• CAPTCHA mod or something like that

    From acn@VERT/IMZADI to All on Sat Jan 15 19:45:40 2022
    Hi,

    does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
    I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)

    Thank you!

    Regards,
    Anna

    ---
    þ Synchronet þ Imzadi Box -*- box.imzadi.de
  • From Nightfox@VERT/DIGDIST to acn on Sat Jan 15 11:33:56 2022
    Re: CAPTCHA mod or something like that
    By: acn to All on Sat Jan 15 2022 07:45 pm

    does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
    I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)

    I wrote one for my BBS for the new user process, but I haven't made it available for download.

    Nightfox

    ---
    ■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com
  • From Digital Man@VERT to acn on Sat Jan 15 13:21:21 2022
    Re: CAPTCHA mod or something like that
    By: acn to All on Sat Jan 15 2022 07:45 pm

    Hi,

    does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
    I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)

    There's one here, but it assumes your logon module is written in Baja: http://web.synchro.net/api/files.ssjs?call=download-file&dir=sbbs_3rd&file=captcha.zip

    Waiting for someone to hit ESC in your login module would be just a couple lines of JS code. Something like:

    print("Press ESC to login...");
    while(bbs.online && console.getkey(K_NOECHO) != KEY_ESC);

    (K_NOECHO is defined in sbbsdefs.js and KEY_ESC is defined in key_defs.js)

    ... but it sort of begs the question: why? A bot is disconnected pretty quickly with the default configuration, I think it's 30 seconds of no ANSI or other inactivity?
    --
    digital man (rob)

    Synchronet "Real Fact" #2:
    Synchronet version 2 for DOS and OS/2 was released to the public domain in 1997.
    Norco, CA WX: 66.7°F, 23.0% humidity, 3 mph NE wind, 0.00 inches rain/24hrs
    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From MRO@VERT/BBSESINF to acn on Sat Jan 15 16:20:48 2022
    Re: CAPTCHA mod or something like that
    By: acn to All on Sat Jan 15 2022 07:45 pm

    Hi,

    does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
    I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)

    Thank you!

    Regards,
    Anna

    yeah you can make your own pretty easy.
    i have a dumb one i wrote in baja.

    it's an ugly hack and i could have done better. it's never failed me though.
    i uploaded it on vert probably.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From MRO@VERT/BBSESINF to Nightfox on Sat Jan 15 16:21:22 2022
    Re: CAPTCHA mod or something like that
    By: Nightfox to acn on Sat Jan 15 2022 11:33 am

    Re: CAPTCHA mod or something like that
    By: acn to All on Sat Jan 15 2022 07:45 pm

    does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
    I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)

    I wrote one for my BBS for the new user process, but I haven't made it available for download.


    no, you need a front end for the bots. and with mine it blacklists them if they fail it.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From MRO@VERT/BBSESINF to Digital Man on Sat Jan 15 16:22:35 2022
    Re: CAPTCHA mod or something like that
    By: Digital Man to acn on Sat Jan 15 2022 01:21 pm


    ... but it sort of begs the question: why? A bot is disconnected pretty quickly with the default configuration, I think it's 30 seconds of no ANSI or other inactivity?

    well i've seen bots have multiple instances and use up all the nodes.
    blocking them when they fail a challenge works pretty well.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Digital Man@VERT to MRO on Sat Jan 15 17:23:07 2022
    Re: CAPTCHA mod or something like that
    By: MRO to Digital Man on Sat Jan 15 2022 04:22 pm

    Re: CAPTCHA mod or something like that
    By: Digital Man to acn on Sat Jan 15 2022 01:21 pm


    ... but it sort of begs the question: why? A bot is disconnected pretty quickly with the default configuration, I think it's 30 seconds of no ANSI or other inactivity?

    well i've seen bots have multiple instances and use up all the nodes. blocking them when they fail a challenge works pretty well.

    Setting MaxConcurrentConnections = 1 or 2 works pretty well too.

