Hi,

does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)

Thank you!

Regards,
Anna

---
þ Synchronet þ Imzadi Box -*- box.imzadi.de

Re: CAPTCHA mod or something like that
By: acn to All on Sat Jan 15 2022 07:45 pm

does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)

I wrote one for my BBS for the new user process, but I haven't made it available for download.

Nightfox

---
■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com

Re: CAPTCHA mod or something like that
By: acn to All on Sat Jan 15 2022 07:45 pm

Hi,

does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)

There's one here, but it assumes your logon module is written in Baja: http://web.synchro.net/api/files.ssjs?call=download-file&dir=sbbs_3rd&file=captcha.zip

Waiting for someone to hit ESC in your login module would be just a couple lines of JS code. Something like:

print("Press ESC to login...");
while(bbs.online && console.getkey(K_NOECHO) != KEY_ESC);

(K_NOECHO is defined in sbbsdefs.js and KEY_ESC is defined in key_defs.js)

... but it sort of begs the question: why? A bot is disconnected pretty quickly with the default configuration, I think it's 30 seconds of no ANSI or other inactivity?
--
digital man (rob)

Synchronet "Real Fact" #2:
Synchronet version 2 for DOS and OS/2 was released to the public domain in 1997.
Norco, CA WX: 66.7°F, 23.0% humidity, 3 mph NE wind, 0.00 inches rain/24hrs
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Re: CAPTCHA mod or something like that
By: acn to All on Sat Jan 15 2022 07:45 pm

Hi,

does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)

Thank you!

Regards,
Anna

yeah you can make your own pretty easy.
i have a dumb one i wrote in baja.

it's an ugly hack and i could have done better. it's never failed me though.
i uploaded it on vert probably.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: CAPTCHA mod or something like that
By: Nightfox to acn on Sat Jan 15 2022 11:33 am

Re: CAPTCHA mod or something like that
By: acn to All on Sat Jan 15 2022 07:45 pm

does anyone know of a mod that provides a CAPTCHA or something like that, at least like 'press Esc twice to continue'?
I've seen such 'pre-login' checks at some Mystic BBSes and think they're nice :)

I wrote one for my BBS for the new user process, but I haven't made it available for download.

no, you need a front end for the bots. and with mine it blacklists them if they fail it.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: CAPTCHA mod or something like that
By: Digital Man to acn on Sat Jan 15 2022 01:21 pm

... but it sort of begs the question: why? A bot is disconnected pretty quickly with the default configuration, I think it's 30 seconds of no ANSI or other inactivity?

well i've seen bots have multiple instances and use up all the nodes.
blocking them when they fail a challenge works pretty well.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: CAPTCHA mod or something like that
By: MRO to Digital Man on Sat Jan 15 2022 04:22 pm

Re: CAPTCHA mod or something like that
By: Digital Man to acn on Sat Jan 15 2022 01:21 pm

... but it sort of begs the question: why? A bot is disconnected pretty quickly with the default configuration, I think it's 30 seconds of no ANSI or other inactivity?

well i've seen bots have multiple instances and use up all the nodes. blocking them when they fail a challenge works pretty well.

Setting MaxConcurrentConnections = 1 or 2 works pretty well too.

*I* wouldn't want to block an IP address from future connections just because the user was having issues with their terminal and couldn't send the right response to a challenge.
--
digital man (rob)

Breaking Bad quote #13:
I got twenty bucks that says he's a beaner. - Hank
Norco, CA WX: 65.9°F, 24.0% humidity, 2 mph S wind, 0.00 inches rain/24hrs
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Re: CAPTCHA mod or something like that
By: Digital Man to MRO on Sat Jan 15 2022 05:23 pm

Setting MaxConcurrentConnections = 1 or 2 works pretty well too.

synchronet absolutely does not work well against attackers.
if there's attackers hitting the bbs, it slows it down for users that are actually using the system.

i dont want 1 or 2 nodes tied up all night.
that's why i block and they go in the firewall.

*I* wouldn't want to block an IP address from future connections just because the user was having issues with their terminal and couldn't send the right response to a challenge.

i give them a couple of tries. who has problems with their terminals?

---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Hi *,

thank your for the suggestions.

DMs idea about the 2-liner sounds nice, that really is the easiest idea.
I think I'll try that as a first solution.

The reason why I would like something like that is that I hope that bots who try some username/password combinations on "login:" prompts might be stopped from doing that if something else has to be done before the "login:" prompt appears.

Maybe I will write failed login attempts into a separate logfile that fail2ban can take into account to ban such 'hackers' for 10 minutes.

