Re: bots // Adobe After Effects Crack
By: John Dovey to Digital Man on Wed Jul 06 2022 06:42 pm

2. Either don't allow new-user registrations via HTTP or give new

users DM> a network-posting restriction

--

I've set new users to 10 and access to all msg groups to >= 51

Hopefully, that will prevent future problems.

Hm... I'm not sure how well that'll work. Do you expect new users to actually be able to *use* the BBS with no access to any message groups?

Restricting *posting* privileges to networked-groups only is all that was needed and you can do that with a simple restriction flag: http://wiki.synchro.net/access:restrictions --
digital man (rob)

At this point, I just wanted to stop any possibility of further issues.
I'll work on easing this more.
JD
--- AfterShock/Android 1.6.8
* Origin: Firecat Mobile (4:920/1.1)
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

Re: bots // Adobe After Effects Crack
By: MRO to Nightfox on Thu Jul 07 2022 11:06 pm

Also, I remember some sysops running vBulletin who had a spam problem
due to users (or bots) posting on the vBulletin interface. Same issue
as with ecwebv4 or the Runemaster web interface for Synchronet.

who was that? i only know of you, me and hax0r from unknownrealm running vbulletin with the nntp hack. if you have your shit wide open, of course you are going to have spam bots.

I don't remember who it was coming from at the time. I remember cr1mson (Jon Justvig) was also running vBulletin for a while too, years ago.

Nightfox

---
� Synchronet � Digital Distortion: digitaldistortionbbs.com

Re: bots // Adobe After Effects Crack
By: John Dovey to Digital Man on Wed Jul 06 2022 06:42 pm

I've set new users to 10 and access to all msg groups to >= 51

Hopefully, that will prevent future problems.

I had some similar issues on Valhalla, with some of the kids registering and posting spam to the messgae base. MRO cought that and alerted me. I still didn't want to punish the 90% to 95% good users that register for a few childish brats. I also looked back in my user base, and found that same person registered with many different names. I solved this issue with 2 steps, and was able to leave the system wide open to honest users.

1 - I stopped the registration process from my web sight, and now you can only regester by using the ftelnet window or by telnetting in to the actual bbs site.

2 - Implemented a email verification system. I figured if you were able to supply a valid email, you would behave yourself and be welcome.

So far, it's done the trick.

SysOp: C.G. Learn, AKA: DesotoFireflite
Valhalla Home Services! - (Synchronet) - bbs.valhallabbs.com:23
A Gamers Paradise - Over 250 Registered Online Game Doors!

--- Don't eat the yellow snow!
� Synchronet � Valhalla Home Services � USA � http://valhalla.synchro.net

Re: bots // Adobe After Effects Crack
By: DesotoFireflite to John Dovey on Fri Jul 08 2022 03:21 pm

posting spam to the messgae base. MRO cought that and alerted me. I still didn't want to punish the 90% to 95% good users that register for a few childish brats. I also looked back in my user base, and found that same person registered with many different names. I solved this issue with 2 steps, and was able to leave the system wide open to honest users.

so did you check the ip address and what email address service were they using? some throw away one?

i've been trying to look for forums that are talking about how easy synchronet bbses are to compromise, but havent found anything yet.
---
� Synchronet � ::: BBSES.info - free BBS services :::

Re: bots // Adobe After Effects Crack
By: MRO to DesotoFireflite on Fri Jul 08 2022 11:53 pm

Re: bots // Adobe After Effects Crack
By: DesotoFireflite to John Dovey on Fri Jul 08 2022 03:21 pm

posting spam to the messgae base. MRO cought that and alerted me. I
still didn't want to punish the 90% to 95% good users that register
for a few childish brats. I also looked back in my user base, and
found that same person registered with many different names. I solved
this issue with 2 steps, and was able to leave the system wide open to
honest users.

so did you check the ip address and what email address service were they using? some throw away one?

No, not this time, but I based it on the info in the user database, and how they all used the same email address and the near likeness of the username. they didn't even try to hide the fact it was the same user. Next time I will check the log, just forgot this time.

i've been trying to look for forums that are talking about how easy synchronet bbses are to compromise, but havent found anything yet.

Great, I following this tread closely, as this affects us all.

SysOp: C.G. Learn, AKA: DesotoFireflite
Valhalla Home Services! - (Synchronet) - bbs.valhallabbs.com:23
A Gamers Paradise - Over 250 Registered Online Game Doors!