    *I* wouldn't want to block an IP address from future connections just because the user was having issues with their terminal and couldn't send the right response to a challenge.
    --
    digital man (rob)

    Breaking Bad quote #13:
    I got twenty bucks that says he's a beaner. - Hank
    Norco, CA WX: 65.9°F, 24.0% humidity, 2 mph S wind, 0.00 inches rain/24hrs
    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From MRO@VERT/BBSESINF to Digital Man on Sat Jan 15 21:00:15 2022
    Re: CAPTCHA mod or something like that
    By: Digital Man to MRO on Sat Jan 15 2022 05:23 pm


    Setting MaxConcurrentConnections = 1 or 2 works pretty well too.

    synchronet absolutely does not work well against attackers.
    if there's attackers hitting the bbs, it slows it down for users that are actually using the system.

    i dont want 1 or 2 nodes tied up all night.
    that's why i block and they go in the firewall.

    *I* wouldn't want to block an IP address from future connections just because the user was having issues with their terminal and couldn't send the right response to a challenge.

    i give them a couple of tries. who has problems with their terminals?

    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From acn@VERT/IMZADI to Digital Man on Sun Jan 16 13:16:56 2022
    Hi *,

    thank your for the suggestions.

    DMs idea about the 2-liner sounds nice, that really is the easiest idea.
    I think I'll try that as a first solution.

    The reason why I would like something like that is that I hope that bots who try some username/password combinations on "login:" prompts might be stopped from doing that if something else has to be done before the "login:" prompt appears.

    Maybe I will write failed login attempts into a separate logfile that fail2ban can take into account to ban such 'hackers' for 10 minutes.

    Regards,
    Anna

    ---
    þ Synchronet þ Imzadi Box -*- box.imzadi.de
  • From Digital Man@VERT to acn on Sun Jan 16 12:47:06 2022
    Re: CAPTCHA mod or something like that
    By: acn to Digital Man on Sun Jan 16 2022 01:16 pm

    Hi *,

    thank your for the suggestions.

    DMs idea about the 2-liner sounds nice, that really is the easiest idea.
    I think I'll try that as a first solution.

    The reason why I would like something like that is that I hope that bots who try some username/password combinations on "login:" prompts might be stopped from doing that if something else has to be done before the "login:" prompt appears.

    Maybe I will write failed login attempts into a separate logfile that fail2ban can take into account to ban such 'hackers' for 10 minutes.

    Have you read this? https://wiki.synchro.net/howto:block-hackers
    --
    digital man (rob)

    Breaking Bad quote #14:
    First name of Emlio - that's at least half a beaner, let you off for $10 - Hank Norco, CA WX: 71.6°F, 25.0% humidity, 0 mph S wind, 0.00 inches rain/24hrs
    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From acn@VERT/IMZADI to Digital Man on Mon Jan 17 10:53:56 2022
    Hi,

    Have you read this? https://wiki.synchro.net/howto:block-hackers

    Yes, I have - and I think I enabled the suggested options in my setup.

    But an additional line of defense couldn't be that bad :)

    Regards,
    Anna

    ---
    þ Synchronet þ Imzadi Box -*- box.imzadi.de
  • From acn@VERT/IMZADI to Digital Man on Mon Jan 17 14:41:49 2022
    Hi DM,

    Waiting for someone to hit ESC in your login module would be just a couple lines of JS code. Something like:

    print("Press ESC to login...");
    while(bbs.online && console.getkey(K_NOECHO) != KEY_ESC);

    (K_NOECHO is defined in sbbsdefs.js and KEY_ESC is defined in key_defs.js)

    I've tried adding these lines to the top of login.js (copied to mods/), just before "bbs.logout()".

    But this is displayed *after* answer.msg/banner1.msg...

    Would it have any side-effects if I remove answer.msg/banner1.msg and let them get displayed at the beginning of login.js after the "Press ESC to login" message?

    Thank you!

    Regards,
    Anna

    ---
    þ Synchronet þ Imzadi Box -*- box.imzadi.de
  • From Digital Man@VERT to acn on Mon Jan 17 12:35:17 2022
    Re: CAPTCHA mod or something like that
    By: acn to Digital Man on Mon Jan 17 2022 02:41 pm

    Hi DM,

    Waiting for someone to hit ESC in your login module would be just a couple lines of JS code. Something like:

    print("Press ESC to login...");
    while(bbs.online && console.getkey(K_NOECHO) != KEY_ESC);

    (K_NOECHO is defined in sbbsdefs.js and KEY_ESC is defined in key_defs.js)

    I've tried adding these lines to the top of login.js (copied to mods/), just before "bbs.logout()".

