| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
| howto:block-hackers [2023/03/14 15:00] – [Denial of Service] Add a section about dumb bot/terminal inactivity detection and issues with 3rd party login mods digital man | howto:block-hackers [2023/12/17 21:53] – [Auto-Blocking] From Permanent to Persistent digital man |
|---|
| ====== Blocking "Hackers" ====== | ====== Blocking "Hackers" ====== |
| ===== Definition of "Hacker" ===== | ===== Definition of "Hacker" ===== |
| For the purpose of this article, the term "hacker" ((Yes, I know there are alternative definitions of Hacker: http://www.mithral.com/~beberg/hacker.html)) refers to automated systems which attempt to login to your Synchronet TCP/IP servers and services using common, well-known, or randomly selected credentials (user names and passwords). These "hackers" are usually not humans sitting at keyboards, typing names and passwords, but rather automated systems (e.g. scripts, a.k.a "robots") which scan the Internet looking for systems with user accounts with guessable credentials and/or known vulnerabilities in their system software. Sort of like a modern version of "[[wp>War Dialing]]". | For the purpose of this article, the term "hacker" ((Yes, I know there are alternative definitions of Hacker: http://www.mithral.com/~beberg/hacker.html)) refers to automated systems which attempt to login to your Synchronet TCP/IP servers and services using common, well-known, or randomly selected credentials (user names and passwords). These "hackers" are usually not humans sitting at keyboards, typing names and passwords, but rather automated systems (e.g. scripts, a.k.a "robots") which scan the Internet looking for systems with user accounts with guessable credentials and/or known vulnerabilities in their system software. Sort of like a modern version of "[[wp>Wardialing]]". |
| |
| ===== The Risk ===== | ===== The Risk ===== |
| The default configuration (in ''[[dir:ctrl]]/[[config:sbbs.ini]]'') contains //no// concurrent-connections limit (i.e. ''**MaxConcurrentConnections=0**''). | The default configuration (in ''[[dir:ctrl]]/[[config:sbbs.ini]]'') contains //no// concurrent-connections limit (i.e. ''**MaxConcurrentConnections=0**''). |
| |
| This protection mechanism was introduced in Synchronet v3.17 (November, //Italic Text//2016). | This protection mechanism was introduced in Synchronet v3.17 (November, 2016). |
| |
| === Inactivity === | === Inactivity === |
| - Can create an entry in the ''[[dir:data]]/hack.log'' file to notify the system operator(s) of the suspicious activity (default: after 10 failed login attempts, see [[config:sbbs.ini|LoginAttemptHackThreshold]]) | - Can create an entry in the ''[[dir:data]]/hack.log'' file to notify the system operator(s) of the suspicious activity (default: after 10 failed login attempts, see [[config:sbbs.ini|LoginAttemptHackThreshold]]) |
| - Can temporarily ban (block connections) from an attacking IP address after a configurable number of failed login attempts (default: after 20 failed login attempts, duration: 10 minutes, see [[config:sbbs.ini|LoginAttemptTempBanThreshold]] and [[config:sbbs.ini|LoginAttemptTempBanDuration]]) | - Can temporarily ban (block connections) from an attacking IP address after a configurable number of failed login attempts (default: after 20 failed login attempts, duration: 10 minutes, see [[config:sbbs.ini|LoginAttemptTempBanThreshold]] and [[config:sbbs.ini|LoginAttemptTempBanDuration]]) |
| - Permanently block all future connections from the attacking IP address by adding an entry to the ''[[dir:text]]/[[config:ip.can]]'' file (default: disabled, see [[config:sbbs.ini|LoginAttemptFilterThreshold]]) | - Persistently block all future connections from the attacking IP address by adding an entry to the ''[[dir:text]]/[[config:ip.can]]'' file (default: disabled, see [[config:sbbs.ini|LoginAttemptFilterThreshold]]) |
| - Limit the number of concurrent connections to the Terminal Server from a common host/client IP address (default: disabled, see [[config:sbbs.ini|MaxConcurrentConnections]]) | - Limit the number of concurrent connections to the Terminal Server from a common host/client IP address (default: disabled, see [[config:sbbs.ini|MaxConcurrentConnections]]) |
| |
| Note: Setting the Temp Ban Threshold to 0 will disable temporary bans based on failed login attempt counters, but a failed login with a blocked name (from ''[[dir:text]]/name.can'') will still result in an immediate temporary ban, regardless of the Temp Ban Threshold value. | Note: Setting the Temp Ban Threshold to 0 will disable temporary bans based on failed login attempt counters, but a failed login with a blocked name (from ''[[dir:text]]/name.can'') will still result in an immediate temporary ban, regardless of the Temp Ban Threshold value. |
| |
| === Permanent Filtering === | === Persistent Filtering === |
| |
| To permanently block future connections from an IP address that has performed multiple consecutive failed login attempts: | To persistently block future connections from an IP address that has performed multiple consecutive failed login attempts: |
| * In the Synchronet Control Panel for Windows, set File->Properties->Security->Failed Login Attempts->Perm Filter Threshold value... (used to be called "IP Filter Threshold") | * In the Synchronet Control Panel for Windows, set File->Properties->Security->Failed Login Attempts->Perm Filter Threshold value... (used to be called "IP Filter Threshold") |
| * or edit your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file and set the ''LoginAttemptFilterThreshold'' value... | * or edit your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file and set the ''LoginAttemptFilterThreshold'' value... |
