As some of you know i am running Hawk's BBSes... ACiD Underworld has been slammed by bots making it unavailable because all of the sessions where occupied. This is now fixed and you can now access the board.

Hey m00p! Was just on Black Flag today, sure love Hawk's BBSes, thanks so much for hosting them. Curious to know how you "stopped the bots .." I'm playing around with Telegard on a standard port and getting hammered by the scanners all day....

|15-|12t|04G
|15www|08.|15theun|07dergrou|08nd|07.|08us|15:|0810023

... I have a really good memory, except it's short.

--- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
* Origin: www.theunderground.us Telnet 10023 SSH 7771 (21:3/165)

You can use my RGBOT program as a front end for TG as well.

Does that work on *nix or just Windows?

Just Windows ... it's a DOS DOOR that was made to load from Net2BBS
or any telnet server and then drops out allowing the batch file it was run from to continue.


... The Bill of Rights: Void Where Prohibited by Law

--- Renegade v1.35/DOS
* Origin: The Titantic BBS Telnet - ttb.rgbbs.info (21:1/144)

You can use my RGBOT program as a front end for TG as well

Ok that sounds lighter weight than using Mystic. Do you have other progra that would run on TG for other purposes? I'd love to check them out.

Nothing really ... RGBOT is basically a glorified door. You will need to use Net2BBS or another telnet server to call it before your BBS in the batch file net2bbs uses.

Any of the other utils are RG specific.

... Radioactive Halibut will make fission chips

--- Renegade v1.35/DOS
* Origin: The Titantic BBS Telnet - ttb.rgbbs.info (21:1/144)

You can use my RGBOT program as a front end for TG as well.

Does that work on *nix or just Windows?

Nope, just windows/dos. It's basically a glorified door game to be run via a telnet server before the bbs loads.

... Sign outside brothel: "On Vacation. Beat it."

--- Renegade v1.35/DOS
* Origin: The Titantic BBS Telnet - ttb.rgbbs.info (21:1/144)

The one issue I have there is that users who come in that way cannot
do any
file transfers from the backend BBS. Did you ever figure out a way
around
that? Most of them don't try so it isn't a big deal but I am curious
how
it might have been addressed if you figured it out.

I wonder if it's because I was just going into another linux BBS that I never noticed this issue. That sounds frustrating as hell, though.

|03--|11[|05esc|13!|05dEMONIC|11]|03--|07

--- DayDream BBS/UNIX (Linux) 2.15a
* Origin: [>mONTEREYbBS.COM>] (21:3/203)

Re: Re: ACiD Underworld
By: The Godfather to m00p on Thu Oct 09 2025 08:50 pm

Howdy,

Hey m00p! Was just on Black Flag today, sure love Hawk's BBSes, thanks so much for hosting them. Curious to know how you "stopped the bots .." I'm playing around with Telegard on a standard port and getting hammered by the scanners all day....

There's probably a couple of things you can do...

* You could change your ports to "less used" ports - it doesnt stop them, but means they need to do more work to find the port you are using. I've never been in favour of this option.

* You could put something like haproxy in front (which is what I do), with haproxy you can use default ports (or not), but put in rules like 1 concurrent connection from the same IP address, 2 connections in the last 60 seconds, add a CIDR list to exclude IP address ranges (although I do this on my firewall).

It doesnt stop them, but sure slows them down.

* Another things I looked at and there are pro's and con's, is having your BBS behind a VPN of sorts. I've played with zerotier and yggdrasil, and then limiting inbound connections from other users who are also inside the VPN.

Sadly, for this to be useful, its almost an all or nothing approach (we all use it or not). Since we are all mostly sysops (and few adhoc users) its doable.


...ëîåï
--- SBBSecho 3.29-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

* You could put something like haproxy in front (which is what I do), with

haproxy you can use defa

ult ports (or not), but put in rules like 1 concurrent connection from the

same IP address, 2 conne

ctions in the last 60 seconds, add a CIDR list to exclude IP address ranges

(although I do this on

my firewall).