Regards,
Anna

---
þ Synchronet þ Imzadi Box -*- box.imzadi.de

Re: CAPTCHA mod or something like that
By: acn to Digital Man on Sun Jan 16 2022 01:16 pm

Hi *,

thank your for the suggestions.

DMs idea about the 2-liner sounds nice, that really is the easiest idea.
I think I'll try that as a first solution.

The reason why I would like something like that is that I hope that bots who try some username/password combinations on "login:" prompts might be stopped from doing that if something else has to be done before the "login:" prompt appears.

Maybe I will write failed login attempts into a separate logfile that fail2ban can take into account to ban such 'hackers' for 10 minutes.

Have you read this? https://wiki.synchro.net/howto:block-hackers
--
digital man (rob)

Breaking Bad quote #14:
First name of Emlio - that's at least half a beaner, let you off for $10 - Hank Norco, CA WX: 71.6°F, 25.0% humidity, 0 mph S wind, 0.00 inches rain/24hrs
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Have you read this? https://wiki.synchro.net/howto:block-hackers

Yes, I have - and I think I enabled the suggested options in my setup.

But an additional line of defense couldn't be that bad :)

Regards,
Anna

---
þ Synchronet þ Imzadi Box -*- box.imzadi.de

Hi DM,

Waiting for someone to hit ESC in your login module would be just a couple lines of JS code. Something like:

print("Press ESC to login...");
while(bbs.online && console.getkey(K_NOECHO) != KEY_ESC);

(K_NOECHO is defined in sbbsdefs.js and KEY_ESC is defined in key_defs.js)

I've tried adding these lines to the top of login.js (copied to mods/), just before "bbs.logout()".

But this is displayed *after* answer.msg/banner1.msg...

Would it have any side-effects if I remove answer.msg/banner1.msg and let them get displayed at the beginning of login.js after the "Press ESC to login" message?

Thank you!

Regards,
Anna

---
þ Synchronet þ Imzadi Box -*- box.imzadi.de

Re: CAPTCHA mod or something like that
By: acn to Digital Man on Mon Jan 17 2022 02:41 pm

Hi DM,

Waiting for someone to hit ESC in your login module would be just a couple lines of JS code. Something like:

print("Press ESC to login...");
while(bbs.online && console.getkey(K_NOECHO) != KEY_ESC);

(K_NOECHO is defined in sbbsdefs.js and KEY_ESC is defined in key_defs.js)

I've tried adding these lines to the top of login.js (copied to mods/), just before "bbs.logout()".

But this is displayed *after* answer.msg/banner1.msg...

Would it have any side-effects if I remove answer.msg/banner1.msg and let them get displayed at the beginning of login.js after the "Press ESC to login" message?

Another way to do that would be to add at the top of your banner*.msg file: @exec:yourmod@ (EXEC in uppercase)

then create exec/yourmod.js with those lines you want to execute before the body of the banner (and answer.* file) is displayed.
--
digital man (rob)

Breaking Bad quote #13:
I got twenty bucks that says he's a beaner. - Hank
Norco, CA WX: 58.9°F, 78.0% humidity, 2 mph WNW wind, 0.00 inches rain/24hrs ---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Re: CAPTCHA mod or something like that
By: acn to Digital Man on Mon Jan 17 2022 10:53 am

Hi,

Have you read this? https://wiki.synchro.net/howto:block-hackers

Yes, I have - and I think I enabled the suggested options in my setup.

But an additional line of defense couldn't be that bad :)

Regards,
Anna

i use peerblock on my windows 32bit bbses. if there's a bad ip range, i just put it into a .p2p file and load it in there.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Hi,

Another way to do that would be to add at the top of your banner*.msg file: @exec:yourmod@ (EXEC in uppercase)
then create exec/yourmod.js with those lines you want to execute before the body of the banner (and answer.* file) is displayed.

Thank you very much for that hint!
It's working :)

Now I can tweak my 'yourmod' file a little :)

Regards,
Anna

---
þ Synchronet þ Imzadi Box -*- box.imzadi.de

Re: CAPTCHA mod or something like that
By: acn to Digital Man on Tue Jan 18 2022 10:33 am

Hi,

Another way to do that would be to add at the top of your banner*.msg file: @exec:yourmod@ (EXEC in uppercase)
then create exec/yourmod.js with those lines you want to execute before the body of the banner (and answer.* file) is displayed.

Thank you very much for that hint!
It's working :)

No problem, cool.