---
� Synchronet � Valhalla Home Services � USA � http://valhalla.synchro.net

Yup, that's already the default for ecWeb per http://wiki.synchro.net/config:w
v4

; Allow new users to register via the web interface (default: no) user_registration = false

If you don't allow web registrations, is there a screen that will give the
user instructions on how to register so they can access the web interface?

Back when a certain fidonet board went down, there were a bunch of users looking for a new place to read the COOKING echo. I was really surprised
that several of them only knew "how to BBS" via a web interface. Getting
legit users like that to register via another means without instruction
would be difficult.


* SLMR 2.1a * Boss spelled backwards is "double SOB".

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: bots // Adobe After Effec
By: Dumas Walker to DIGITAL MAN on Sun Jul 10 2022 02:48 pm

Back when a certain fidonet board went down, there were a bunch of users looking for a new place to read the COOKING echo. I was really surprised that several of them only knew "how to BBS" via a web interface. Getting legit users like that to register via another means without instruction would be difficult.

yeah i know there's a few people that are like that. i'm not sure who brought them in. they could always use a newsreader program with synchronet.

i'm not sure if they were even using synchronet and using some other web inteface like ozzmosis.
---
� Synchronet � ::: BBSES.info - free BBS services :::

Re: bots // Adobe After Effec
By: Dumas Walker to DIGITAL MAN on Sun Jul 10 2022 02:48 pm

Yup, that's already the default for ecWeb per http://wiki.synchro.net/config:w
v4

; Allow new users to register via the web interface (default: no) user_registration = false

If you don't allow web registrations, is there a screen that will give the user instructions on how to register so they can access the web interface?

So long as the BBS has a "guest" account, ecWeb still allows access to the web interface without authenticating. Guest's normally cannot post messages, so while they can still browse/read without authenticating, they cannot post messages (e.g. SPAM).

Back when a certain fidonet board went down, there were a bunch of users looking for a new place to read the COOKING echo. I was really surprised that several of them only knew "how to BBS" via a web interface. Getting legit users like that to register via another means without instruction would be difficult.

ecWeb is very extensible, so the sysop can add additional instruction text or pages, as they see fit, very easily.
--
digital man (rob)

Rush quote #37:
Ignorance and prejudice and fear go hand in hand
Norco, CA WX: 78.8�F, 52.0% humidity, 3 mph E wind, 0.00 inches rain/24hrs
---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

On 7/7/22 08:14, DaiTengu wrote:

I had that problem a few years back. I disallowed HTTP registrations.

I thought about allowing HTTP users to register, and then putting them
into a separate security group to be manually validated with access to
post locally only, but it just didn't seem worth it, and I wasn't sure
if I could segregate HTTP registrations off from regular BBS signups.

Should be super easy to change the security level for new HTTP users.
Should also be easy enough to integrate an email validation for both
telnet and internet users. Working on doing an email and sms validation before being able to create an account, and having users login with
their registered email address.

That said, using say 40 for new user security level vs. 50 should be a
pretty easy edit on ecweb or the older runescape web.
--
Michael J. Ryan - [email protected]
---
� Synchronet � Roughneck BBS - roughneckbbs.com

On 7/7/22 13:40, DaiTengu wrote:

Honestly it probably would have been easier to create some kind of
database bridge between SMB and MySQL

Would love something like that myself... though PostgreSQL (can't stand MySQL).
--
Michael J. Ryan - [email protected]
---
� Synchronet � Roughneck BBS - roughneckbbs.com

On 7/7/22 21:06, MRO wrote:

vBulletin is just another web interface though, isn't it?

yeah but it's good and it's not slow. the synchronet web interface is
slow usually. vbulletin is just better all around.

I think that's mostly down to Synchronet's access model for data, you
can largely work around those issues with a good caching proxy in front
of it. Some refactoring of the UI/API access and some form of caching
service would be really helpful, but a lot of work.

Not sure if it's feasible to have the SMB index in memory at the service level, that would probably boost web and nntp access quite a bit. Beyond
that would be a request for a given

who was that? i only know of you, me and hax0r from unknownrealm
running vbulletin with the nntp hack. if you have your shit wide
open, of course you are going to have spam bots.

this spamming on the synchronet web interface seems to be a lot more prominent now. like i said, i think someone knows about synchronet
and created a kiddy script for it.

Probably... there's a lot of spam that gets into echojs.com, but I try
to clean it up at least once a day.
--
Michael J. Ryan - [email protected]
---
� Synchronet � Roughneck BBS - roughneckbbs.com