I've had scores of FTP bots slamming into the system, with a quick
successive and repetitive connect then disconnect, which can lock up
the nodes. By putting "no name" into the host.can file, it blocks
them, but it cuts off access for legitimate users wanting to use
anonymous FTP.

Aside from them setting up an account, or using the Guest account,
is there anything I can do??

Daryl

... W-E-H-T-H-U-R: Worst spell of weather in months!
--- MultiMail/Win v0.52
þ Synchronet þ The Thunderbolt BBS -- Little Rock, Arkansas

Re: Blocking FTP Bots
By: Daryl Stout to All on Tue Jun 16 2026 07:21 pm

I've had scores of FTP bots slamming into the system, with
a quick successive and repetitive connect then disconnect,
which can lock up the nodes. By putting "no name" into the host.can
file, it blocks them, but it cuts off access for legitimate
users wanting to use anonymous FTP.

Aside from them setting up an account, or using the Guest account, is
there anything I can do??

change your port for your ftp server off the default.


--
"Before using Wildcat....This Company did not have a convenient way of
looking after some of the richest clients in the world...Now we do!"


President of BBS Sysop's Union +++ https://bbses.info/union
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Blocking FTP Bots
By: Daryl Stout to All on Tue Jun 16 2026 07:21 pm

I've had scores of FTP bots slamming into the system, with a quick successive and repetitive connect then disconnect, which can lock up
the nodes.

How would "FTP bots" lock up the nodes?

By putting "no name" into the host.can file, it blocks
them,

It does? How?

but it cuts off access for legitimate users wanting to use
anonymous FTP.

Aside from them setting up an account, or using the Guest account,
is there anything I can do??

First, undo whatever "no name" thing you did. Then upgrade to the v3.22a (the current development) build and use the rate limiter / auto-blocking feature in the FTP server:

É[þ][?]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
º FTP Server Rate Limiting º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹
º ³Limit Rate of Requests 200 per 10 minutes º
º ³Count IPv4 Clients By Per-host IP address º
º ³Count IPv6 Clients By /64 subnet º
º ³Auto-Filter Threshold 10 º
º ³Auto-Filter Duration 1 day º
º ³Auto-Filter Silently No º
º ³Subnet Filter Threshold 2 º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
--
digital man (rob)

Synchronet "Real Fact" #101:
Avatars were added to Synchronet (backward compatible w/v3.16) in January 2018 Norco, CA WX: 60.6øF, 86.0% humidity, 2 mph NW wind, 0.00 inches rain/24hrs
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: Blocking FTP Bots
By: Digital Man to Daryl Stout on Wed Jun 17 2026 01:31 am

By putting "no name" into the host.can file, it blocks them,

It does? How?

he probably got the idea that doing this will block connections that where
the bbs can't resolve the host.


--
"Before using Wildcat....This Company did not have a convenient way of
looking after some of the richest clients in the world...Now we do!"


President of BBS Sysop's Union +++ https://bbses.info/union
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Digital Man wrote to Daryl Stout <=-

I've had scores of FTP bots slamming into the system, with a quick successive and repetitive connect then disconnect, which can lock up
the nodes.

How would "FTP bots" lock up the nodes?

I have been getting a lot of garbage traffic lately that seems to tie the
whole system up, even when they are only hammering at the ports for one protocol, i.e. hammering telnet makes it more difficult to connect via other methods because the overall inbound traffic volume is that high.

Most of my garbage is coming in on telnet, though. Was the usual
suspects until yesterday, when many of the IPs had domestic sources.

All of them were hostname = no name. I had to whois them to figure out
where they were coming from.


... "Mmmmmmmm.....bacon..."
--- MultiMail/DOS v0.52
þ Synchronet þ CAPCITY2 * Capitol City Online

Dumas Walker wrote to Digital Man <=-

Digital Man wrote to Daryl Stout <=-

I've had scores of FTP bots slamming into the system, with a quick successive and repetitive connect then disconnect, which can lock up
the nodes.

How would "FTP bots" lock up the nodes?

I have been getting a lot of garbage traffic lately that seems to tie
the whole system up, even when they are only hammering at the ports for one protocol, i.e. hammering telnet makes it more difficult to connect
via other methods because the overall inbound traffic volume is that
high.

Most of my garbage is coming in on telnet, though. Was the usual
suspects until yesterday, when many of the IPs had domestic sources.

