The bots have arrived. :/ I'm now watching as my BBS gets taken over by telnet connections, some try to use a username during the matrix menu, others just sit there tieing up the line/node until the 60 second timeout that I imposed. Despite this, I've got a real "squatter" problem to tend to, with two potential solutions - either change my BBS's telnet port off 23 and risk this happening again, or run something like fail2ban to block these connections from repeating.

I've also configured pfSense to only allow 2 concurrent connections, with no more than 5 burst sessions throttling back to 2. This did reduce the issue from happening many times a day to only a couple times a day, but it didn't knock it out. That's where fail2ban comes into play.

The issue I'm encountering is that I have my log level set to Info, and yet I have not found an obvious way to determine "BBS got an incoming connection from IP x.x.x.x". Combining that entry with a line in hack.log and/or hangup.log would make this a breeze. Is there an option I haven't spotted that would either allow this to happen, or allow some kind of logging that fail2ban cuold trap on to detect these kinds of attaacks?

-Winzlo

===
þ The Down-Lo BBS þ bbs.winzlo.com

...A celebrity is a person who is known for his well-knownness.
--- SBBSecho 3.37-Linux
* Origin: The Down-Lo BBS * bbs.winzlo.com (1:154/140)
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: Figuring out a way to leverage fail2ban with terminal services
By: Winzlo to All on Sat May 02 2026 08:57 pm

The bots have arrived. :/ I'm now watching as my BBS gets taken over by telnet connections, some try to use a username during the matrix menu, others just sit there tieing up the line/node until the 60 second timeout that I imposed. Despite this, I've got a real "squatter" problem to tend to, with two potential solutions - either change my BBS's telnet port off 23 and risk this happening again, or run something like fail2ban to block these connections from repeating.

Have you read https://wiki.synchro.net/howto:block-hackers ?

I've also configured pfSense to only allow 2 concurrent connections, with no more than 5 burst sessions throttling back to 2. This did reduce the issue from happening many times a day to only a couple times a day, but it didn't knock it out. That's where fail2ban comes into play.

The issue I'm encountering is that I have my log level set to Info, and yet I have not found an obvious way to determine "BBS got an incoming connection from IP x.x.x.x". Combining that entry with a line in hack.log and/or hangup.log would make this a breeze. Is there an option I haven't spotted that would either allow this to happen, or allow some kind of logging that fail2ban cuold trap on to detect these kinds of attaacks?

Have you read https://wiki.synchro.net/howto:fail2ban ?
--
digital man (rob)

Synchronet/BBS Terminology Definition #75:
SMTP = Simple Message Transfer Protocol
Norco, CA WX: 69.5øF, 63.0% humidity, 8 mph W wind, 0.00 inches rain/24hrs
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: Figuring out a way to leverage fail2ban with terminal services
By: Digital Man to Winzlo on Sat May 02 2026 07:23 pm

Have you read https://wiki.synchro.net/howto:block-hackers ?
Have you read https://wiki.synchro.net/howto:fail2ban ? --

I am ashamed. I'm also miffed at ChatGPT who is supposed to be basing their responses off anything posted there over anything else. <Sigh> All I can say is that I'm sorry for having to get referred right back to the FM of RTFM.

-Winzlo

===
þ The Down-Lo BBS þ bbs.winzlo.com
--- SBBSecho 3.37-Linux
* Origin: The Down-Lo BBS * bbs.winzlo.com (1:154/140)
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: Figuring out a way to leverage fail2ban with terminal services
By: Winzlo to Digital Man on Sat May 02 2026 09:34 pm

Re: Figuring out a way to leverage fail2ban with terminal services
By: Digital Man to Winzlo on Sat May 02 2026 07:23 pm

Have you read https://wiki.synchro.net/howto:block-hackers ?
Have you read https://wiki.synchro.net/howto:fail2ban ? --

I am ashamed. I'm also miffed at ChatGPT who is supposed to be basing their responses off anything posted there over anything else. <Sigh> All I can say is that I'm sorry for having to get referred right back to the FM of RTFM.

No worries!
--
digital man (rob)

Rush quote #55:
He'd like a lover's wings to fly on, to a tropic isle of Avalon .. Digital Man Norco, CA WX: 68.6øF, 65.0% humidity, 7 mph WSW wind, 0.00 inches rain/24hrs ---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: Figuring out a way to leverage fail2ban with terminal services
By: Winzlo to All on Sat May 02 2026 08:57 pm

The bots have arrived. :/ I'm now watching as my BBS gets
taken over by telnet connections, some try to use a username during
the matrix menu, others just sit there tieing up the line/node
until the 60 second timeout that I imposed. Despite this, I've got
a real "squatter" problem to tend to, with two potential solutions

you're running a server on the internet. that's part of the deal.
you will still get attacks if you are on another port.

you can have a word challenge and block them if they fail.
for example everyone that connects on my bbs is blacklisted. if they
solve the challenge that gets removed. this gets the bots that login and do nothing or drop carrier.

private msg me if you want it.
you're wasting your time with pfsense and fail2ban. the whole internet
wants in. only do something if it affects your bbs functionality.


--
"Before using Wildcat....This Company did not have a convenient way of
looking after some of the richest clients in the world...Now we do!"


President of BBS Sysop's Union +++ https://bbses.info/union
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Figuring out a way to leverage fail2ban with terminal services
By: Winzlo to Digital Man on Sat May 02 2026 09:34 pm

I am ashamed. I'm also miffed at ChatGPT who is supposed to be
basing their responses off anything posted there over anything
else. <Sigh> All I can say is that I'm sorry for having to get

chatgpt will confidently say total bullshit.
we even had a bot in here.


--
"Before using Wildcat....This Company did not have a convenient way of
looking after some of the richest clients in the world...Now we do!"


President of BBS Sysop's Union +++ https://bbses.info/union
---
þ Synchronet þ ::: BBSES.info - free BBS services :::