Subj : Re: pfsense... To : Jas Hud From : digimaus Date : Wed Sep 04 2024 13:33:01 -=> Jas Hud wrote to digimaus <=- JH> they arent script kiddies. they are just bots attacking you. JH> there probably isnt an individual involved. In my mind, they're just one in the same these days. JH> well back in the day it was using known exploits or calling people up JH> on the phone and tricking them. that rarely happens now. Social engineering happens on a grand scale these days but it's definitely lost the human touch. JH> what i hate are these sites that want to appear to be legit but they JH> portscan my servers like a maniac all day long. even when they are JH> blocked by synchronet's shitty ip blocking. Unfortunately, not much you can do about them. I've got a few of the bad ones I've run into blocked in my BBS' firewall: # Block Censys "security scans" # https://support.censys.io/hc/en-us/articles # /360043177092-Opt-Out-of-Data-Collection $IPT -I INPUT -s 162.142.125.0/24 -j DROP $IPT -I INPUT -s 167.94.138.0/24 -j DROP $IPT -I INPUT -s 167.94.145.0/24 -j DROP $IPT -I INPUT -s 167.94.146.0/24 -j DROP $IPT -I INPUT -s 167.248.133.0/24 -j DROP $IPT -I INPUT -s 199.45.154.0/24 -j DROP $IPT -I INPUT -s 199.45.155.0/24 -j DROP $IPT -I INPUT -s 206.168.34.0/24 -j DROP # Block Palo Alto Networks' "security scans" $IPT -I INPUT -s 147.185.136.0/24 -j DROP $IPT -I INPUT -s 165.85.144.0/24 -j DROP $IPT -I INPUT -s 165.85.145.0/24 -j DROP $IPT -I INPUT -s 165.85.149.0/24 -j DROP $IPT -I INPUT -s 165.85.250.0/23 -j DROP $IPT -I INPUT -s 199.167.52.0/24 -j DROP $IPT -I INPUT -s 199.167.53.0/24 -j DROP $IPT -I INPUT -s 202.189.133.0/24 -j DROP $IPT -I INPUT -s 65.154.226.0/24 -j DROP $IPT -I INPUT -s 65.155.38.0/24 -j DROP $IPT -I INPUT -s 66.232.34.0/24 -j DROP $IPT -I INPUT -s 66.232.36.0/24 -j DROP $IPT -I INPUT -s 66.232.40.0/24 -j DROP $IPT -I INPUT -s 72.165.69.0/24 -j DROP It's not a panacea but it helps. What really helps throttle issues is having a combination of a stateful firewall and fail2ban on the BBS itself. That and having a powerful enough machine to keep up with it all. -- Sean .... Hungary? Russian to the kitchen and Czech the fridge! --- MultiMail/Linux * Origin: Outpost BBS * Johnson City, TN (618:618/1) .