BBS: TELESC.NET.BR
Assunto: Figuring out a way to leverage fail2ban with terminal services
De: Digital Man
Data: Sat, 2 May 2026 19:23:51 -0700
-----------------------------------------------------------
hbRenb: hcFiguring out a way to leverage fail2ban with terminal services
bBynb: hcWinzlo bto cAll bon cSat May 02 2026 08:57 pmn
> The bots have arrived. :/ I'm now watching as my BBS gets taken over by
> telnet connections, some try to use a username during the matrix menu,
> others just sit there tieing up the line/node until the 60 second timeout
> that I imposed. Despite this, I've got a real "squatter" problem to tend
> to, with two potential solutions - either change my BBS's telnet port off 23
> and risk this happening again, or run something like fail2ban to block these
> connections from repeating.
Have you read https://wiki.synchro.net/howto:block-hackers ?
> I've also configured pfSense to only allow 2 concurrent connections, with no
> more than 5 burst sessions throttling back to 2. This did reduce the issue
> from happening many times a day to only a couple times a day, but it didn't
> knock it out. That's where fail2ban comes into play.
>
> The issue I'm encountering is that I have my log level set to Info, and yet
> I have not found an obvious way to determine "BBS got an incoming connection
> from IP x.x.x.x". Combining that entry with a line in hack.log and/or
> hangup.log would make this a breeze. Is there an option I haven't spotted
> that would either allow this to happen, or allow some kind of logging that
> fail2ban cuold trap on to detect these kinds of attaacks?
Have you read https://wiki.synchro.net/howto:fail2ban ?
--
HYdigital man n(rob)
Synchronet/BBS Terminology Definition #75:
SMTP = Simple Message Transfer Protocol
Norco, CA WX: 69.5F, 63.0% humidity, 8 mph W wind, 0.00 inches rain/24hrs
n---
mSynchronetn hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net
-----------------------------------------------------------
[Voltar]