Subj : Re: Hacker making all Mystic nodes "BUSY" To : Gandalf From : Warpslide Date : Tue Feb 14 2023 03:18 am On 13 Feb 2023, Gandalf said the following... Ga> Greetings and Salutations! I am having an issue with a hacker who trys Ga> to crack my system password eventually making all of my nodes busy so Ga> that users cannot login. Ga> something I can do other than removing the system password prompt to Ga> keep this from happening? Check out botcheck.mps in your mystic/themes/default/scripts directory: [ begin quote botcheck.mps ] BOTCHECK.MPS: Example script to force users to immediately press ESCAPE twice upon connection within 15 seconds or else their connection will be closed. To install: Copy this as "connect.mps" in your theme's script directory and then use MPLC to compile it (mplc -T will compile all theme scripts) [ end quote botcheck.mps ] You may want to paste this in right after "Begin" in the script: If ACS('OS') Then break This will skip asking people to press ESC twice if they connect via SSH as they'd already be authenticated. I have this in place along with blocking a bunch of countries with iptables: ipset create block4 hash:net ipset create block6 hash:net family inet6 iptables -A INPUT -m set --match-set block4 src -j DROP iptables -A OUTPUT -m set --match-set block4 dst -j DROP ip6tables -A INPUT -m set --match-set block6 src -j DROP ip6tables -A OUTPUT -m set --match-set block6 dst -j DROP [ begin geoip.sh ] #!/bin/bash tmpdir=`mktemp -d` cd $tmpdir countries=("ru" "ua" "by" "bg" "br" "cn" "hk" "kr" "kp" "ir") for i in ${countries[@]}; do curl -f -s -k https://www.ipdeny.com/ipblocks/data/aggregated/$i-aggregated.zone >> block4.zone curl -f -s -k https://www.ipdeny.com/ipv6/ipaddresses/aggregated/$i-aggregated.zone >> block6.zone done ipset flush for i in $( cat block4.zone ); do ipset -A block4 $i; done for i in $( cat block6.zone ); do ipset -A block6 $i; done ipset save > /etc/iptables/ipsets rm -f $tmpdir/* rmdir $tmpdir [ end geoip.sh ] Jay .... When cheese gets its picture taken, what does it say? --- Mystic BBS v1.12 A49 2023/01/27 (Linux/64) * Origin: Northern Realms | bbs.nrbbs.net | 289-424-5180 (21:3/110) .