does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)
Hi,
does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)
Hi,
does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)
Thank you!
Regards,
Anna
Re: CAPTCHA mod or something like that
By: acn to All on Sat Jan 15 2022 07:45 pm
does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)
I wrote one for my BBS for the new user process, but I haven't made it available for download.
... but it sort of begs the question: why? A bot is disconnected pretty quickly with the default configuration, I think it's 30 seconds of no ANSI or other inactivity?
Re: CAPTCHA mod or something like that
By: Digital Man to acn on Sat Jan 15 2022 01:21 pm
... but it sort of begs the question: why? A bot is disconnected pretty quickly with the default configuration, I think it's 30 seconds of no ANSI or other inactivity?
well i've seen bots have multiple instances and use up all the nodes. blocking them when they fail a challenge works pretty well.
Setting MaxConcurrentConnections = 1 or 2 works pretty well too.
*I* wouldn't want to block an IP address from future connections just because the user was having issues with their terminal and couldn't send the right response to a challenge.
Hi *,
thank your for the suggestions.
DMs idea about the 2-liner sounds nice, that really is the easiest idea.
I think I'll try that as a first solution.
The reason why I would like something like that is that I hope that bots who try some username/password combinations on "login:" prompts might be stopped from doing that if something else has to be done before the "login:" prompt appears.
Maybe I will write failed login attempts into a separate logfile that fail2ban can take into account to ban such 'hackers' for 10 minutes.
Have you read this? https://wiki.synchro.net/howto:block-hackers
Waiting for someone to hit ESC in your login module would be just a couple lines of JS code. Something like:
print("Press ESC to login...");
while(bbs.online && console.getkey(K_NOECHO) != KEY_ESC);
(K_NOECHO is defined in sbbsdefs.js and KEY_ESC is defined in key_defs.js)
Hi DM,
Waiting for someone to hit ESC in your login module would be just a couple lines of JS code. Something like:
print("Press ESC to login...");
while(bbs.online && console.getkey(K_NOECHO) != KEY_ESC);
(K_NOECHO is defined in sbbsdefs.js and KEY_ESC is defined in key_defs.js)
I've tried adding these lines to the top of login.js (copied to mods/), just before "bbs.logout()".
But this is displayed *after* answer.msg/banner1.msg...
Would it have any side-effects if I remove answer.msg/banner1.msg and let them get displayed at the beginning of login.js after the "Press ESC to login" message?
Hi,
Have you read this? https://wiki.synchro.net/howto:block-hackers
Yes, I have - and I think I enabled the suggested options in my setup.
But an additional line of defense couldn't be that bad :)
Regards,
Anna
Another way to do that would be to add at the top of your banner*.msg file: @exec:yourmod@ (EXEC in uppercase)
then create exec/yourmod.js with those lines you want to execute before the body of the banner (and answer.* file) is displayed.
Hi,
Another way to do that would be to add at the top of your banner*.msg file: @exec:yourmod@ (EXEC in uppercase)
then create exec/yourmod.js with those lines you want to execute before the body of the banner (and answer.* file) is displayed.
Thank you very much for that hint!
It's working :)
Now I can tweak my 'yourmod' file a little :)
Now I can tweak my 'yourmod' file a little :)Yes, and you can name it whatever you like. :-)
Setting MaxConcurrentConnections = 1 or 2 works pretty well too.
*I* wouldn't want to block an IP address from future connections just
because the user was having issues with their terminal and couldn't send the >> right response to a challenge.
i give them a couple of tries. who has problems with their terminals?
On 1/15/22 18:23, Digital Man wrote:
Setting MaxConcurrentConnections = 1 or 2 works pretty well too.
Oh yeah... you may want to bump the default to 3 or 4 on your FTP config.
I was trying to download the bbsfiles.com archive from your server, and
even when I dropped my max connections to 1 at a time, there were still issues when doing PASV downloads against a queue of files to download.
*I* wouldn't want to block an IP address from future connections just
because the user was having issues with their terminal and couldn't send the >> right response to a challenge.
i give them a couple of tries. who has problems with their terminals?
People developing or testing a new terminal application for one.
Tracker1 wrote to MRO <=-
*I* wouldn't want to block an IP address from future connections just
because the user was having issues with their terminal and couldn't send the
right response to a challenge.
i give them a couple of tries. who has problems with their terminals?
People developing or testing a new terminal application for one.
People developing or testing a new terminal application for one.
How many people do you suppose are doing that?
Let's say just in North America. One, or two?
People developing or testing a new terminal application for one.
How many people do you suppose are doing that?
Well, I've been using the new MS terminal for a while now (in Windows), and Tabby on Mac and Linux. I also use the VS Code terminal a lot.
People developing or testing a new terminal application for one.
How many people do you suppose are doing that?
Well, I've been using the new MS terminal for a while now (in
Windows), and Tabby on Mac and Linux. I also use the VS Code
terminal a lot.
Are you saying you're running telnet from the Microsoft Windows
Terminal app to connect to BBSes?
Sysop: | Xerxes |
---|---|
Location: | Azle, Texas |
Users: | 131 |
Nodes: | 10 (0 / 10) |
Uptime: | 85:43:35 |
Calls: | 3,190 |
Calls today: | 1 |
Files: | 195 |
U/L today: |
0 files (0K bytes) |
D/L today: |
0 files (0K bytes) |
Messages: | 366,067 |
Posted today: | 0 |