Anyone else get a pile of these connections that don't register or login? The audit trail is filled with these, every 2 to 4 minutes and all are close IP's to each other, I assume the dup. IP addon is only good for when people actually logon. Too bad or is their a way to grab their IP and the first thing they see is something like " Your IP is 24.xx.xx.xx" Please register or login.
I have no idea what these people are up too, guess I could search out the ip and report to their isp... but i know how some of those asian pacific networks work, having done this route with different forums I have run in the past.
Telnet Call Accepted
Moderator: Mod Squad
Re: Telnet Call Accepted
could be a web spider looking over your site.Montroze wrote:Anyone else get a pile of these connections that don't register or login? The audit trail is filled with these, every 2 to 4 minutes and all are close IP's to each other, I assume the dup. IP addon is only good for when people actually logon. Too bad or is their a way to grab their IP and the first thing they see is something like " Your IP is 24.xx.xx.xx" Please register or login.
I have no idea what these people are up too, guess I could search out the ip and report to their isp... but i know how some of those asian pacific networks work, having done this route with different forums I have run in the past.
How long have you been having these connection attempts? I show no such activity on my system (other than actual account logons).Montroze wrote:But every minute or 2, just connect an drop off.
23:44
23:45
23:45
23:46
23:47
23:49
23:50
23:52
23:52
This is the last bunch all from the same IP. ?
This is just whats seen on the server screen without scrolling up to a pile of others.
Sysop of QuickSilver MBBS
http://www.quicksilvermbbs.com
http://www.hashhouse.net
http://www.dataware.info
http://informationware.com
http://www.quicksilvermbbs.com
http://www.hashhouse.net
http://www.dataware.info
http://informationware.com
Well if its telnet, it could just be someone who forgot to load their character information so megamud will keep reconnecting every couple minutes but never sign in cause they never added the username/password for that dupe. Once in a while I'll get a player who does that and see hundreds of entries...
do you have another account logging on from that IP? Might be easy to see if its a user already who just screwed up their setup.
being telnet though, its not going to be a web crawler... could just a virus on someone elses machines in another country trying your block of ip addresses telneting into each port trying to send text commands if they receive certain prompts... at least the worldgroup telnet keeps you immune from most issues there.
if it keeps going and you don't like it, you can always add them to the "denied ip file" so the connection will be refused by the bbs... under security and accounting and tcp/ip settings you should have a "HOSTDENY" file you can name... then add ip addresses to block. (well at least in my wg3.2)
otherwise if you want to keep them from even touching worldgroup you could setup a new policy in your firewall program (windows firewall?) and block all TCP connections on port 23 (or all ports) from a certan IP range or single IP... then they won't even get a chance to hit worldgroup. (or if you have a router that supports ip blocking even better)
P.S. if its consistent with reconnecting... you could just emulate the next channel open which it will connect to, and see if its sending any data at all or just a dead telnet connection doing nothing... set your mind at ease... maybe its just sending carriage returns trying to get a prompt it recognizes, or maybe its sending stuff and needs to be blocked.
do you have another account logging on from that IP? Might be easy to see if its a user already who just screwed up their setup.
being telnet though, its not going to be a web crawler... could just a virus on someone elses machines in another country trying your block of ip addresses telneting into each port trying to send text commands if they receive certain prompts... at least the worldgroup telnet keeps you immune from most issues there.
if it keeps going and you don't like it, you can always add them to the "denied ip file" so the connection will be refused by the bbs... under security and accounting and tcp/ip settings you should have a "HOSTDENY" file you can name... then add ip addresses to block. (well at least in my wg3.2)
otherwise if you want to keep them from even touching worldgroup you could setup a new policy in your firewall program (windows firewall?) and block all TCP connections on port 23 (or all ports) from a certan IP range or single IP... then they won't even get a chance to hit worldgroup. (or if you have a router that supports ip blocking even better)
P.S. if its consistent with reconnecting... you could just emulate the next channel open which it will connect to, and see if its sending any data at all or just a dead telnet connection doing nothing... set your mind at ease... maybe its just sending carriage returns trying to get a prompt it recognizes, or maybe its sending stuff and needs to be blocked.
Re: Telnet Call Accepted
only on my smtp server where programs are sniffing for a way to send their spam emails, nothing on port 23 though, an occasional burst of connections on port 80 and 79.Montroze wrote:Anyone else get a pile of these connections that don't register or login? The audit trail is filled with these, every 2 to 4 minutes and all are close IP's to each other, I assume the dup. IP addon is only good for when people actually logon. Too bad or is their a way to grab their IP and the first thing they see is something like " Your IP is 24.xx.xx.xx" Please register or login.
I have no idea what these people are up too, guess I could search out the ip and report to their isp... but i know how some of those asian pacific networks work, having done this route with different forums I have run in the past.
This has been going on for a good month or so, I did have a problem a couple of years ago with the said Majormud client trying to connect, but I knew the ladies that were playing mud back then, and know the 3 or 4 that play mud pretty regular. Running wg2.0 DOS, so not sure if I can block, but will look into that option.
Got another full screen, and looked up the ip's
Oyster Bay - new york
chicago Ill.
Newyork city new york
worcester mass.
I sometimes see a login but by the time I try to emulate they have dropped off and their is no typing shown in the Monitor option.
Got another full screen, and looked up the ip's
Oyster Bay - new york
chicago Ill.
Newyork city new york
worcester mass.
I sometimes see a login but by the time I try to emulate they have dropped off and their is no typing shown in the Monitor option.
Yes that option is in WG2.0 also, so I take it I make a file called deny.txt and drop that into the BBS directory and it will be found or do I have to add the path c:\wgserv\deny.txtIceman wrote:
under security and accounting and tcp/ip settings you should have a "HOSTDENY" file you can name... then add ip addresses to block. (well at least in my wg3.2)
Yeah just the file name worked, I took the top ten with 10 or more logins and put them in the file, was good all night, well from 9-midnight. Most likely have to add more today. Not sure if these can be wildcarded, but just a few as my IP starts with 24. also. Thats where most of the offenders IP's are from also, but in US locations.