1. Forum
  2. FidoNet Int
  3. bbbs.english

  • Script to monitor for telnet bots

    From Sean Rima@2:263/1 to All on Fri Feb 7 13:01:26 2025
    Has anyone got a script that scans log0 for repeated offenders trying telnet, ftp etc

    I have been checking some of the repeaters on my logs against abuseipdb and adding them to the blocked section of inet

    Sean


    ... BBBS: https://binkd.rima.ie

    --- BBBS/LiR v4.10 Toy-7
    * Origin: BBS - https://bbs.rima-iot.eu/ binkd - binkd.rima.ie (2:263/1)
  • From Wilfred van Velzen@2:280/464 to Sean Rima on Fri Feb 7 15:53:48 2025
    Hi Sean,

    On 2025-02-07 13:01:26, you wrote to All:

    Has anyone got a script that scans log0 for repeated offenders trying telnet, ftp etc

    I have been checking some of the repeaters on my logs against abuseipdb and
    adding them to the blocked section of inet

    Checkout fail2ban...


    Bye, Wilfred.

    --- FMail-lnx64 2.3.2.4-B20240523
    * Origin: FMail development HQ (2:280/464)
  • From Sean Rima@2:263/1 to Wilfred Van Velzen on Fri Feb 7 17:13:14 2025
    Hi Sean,
    On 2025-02-07 13:01:26, you wrote to All:
    Has anyone got a script that scans log0 for repeated offenders trying
    telnet, ftp etc
    I have been checking some of the repeaters on my logs against abuseipdb
    and
    adding them to the blocked section of inet
    Checkout fail2ban...
    Bye, Wilfred.

    Not sure it works with bobs, would be handy as I thought of it

    Sean

    --- BBBS/LiR v4.10 Toy-7
    * Origin: BBS - https://bbs.rima-iot.eu/ binkd - binkd.rima.ie (2:263/1)
  • From Wilfred van Velzen@2:280/464 to Sean Rima on Fri Feb 7 23:06:31 2025
    Hi Sean,

    On 2025-02-07 17:13:14, you wrote to me:

    Has anyone got a script that scans log0 for repeated offenders trying
    telnet, ftp etc I have been checking some of the repeaters on my logs
    against abuseipdb and adding them to the blocked section of inet

    Checkout fail2ban...

    Not sure it works with bobs, would be handy as I thought of it

    You will have to figure out a filter specific for bbbs, but there is no reason it can't work...

    Bye, Wilfred.

    --- FMail-lnx64 2.3.2.4-B20240523
    * Origin: FMail development HQ (2:280/464)
  • From Kim Heino@2:222/2 to Sean Rima on Fri Feb 7 19:07:10 2025
    Has anyone got a script that scans log0 for repeated offenders trying telnet, ftp etc

    I'm using rate limiting on my firewall and block too many connections there. It's better than inet.bbb and I've had zero problems with bots.

    My choice for firewall is Foomuuri: https://github.com/FoobarOy/foomuuri

    Example config:

    macro {
    bbbs_rate saddr_rate "1/minute burst 2" saddr_rate_name bbbs_limit
    }

    public-localhost {
    ftp bbbs_rate ipv4
    ftp ipv6 reject # bftpd doesn't support IPv6
    ftps bbbs_rate ipv4
    ftps ipv6 reject # bftpd doesn't support IPv6
    telnet bbbs_rate
    tcp 24554 bbbs_rate # BinkP
    ...
    }

    I have been checking some of the repeaters on my logs against abuseipdb and adding them to the blocked section of inet

    Foomuuri can automatically import and refresh external IP-lists for block lists.

    Take a look at fail2ban too. It works nicely with Foomuuri. https://github.com/FoobarOy/foomuuri/issues/9

    --- BBBS/Li6 v4.10 Toy-7
    * Origin: * BCG-Box, On The Air Since 11th February 1987! * (2:222/2)
  • From Sean Rima@2:222/2 to Kim Heino on Fri Feb 7 23:21:24 2025
    Has anyone got a script that scans log0 for repeated offenders trying telnet, >> ftp etc
    I'm using rate limiting on my firewall and block too many connections there. It's better than inet.bbb and I've had zero problems with bots.
    My choice for firewall is Foomuuri: https://github.com/FoobarOy/foomuuri Example config:
    macro {
    bbbs_rate saddr_rate "1/minute burst 2" saddr_rate_name bbbs_limit
    }
    public-localhost {
    ftp bbbs_rate ipv4
    ftp ipv6 reject # bftpd doesn't support IPv6
    ftps bbbs_rate ipv4
    ftps ipv6 reject # bftpd doesn't support IPv6
    telnet bbbs_rate
    tcp 24554 bbbs_rate # BinkP
    ...
    }
    I have been checking some of the repeaters on my logs against abuseipdb and >> adding them to the blocked section of inet
    Foomuuri can automatically import and refresh external IP-lists for block lists.
    Take a look at fail2ban too. It works nicely with Foomuuri. https://github.com/FoobarOy/foomuuri/issues/9

    Thanks, that I think will be a better idea. Need to improve my firewall anyway

    Sean

    --- BBBS/Li6 v4.10 Toy-7
    * Origin: * BCG-Box, On The Air Since 11th February 1987! * (2:222/2)
  • From Sean Rima@2:222/2 to Wilfred Van Velzen on Sat Feb 8 17:03:46 2025
    Wilfred,

    Has anyone got a script that scans log0 for repeated offenders trying
    telnet, ftp etc I have been checking some of the repeaters on my logs
    against abuseipdb and adding them to the blocked section of inet
    Checkout fail2ban...
    Not sure it works with bobs, would be handy as I thought of it
    You will have to figure out a filter specific for bbbs, but there is no reason
    it can't work...

    Will be looking in to it

    Sean

    --- BBBS/Li6 v4.10 Toy-7
    * Origin: * BCG-Box, On The Air Since 11th February 1987! * (2:222/2)
  • From Sean Rima@2:222/2 to Kim Heino on Sun Feb 23 16:55:52 2025
    Kim,

    Has anyone got a script that scans log0 for repeated offenders trying telnet, >> ftp etc
    I'm using rate limiting on my firewall and block too many connections there. It's better than inet.bbb and I've had zero problems with bots.
    My choice for firewall is Foomuuri: https://github.com/FoobarOy/foomuuri Example config:

    I have ordered a new gateway PC 4 ethernet ports to replace the gateway I use for the network here. The built in firewall is somewhat lacking.

    How does it handle vlans as I have 3 or 4 seperate nets here. Maybe a support echo :)

    Sean

    --- BBBS/Li6 v4.10 Toy-7
    * Origin: * BCG-Box, On The Air Since 11th February 1987! * (2:222/2)