Now I can tweak my 'yourmod' file a little :)

Yes, and you can name it whatever you like. :-)
--
digital man (rob)

Breaking Bad quote #40:
This Bogdan character... he wrestled you into submission with his eyebrows. Norco, CA WX: 62.3°F, 70.0% humidity, 5 mph WNW wind, 0.00 inches rain/24hrs ---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Now I can tweak my 'yourmod' file a little :)

Yes, and you can name it whatever you like. :-)

Don't worry, I did change the name :) (it's named captcha.js *g*)

Regards,
Anna

---
þ Synchronet þ Imzadi Box -*- box.imzadi.de

On 1/15/22 18:23, Digital Man wrote:

Setting MaxConcurrentConnections = 1 or 2 works pretty well too.

Oh yeah... you may want to bump the default to 3 or 4 on your FTP config.

I was trying to download the bbsfiles.com archive from your server, and
even when I dropped my max connections to 1 at a time, there were still
issues when doing PASV downloads against a queue of files to download.

I'm guessing that the transfer showed as done on FileZilla, then
attempted to start a new connection/transfer etc before your system
marked the old connection as done.

Wasn't too bad, just requeue a few times on the failures.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
þ Synchronet þ Roughneck BBS - roughneckbbs.com

On 1/15/22 20:00, MRO wrote:

*I* wouldn't want to block an IP address from future connections just
because the user was having issues with their terminal and couldn't send the >> right response to a challenge.

i give them a couple of tries. who has problems with their terminals?

People developing or testing a new terminal application for one.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
þ Synchronet þ Roughneck BBS - roughneckbbs.com

Re: Re: CAPTCHA mod or something like that
By: Tracker1 to Digital Man on Fri Jan 21 2022 04:32 pm

On 1/15/22 18:23, Digital Man wrote:

Setting MaxConcurrentConnections = 1 or 2 works pretty well too.

Oh yeah... you may want to bump the default to 3 or 4 on your FTP config.

I was trying to download the bbsfiles.com archive from your server, and
even when I dropped my max connections to 1 at a time, there were still issues when doing PASV downloads against a queue of files to download.

i put up another link to it.

arent you the guy i got the files from?
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: Re: CAPTCHA mod or something like that
By: Tracker1 to MRO on Fri Jan 21 2022 04:34 pm

*I* wouldn't want to block an IP address from future connections just
because the user was having issues with their terminal and couldn't send the >> right response to a challenge.

i give them a couple of tries. who has problems with their terminals?

People developing or testing a new terminal application for one.

FUCK THOSE GUYS.
and tell them to stay off my bbses.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Tracker1 wrote to MRO <=-

*I* wouldn't want to block an IP address from future connections just
because the user was having issues with their terminal and couldn't send the
right response to a challenge.

i give them a couple of tries. who has problems with their terminals?

People developing or testing a new terminal application for one.

How many people do you suppose are doing that?

Let's say just in North America. One, or two?



... All hope abandon, ye who enter messages here.
--- MultiMail/Linux v0.52
■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

On 1/22/22 13:07, Gamgee wrote:

People developing or testing a new terminal application for one.

How many people do you suppose are doing that?

Let's say just in North America. One, or two?

Well, I've been using the new MS terminal for a while now (in Windows),
and Tabby on Mac and Linux. I also use the VS Code terminal a lot.

I've also worked on using the xterm.js library directly.

And that doesn't even scratch the number of terminal emulators/apps
built in the past 2-3 years alone.

That said, haven't had too many issues with various telnet/rlogin/ssh connections, but sometimes I do see odd behavior in more than a handful
of scenarios.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
þ Synchronet þ Roughneck BBS - roughneckbbs.com

Re: Re: CAPTCHA mod or something like that
By: Tracker1 to Gamgee on Thu Jan 27 2022 02:56 pm

People developing or testing a new terminal application for one.

How many people do you suppose are doing that?

Well, I've been using the new MS terminal for a while now (in Windows), and Tabby on Mac and Linux. I also use the VS Code terminal a lot.

Are you saying you're running telnet from the Microsoft Windows Terminal app to connect to BBSes?

Nightfox

---
■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com

On 1/27/22 19:15, Nightfox wrote:

People developing or testing a new terminal application for one.

How many people do you suppose are doing that?

Well, I've been using the new MS terminal for a while now (in
Windows), and Tabby on Mac and Linux. I also use the VS Code
terminal a lot.

Are you saying you're running telnet from the Microsoft Windows
Terminal app to connect to BBSes?

Yes. Both via windows (cmd/powershell) and via WSL/Ubuntu
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
þ Synchronet þ Roughneck BBS - roughneckbbs.com