    But this is displayed *after* answer.msg/banner1.msg...

    Would it have any side-effects if I remove answer.msg/banner1.msg and let them get displayed at the beginning of login.js after the "Press ESC to login" message?

    Another way to do that would be to add at the top of your banner*.msg file: @exec:yourmod@ (EXEC in uppercase)

    then create exec/yourmod.js with those lines you want to execute before the body of the banner (and answer.* file) is displayed.
    --
    digital man (rob)

    Breaking Bad quote #13:
    I got twenty bucks that says he's a beaner. - Hank
    Norco, CA WX: 58.9°F, 78.0% humidity, 2 mph WNW wind, 0.00 inches rain/24hrs ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From MRO@VERT/BBSESINF to acn on Tue Jan 18 00:37:34 2022
    Re: CAPTCHA mod or something like that
    By: acn to Digital Man on Mon Jan 17 2022 10:53 am

    Hi,

    Have you read this? https://wiki.synchro.net/howto:block-hackers

    Yes, I have - and I think I enabled the suggested options in my setup.

    But an additional line of defense couldn't be that bad :)

    Regards,
    Anna


    i use peerblock on my windows 32bit bbses. if there's a bad ip range, i just put it into a .p2p file and load it in there.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From acn@VERT/IMZADI to Digital Man on Tue Jan 18 10:33:17 2022
    Hi,

    Another way to do that would be to add at the top of your banner*.msg file: @exec:yourmod@ (EXEC in uppercase)
    then create exec/yourmod.js with those lines you want to execute before the body of the banner (and answer.* file) is displayed.

    Thank you very much for that hint!
    It's working :)

    Now I can tweak my 'yourmod' file a little :)

    Regards,
    Anna

    ---
    þ Synchronet þ Imzadi Box -*- box.imzadi.de
  • From Digital Man@VERT to acn on Tue Jan 18 11:43:22 2022
    Re: CAPTCHA mod or something like that
    By: acn to Digital Man on Tue Jan 18 2022 10:33 am

    Hi,

    Another way to do that would be to add at the top of your banner*.msg file: @exec:yourmod@ (EXEC in uppercase)
    then create exec/yourmod.js with those lines you want to execute before the body of the banner (and answer.* file) is displayed.

    Thank you very much for that hint!
    It's working :)

    No problem, cool.

    Now I can tweak my 'yourmod' file a little :)

    Yes, and you can name it whatever you like. :-)
    --
    digital man (rob)

    Breaking Bad quote #40:
    This Bogdan character... he wrestled you into submission with his eyebrows. Norco, CA WX: 62.3°F, 70.0% humidity, 5 mph WNW wind, 0.00 inches rain/24hrs ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From acn@VERT/IMZADI to Digital Man on Wed Jan 19 12:03:53 2022
    Hi,

    Now I can tweak my 'yourmod' file a little :)
    Yes, and you can name it whatever you like. :-)

    Don't worry, I did change the name :) (it's named captcha.js *g*)

    Regards,
    Anna

    ---
    þ Synchronet þ Imzadi Box -*- box.imzadi.de
  • From Tracker1@VERT/TRN to Digital Man on Fri Jan 21 16:32:39 2022
    On 1/15/22 18:23, Digital Man wrote:

    Setting MaxConcurrentConnections = 1 or 2 works pretty well too.

    Oh yeah... you may want to bump the default to 3 or 4 on your FTP config.

    I was trying to download the bbsfiles.com archive from your server, and
    even when I dropped my max connections to 1 at a time, there were still
    issues when doing PASV downloads against a queue of files to download.

    I'm guessing that the transfer showed as done on FileZilla, then
    attempted to start a new connection/transfer etc before your system
    marked the old connection as done.

    Wasn't too bad, just requeue a few times on the failures.
    --
    Michael J. Ryan - tracker1@roughneckbbs.com
    ---
    þ Synchronet þ Roughneck BBS - roughneckbbs.com
  • From Tracker1@VERT/TRN to MRO on Fri Jan 21 16:34:48 2022
    On 1/15/22 20:00, MRO wrote:
    *I* wouldn't want to block an IP address from future connections just
    because the user was having issues with their terminal and couldn't send the >> right response to a challenge.

    i give them a couple of tries. who has problems with their terminals?

