TL;DR; - Upgrade your IRC server :)

For more details...read below...

I wanted to give a quick status of the IRC network, for those who care. We've been invaded by spambots recently. Cyan added dronebl lookups to the IRC server, which is now at Version 1.10. All sysops are encouraged to use this version which will help protect the network, plus it includes bugfixes for both IRC and SBBS. You'll need the latest SBBS 3.20a to take advantage of new features.

I had services issue an infinite ban on IPs that we catch. I am going to change this to 30 days otherwise our servers are going to get overloaded with AKILLs that may no longer be relevant.

Also, rather than using "spamtard" as the reason, I have created a misc faq section on the wiki that will be pointed to. One thing to note, servers on version less than 1.10 will NOT process the RAKILL message. This is used to remove AKILLs. You will have to either restart your irc server and/or upgrade which will also restart your ircd. Hit me up with any services questions here or on IRC.

These are our Hall of Fame boards, running the latest 1.10.
vert.synchro.net
magnumuk.synchro.net
mortal.synchro.net
hoval.synchro.net
bggrscyn.synchro.net
cjsplace.synchro.net
richardf.synchro.net
reality.synchro.net
syncnix.synchro.net
pharcyde.synchro.net
veleno.synchro.net
docksud.synchro.net
digdist.synchro.net
kn6q.synchro.net
hzbbs.synchro.net
cvs.synchro.net

The Booby Prize goes to sysops of the following boards that are running ircd 1.9. You're so close and just a couple of commands away from upgrading to the latest and greatest. Please consider upgrading as soon as possible. Your servers are gateways for spamtards.

ensemble.synchro.net
trn.synchro.net
qrift.synchro.net
tlcbbs.synchro.net
bbsdev.synchro.net
dungeon.synchro.net
cpugod.synchro.net
extricat.synchro.net

Wooden Spoon prize goes to the following two boards that are still at 1.3a. I know sestar has mitigating circumstances but these both desperately could do with an update.

frugalbb.synchro.net
sestar.synchro.net

Wall of Shame to these sysops for not maintaing DYNDNS for their hostnames. Please fix your DYNDNS script accordingly.

deckhvn2.synchro.net
msrdbbs.synchro.net
fatcats.synchro.net

Again, if anyone has any questions, feel free to reach out.
---
þ Synchronet þ End Of The Line BBS - endofthelinebbs.com

On 08 Oct 2023, nelgin said the following...

We've been invaded by spambots recently. Cyan added dronebl lookups to
the IRC server, which is now at Version 1.10. All sysops are encouraged

do the bots run identd? does it work correctly? for a given port pair, you
get a 'real' username, trying ident on the same port pair a second time returns the same username? trying identd for a random port pair or something that shouldn't work for a normal user like 23, 23 returns an error?

maybe call that strike one..

then capture the first channel they join.. did it exist already? no? strike two. do they set it invite only immediately? what else goes on?

what EXACTLY is the progression they make from connection to the bot channel? is it the same every single time? if your force umodes on them do they unset them? if you tell them they can't join their first channel do they immediately join a different one or retry the first? strikeeee

rate limit their commands.. message the user "please wait 10 seconds.." do the bots give up and start a new connection? are they sensitive to timing?

perhaps at this point you have nickserv or some service tell them to register a nick to prove they're not a bot or solve a simple 'captcha' type thing or something..

just brainstorming but i bet they provide enough info themselves to give you confidence to blacklist them.

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi

Re: Re: Important IRC updates.
By: fusion to nelgin on Mon Oct 09 2023 05:31 pm

do the bots run identd? does it work correctly? for a given port pair, you get a 'real' username, trying ident on the same port pair a second time returns the same username? trying identd for a random port pair or something that shouldn't work for a normal user like 23, 23 returns an error?

Is identd really used any more? I implemented it long ago in Synchronet, but I didn't think it was really used/relied-upon much any more as it's not really for secure/authoritative (easy to spoof). It's one of those features that I figured would be removed from Synchronet some day.
--
digital man (rob)

Synchronet/BBS Terminology Definition #91:
XOFF = Transmit Off (ASCII 19, Ctrl-S)
Norco, CA WX: 77.7øF, 50.0% humidity, 0 mph SE wind, 0.00 inches rain/24hrs
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

On 09 Oct 2023, Digital Man said the following...

Is identd really used any more? I implemented it long ago in Synchronet, but I didn't think it was really used/relied-upon much any more as it's not really for secure/authoritative (easy to spoof). It's one of those features that I figured would be removed from Synchronet some day.

well, in a bbs user use case, i'd imagine since i don't currently run an ircd, i'd point an irc door at yours.. and would want the user's nick to show up via identd so you don't just ban my whole bbs when one user is a dip.

was just a thought if they both happened to have it (some servers on DALnet or others require it still), and it was predictably flawed. but yes, generally identd isn't relevant anymore.

could have a connection password.. i think the ircnet japanese server connection password has been the same for 20 years ;) not sure how the bots find your servers, but if it's only via port scanning they might never find it on the wiki..

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi

Re: Re: Important IRC updates.
By: fusion to nelgin on Mon Oct 09 2023 17:31:00

perhaps at this point you have nickserv or some service tell them to register a nick to prove they're not a bot or solve a simple 'captcha' type thing or something..

They are actually trying to register with fake email addresses. I've had to expend the amount of time a user must be online before they can register the nick to avoid tons of bounces.

just brainstorming but i bet they provide enough info themselves to give you confidence to blacklist them.

I think what we have in place now is working just fine.
--- SBBSecho 3.20-Linux
* Origin: End Of The Line BBS - endofthelinebbs.com (1:124/5016)
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net