This is interesting. I'd love to see a writeup of this :)

|03--|11[|05esc|13!|05dEMONIC|11]|03--|07

--- DayDream BBS/UNIX (Linux) 2.15a
* Origin: [>mONTEREYbBS.COM>] (21:3/203)

Re: Re: ACiD Underworld
By: esc to deon on Fri Oct 10 2025 11:53 pm

Howdy,

* You could put something like haproxy in front (which is what I do), with

haproxy you can use defa

This is interesting. I'd love to see a writeup of this :)

So I'll mention there is 1 disadvantage (if the backend doesnt support the HAPROXY_PROTOCOL) - you'll loose the sort IP address.

I added the HAPROXY_PROTOCOL to Synchronet, and did ask James to add it to Mystic (when I was using mystic moons ago - and I'm sure he didnt).

My config is essentially this;

# TELNET
frontend fe-sbbs-telnet
bind :::23 v4v6
default_backend be-sbbs-telnet
maxconn 4

# Track the backend state - and reject any attempts if its down
acl be-telnet-dead nbsrv(be-sbbs-telnet) lt 1
tcp-request connection reject if be-telnet-dead

# stick table definition for storing rates
stick-table type ipv6 size 500k expire 30m store conn_cur,conn_rate(60s)

## Allow clean known IPs to bypass the filter
tcp-request connection accept if { src -f /usr/local/etc/haproxy/config/whitelist.lst }
# Only allow 1 connections per IP opened
tcp-request connection reject if { src_conn_cur ge 1 }
# Only allow 1 connections per 60s
tcp-request connection reject if { src_conn_rate ge 1 }
tcp-request connection track-sc1 src

backend be-sbbs-telnet
balance leastconn
server alterant alterant:23 resolvers dns init-addr none send-proxy-v2


...ëîåï
--- SBBSecho 3.29-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

The one issue I have there is that users who come in that way cannot
do any
file transfers from the backend BBS. Did you ever figure out a way
around
that? Most of them don't try so it isn't a big deal but I am curious
how
it might have been addressed if you figured it out.

I wonder if it's because I was just going into another linux BBS that I never noticed this issue. That sounds frustrating as hell, though.

Supposedly, it has something to do with the hand-off being/not being
binary? Yeah, it would be frustrating but I don't keep that many files on
the DOS BBS anyway. Not being able to upload/download QWK is where I think
it might be noticed. Most of the people who use that method to log on are
only doing it to play the doorgames anyway.


* SLMR 2.1a * Computer Hacker wanted. Must have own axe.
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (21:1/175)

Hey friend! Hope all is well with you. Long time no talk, we should
catch up.

Absolutely, it's BBS season! Spending less and less time outdoors as temperatures cool and the kids get busy with school. Stop by any time!

I debated using it as a mailer as well but decided to just use binkd. Frankly Mystic has better quality of life stuff as a mailer but binkd
was fine. If I had it to do over again, I'd consider Mystic even more as
a mailer lol.

I have binkd up atm .. there are a few bugs to be worked out but it does appear very simple. I had help .. can't take credit for it. I do miss having the "Press ESC" though .. *ANYTHING* to slow down the hits to the server.

Frankly Mystic has better quality of life stuff as a mailer but binkd
was fine. If I had it to do over again, I'd consider Mystic even more as

Yes it does, it's a bit more than I need for how little I've allocated in RAM/HD but if all else fails I didn't think about using it as a mailer. I suppose there would be a way to do so .. maybe on my Next BBS :)

|15-|12t|04G
|15www|08.|15theun|07dergrou|08nd|07.|08us|15:|0810023

... Computers are not intelligent. They only think they are.

--- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
* Origin: www.theunderground.us Telnet 10023 SSH 7771 (21:3/165)

Nothing really ... RGBOT is basically a glorified door. You will need
to use Net2BBS or another telnet server to call it before your BBS in
the batch file net2bbs uses.

Ok once I get binkd fully working with telegard and netfoss / net2bbs I'll check it out!

Any of the other utils are RG specific.

Understood! I may check out RG next ... loving the feel of both (Telegard and RG)

|15-|12t|04G
|15www|08.|15theun|07dergrou|08nd|07.|08us|15:|0810023

... Running Windows is better than washing them!

--- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
* Origin: www.theunderground.us Telnet 10023 SSH 7771 (21:3/165)

* You could change your ports to "less used" ports - it doesnt stop
them, but means they need to do more work to find the port you are
using. I've never been in favour of this option.

This is typically what I do and don't have an issue (much) with BOT's but for this project I want to stick to standard. Is there a reason you avoid using non standard ports?

* You could put something like haproxy in front (which is what I do),
with haproxy you can use default ports (or not), but put in rules like 1 concurrent connection from the same IP address, 2 connections in the
last 60 seconds, add a CIDR list to exclude IP address ranges (although

Sounds like a lot of work / trial and error. But I'll look into it for sure. I was surprised just how bad the bots are now compared to when I put up my BBS back in 2020. The telnet server gets hit pretty hard.

* Another things I looked at and there are pro's and con's, is having
your BBS behind a VPN of sorts. I've played with zerotier and yggdrasil, and then limiting inbound connections from other users who are also
inside the VPN.

I had to chuckle here. I went a few months with ZERO (fortunately last summer during the slower months ..) Turns out I had my VPN turned on. Do those VPN's have the equivalent of port forwarding? And if so, does that make your browsing privacy / different country hopping more vulnerable?

|15-|12t|04G
|15www|08.|15theun|07dergrou|08nd|07.|08us|15:|0810023

... No honey, I can't eat with the family. My computer gets lonely!

--- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
* Origin: www.theunderground.us Telnet 10023 SSH 7771 (21:3/165)

Hey Godfather, happy to hear that you are still connecting to the
boards. Well, what happened was that the bots caused the server to spawn sessions and never logged out, for some reason they where stuck in the "Login"-phase, so i simply just restarted the bbs and terminated all the running processes.

Ah! That's odd they did that, normally they don't connect. I'll have to keep my eye out as operating on a standard port is rather new to me.

|15-|12t|04G
|15www|08.|15theun|07dergrou|08nd|07.|08us|15:|0810023

... WOMAN.ZIP - Great program but no documentation

--- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
* Origin: www.theunderground.us Telnet 10023 SSH 7771 (21:3/165)

Re: Re: ACiD Underworld
By: The Godfather to deon on Sat Oct 11 2025 07:30 pm

Howdy,

This is typically what I do and don't have an issue (much) with BOT's but for this project I want to stick to standard. Is there a reason you avoid using non standard ports?

Yeah, you then need to tell everbody your non standard port, if you want them to connect to you. If you advertise the non standard port, then I'm guessing it gets loaded into the bot tooling, which means it (eventually) gets hammered too.

I work on the theory, why should *I* have to change?

Sounds like a lot of work / trial and error. But I'll look into it for sure.

I didnt think so. I have the rules in place and forgot that I use it. But if you want the source IP address to be visible to whatever is behind haproxy, then that system needs to support the "haproxy protocol", otherwise the backend only sees the IP address of haproxy.

I had to chuckle here. I went a few months with ZERO (fortunately last summer during the slower months ..) Turns out I had my VPN turned on. Do those VPN's have the equivalent of port forwarding? And if so, does that make your browsing privacy / different country hopping more vulnerable?

I'm not talking about VPNs that are gated to the internet. I'm talking about a network inside a network. So no, port forwarding doesnt make sense (it doesnt address the problem), and the VPN doesnt provide outbound to the greater internet.

With Zero (or yggdrasil), you would limit inbound access to the VPN interface, and thus somebody connecting to your BBS would also need to be a member of the VPN. IP addresses are not public.

So, for example, to get mail via BINKP, the hub needs to be connected to the same VPN (Hub 3 uses ZeroTier), and your BINKP would also need to be connected to the same VPN.

For inbound telnet, users would need to connect to the VPN before connecting to the BBS (because the IP addresses are not routable outside of the VPN). And thus no bots, because they generally dont join VPN networks to probe, and/or wouldnt be allowed to join our "BBS VPN", anyway.

It has its pro's (only real people connecting) and con's (an additional IP network to manage).


...ëîåï
--- SBBSecho 3.29-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)