Subj : Autoban settings
To   : All
From : McDoob
Date : Tue Dec 14 2021 04:49 pm

Hi All!

I am hosting PiBBS on the default telnet port (23) and, as you can imagine,
I'm getting a lot of...shall we say...unwanted traffic. By default, Mystic is
doing a pretty good job of banning the ones that are actively trying to
brute-force the login. 

The thing that concerns me is the constant stream of not-quite-logins from
the same IP over and over again. Here's where the autoban settings come in,
of course.

My question is, what is a good setting? I don't want to be too conservative,
nor too lax. I'm interested in hearing opinions from my fellow SysOps on what
settings they use.

For now, I'm set to 4 attempts in 120 sec, as seen in one of Mystic Guy's
videos. And my blacklist is growing at what appears to be an exponential
rate, so obviously it's working.

But...is it working TOO well? o_O

McDoob
SysOp, PiBBS
pibbs.sytes.net

--- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
 * Origin: PiBBS (21:4/135)

.