory:

[ begin quote botcheck.mps ]
BOTCHECK.MPS: Example script to force users to immediately press ESCAPE
             twice upon connection within 15 seconds or else their
             connection will be closed.

To install: Copy this as "connect.mps" in your theme's script directory
and then use MPLC to compile it (mplc -T will compile all theme scripts)
[ end quote botcheck.mps ]

You may want to paste this in right after "Begin" in the script:
 If ACS('OS') Then break

This will skip asking people to press ESC twice if they connect via SSH as they'd already be authenticated.


I have this in place along with blocking a bunch of countries with iptables:

ipset create block4 hash:net
ipset create block6 hash:net family inet6
iptables -A INPUT -m set --match-set block4 src -j DROP
iptables -A OUTPUT -m set --match-set block4 dst -j DROP
ip6tables -A INPUT -m set --match-set block6 src -j DROP
ip6tables -A OUTPUT -m set --match-set block6 dst -j DROP


[ begin geoip.sh ]
#!/bin/bash
tmpdir=`mktemp -d`
cd $tmpdir

countries=("ru" "ua" "by" "bg" "br" "cn" "hk" "kr" "kp" "ir")

for i in ${countries[@]}; do
 curl -f -s -k https://www.ipdeny.com/ipblocks/data/aggregated/$i-aggregated.zone >>  block4.zone
 curl -f -s -k https://www.ipdeny.com/ipv6/ipaddresses/aggregated/$i-aggregated.zone >>  block6.zone
done

ipset flush
for i in $( cat block4.zone ); do ipset -A block4 $i; done
for i in $( cat block6.zone ); do ipset -A block6 $i; done

ipset save > /etc/iptables/ipsets

rm -f $tmpdir/*
rmdir $tmpdir
[ end geoip.sh ]


Jay

... When cheese gets its picture taken, what does it say?

--- Mystic BBS v1.12 A49 2023/01/27 (Linux/64)
* Origin: Northern Realms | bbs.nrbbs.net | 289-424-5180 (21:3/110)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.