    People developing or testing a new terminal application for one.
    --
    Michael J. Ryan - tracker1@roughneckbbs.com
    ---
    þ Synchronet þ Roughneck BBS - roughneckbbs.com
  • From MRO@VERT/BBSESINF to Tracker1 on Sat Jan 22 02:28:26 2022
    Re: Re: CAPTCHA mod or something like that
    By: Tracker1 to Digital Man on Fri Jan 21 2022 04:32 pm

    On 1/15/22 18:23, Digital Man wrote:

    Setting MaxConcurrentConnections = 1 or 2 works pretty well too.

    Oh yeah... you may want to bump the default to 3 or 4 on your FTP config.

    I was trying to download the bbsfiles.com archive from your server, and
    even when I dropped my max connections to 1 at a time, there were still issues when doing PASV downloads against a queue of files to download.


    i put up another link to it.

    arent you the guy i got the files from?
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From MRO@VERT/BBSESINF to Tracker1 on Sat Jan 22 02:28:54 2022
    Re: Re: CAPTCHA mod or something like that
    By: Tracker1 to MRO on Fri Jan 21 2022 04:34 pm

    *I* wouldn't want to block an IP address from future connections just
    because the user was having issues with their terminal and couldn't send the >> right response to a challenge.

    i give them a couple of tries. who has problems with their terminals?

    People developing or testing a new terminal application for one.

    FUCK THOSE GUYS.
    and tell them to stay off my bbses.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Gamgee@VERT/PALANT to Tracker1 on Sat Jan 22 14:07:00 2022
    Tracker1 wrote to MRO <=-

    *I* wouldn't want to block an IP address from future connections just
    because the user was having issues with their terminal and couldn't send the
    right response to a challenge.

    i give them a couple of tries. who has problems with their terminals?

    People developing or testing a new terminal application for one.

    How many people do you suppose are doing that?

    Let's say just in North America. One, or two?



    ... All hope abandon, ye who enter messages here.
    --- MultiMail/Linux v0.52
    ■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Tracker1@VERT/TRN to Gamgee on Thu Jan 27 14:56:34 2022
    On 1/22/22 13:07, Gamgee wrote:
    People developing or testing a new terminal application for one.

    How many people do you suppose are doing that?

    Let's say just in North America. One, or two?

    Well, I've been using the new MS terminal for a while now (in Windows),
    and Tabby on Mac and Linux. I also use the VS Code terminal a lot.

    I've also worked on using the xterm.js library directly.

    And that doesn't even scratch the number of terminal emulators/apps
    built in the past 2-3 years alone.

    That said, haven't had too many issues with various telnet/rlogin/ssh connections, but sometimes I do see odd behavior in more than a handful
    of scenarios.
    --
    Michael J. Ryan - tracker1@roughneckbbs.com
    ---
    þ Synchronet þ Roughneck BBS - roughneckbbs.com
  • From Nightfox@VERT/DIGDIST to Tracker1 on Thu Jan 27 18:15:16 2022
    Re: Re: CAPTCHA mod or something like that
    By: Tracker1 to Gamgee on Thu Jan 27 2022 02:56 pm

    People developing or testing a new terminal application for one.

    How many people do you suppose are doing that?

    Well, I've been using the new MS terminal for a while now (in Windows), and Tabby on Mac and Linux. I also use the VS Code terminal a lot.

    Are you saying you're running telnet from the Microsoft Windows Terminal app to connect to BBSes?

    Nightfox

    ---
    ■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com
  • From Tracker1@VERT/TRN to Nightfox on Fri Mar 25 09:55:32 2022
    On 1/27/22 19:15, Nightfox wrote:
    People developing or testing a new terminal application for one.

    How many people do you suppose are doing that?

    Well, I've been using the new MS terminal for a while now (in
    Windows), and Tabby on Mac and Linux. I also use the VS Code
    terminal a lot.

    Are you saying you're running telnet from the Microsoft Windows
    Terminal app to connect to BBSes?

    Yes. Both via windows (cmd/powershell) and via WSL/Ubuntu
    --
    Michael J. Ryan - tracker1@roughneckbbs.com
    ---
    þ Synchronet þ Roughneck BBS - roughneckbbs.com