All of them were hostname = no name. I had to whois them to figure out where they were coming from.

I'm seeing the same thing here.



... Gone crazy, be back later, please leave message.
--- MultiMail/Linux v0.52
þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

Re: Re: Blocking FTP Bots
By: Dumas Walker to Digital Man on Wed Jun 17 2026 11:23 am

I've had scores of FTP bots slamming into the system, with a quick
successive and repetitive connect then disconnect, which can lock up the
nodes.

Change your FTP port, I have mine set to 2121.


|09Denn














...Roses are #ff0000, Violets are #0000ff, your nose looks like a B-52

---
þ Synchronet þ |08Outwest BBS - outwest.synchro.net - |11Home of BBSBASE 6.0

Re: Re: Blocking FTP Bots
By: Dumas Walker to Digital Man on Wed Jun 17 2026 11:23 am

I have been getting a lot of garbage traffic lately that seems to tie
the whole system up, even when they are only hammering at the ports
for one protocol, i.e. hammering telnet makes it more difficult
to connect via other methods because the overall inbound traffic
volume is that high.

Most of my garbage is coming in on telnet, though. Was the usual
suspects until yesterday, when many of the IPs had domestic sources.

All of them were hostname = no name. I had to whois them to figure

you are on linux right. use some iptables magic.


--
"Before using Wildcat....This Company did not have a convenient way of
looking after some of the richest clients in the world...Now we do!"


President of BBS Sysop's Union +++ https://bbses.info/union
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Re: Blocking FTP Bots
By: Gamgee to Dumas Walker on Wed Jun 17 2026 01:18 pm

Dumas Walker wrote to Digital Man <=-

Digital Man wrote to Daryl Stout <=-

I've had scores of FTP bots slamming into the system, with a quick successive and repetitive connect then disconnect, which can lock
up the nodes.

How would "FTP bots" lock up the nodes?

I have been getting a lot of garbage traffic lately that seems to tie the whole system up, even when they are only hammering at the ports
for one protocol, i.e. hammering telnet makes it more difficult
to connect via other methods because the overall inbound traffic
volume is that high.

Most of my garbage is coming in on telnet, though. Was the usual suspects until yesterday, when many of the IPs had domestic sources.

All of them were hostname = no name. I had to whois them to figure
out where they were coming from.

I'm seeing the same thing here.

For telnet create a script where they are blacklisted automatically.
Then give a challenge code which will whitelist them after solving from now
on.

Have it remove the ip from the blacklist.

+script checks whitelist, if passes, send user through to bbs

if no whitelist match:
+script blacklists ip, gives challenge. if it passes, their ip
is added to whitelist file. have it remove their ip from the blacklist.

Having it add it automatically ensures that they will be blocked next time because the bot will probably drop connection.


--
"Before using Wildcat....This Company did not have a convenient way of
looking after some of the richest clients in the world...Now we do!"


President of BBS Sysop's Union +++ https://bbses.info/union
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

I have been getting a lot of garbage traffic lately that seems to tie
the whole system up, even when they are only hammering at the ports
for one protocol, i.e. hammering telnet makes it more difficult
to connect via other methods because the overall inbound traffic
volume is that high.

Most of my garbage is coming in on telnet, though. Was the usual
suspects until yesterday, when many of the IPs had domestic sources.

All of them were hostname = no name. I had to whois them to figure

you are on linux right. use some iptables magic.

Yes. I am thinking of setting up something with haproxy since I also
already use it. It has some "magic" that I know works on http/https
traffic. I will have to research some and see what it can do for other
levels of traffic.

That said, I normally don't have too many issues. My issues similar to
what Daryl mentioned didn't seem to start until this week.

Overall bot traffic has been up since the Middle East conflict heated up. Mostly bots from Iran, and some from Israel. As noted, that changed just
in the past couple of days when I noticed a sharp increase in domestic bot traffic, and an unusual absence of the usual suspects... Iran, Russia,
North Korea, China, etc.

As an aside, the amount of SPAM traffic on my personal e-mail account has
also shot up ridiculously high since that conflict started. Lots of messages from C0STC0, Steaks 0maha, Prime Amazon... I think you can see the pattern here. ;)


* SLMR 2.1a * Be reasonable......do it my way.
---
þ Synchronet þ CAPCITY2 * Capitol City Online