On 3/21/22 15:41, dragon wrote:

You might want to avoid using the standard ports for telnet/ssh/rlogin.

I disagree... I tend to prefer the "standard" ports and just accept or blacklist the bot stuff.
--
Michael J. Ryan - tracker1@roughneckbbs.com

---
■ Synchronet ■ Roughneck BBS - roughneckbbs.com

Re: Re: Crazy BBS connections
By: Tracker1 to dragon on Fri Apr 01 2022 10:07 pm

On 3/21/22 15:41, dragon wrote:

You might want to avoid using the standard ports for telnet/ssh/rlogin.

I disagree... I tend to prefer the "standard" ports and just accept or blacklist the bot stuff.
--

i'm with ya on that. using non standard ports when you have users
is really stupid. its hard enough getting them to call.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

On 4/2/2022 7:08 AM, MRO wrote:

Re: Re: Crazy BBS connections
By: Tracker1 to dragon on Fri Apr 01 2022 10:07 pm

> On 3/21/22 15:41, dragon wrote:
>
> > You might want to avoid using the standard ports for telnet/ssh/rlogin.
>
> I disagree... I tend to prefer the "standard" ports and just accept or
> blacklist the bot stuff.
> --

i'm with ya on that. using non standard ports when you have users
is really stupid. its hard enough getting them to call.
---
¿ Synchronet ¿ ::: BBSES.info - free BBS services :::

There are hundreds of BBSes on non-standard ports in my database. Are
all these sysops "really stupid"?

---
¡ Synchronet ¡ IPTIA - bbs2.ipingthereforeiam.com:2323

There are hundreds of BBSes on non-standard ports in my database. Are
all these sysops "really stupid"?

Yes.


- Andre

---
■ Synchronet ■ Radio Mentor BBS - bbs.radiomentor.org

Re: Re: Crazy BBS connections
By: dragon to MRO on Sat Apr 02 2022 12:31 pm

i'm with ya on that. using non standard ports when you have users
is really stupid. its hard enough getting them to call.
---

There are hundreds of BBSes on non-standard ports in my database. Are
all these sysops "really stupid"?

yes they are. i devoted the last 25 years of my life running services for sysops and users.

when you put up a roadblock when a user has a very short attention span and tollerance for things, you are really screwing yourself over.

lets say there's 2 amusement parks. one on each side of the road.
one is cheaper but you have long waits. with the other one, it's more expensive but there's no wait to get in and there's a very short wait for the rides. it's ran better than the other one.

the first park would be out of business in a year.

you're a bit late to the show and i assume you are one of those guys that is into this stuff for the technology aspect, and learning new things.

I have always been in it for the users. I think about what they want, i had friendships with my users and i gave them what they wanted. for me it was always about the users because that is what a bbs system is for. it's providing service. a lot of people don't realize this.

i've seen hundreds of guys that say they 'run this for themselves and don't care if they get users' shut down with the reason being their system is dead and they have no use.

so yes, obviously you are doing something stupid if you make it harder for people to use your system when they can go someplace else with no hassle.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

On 4/2/2022 4:51 PM, MRO wrote:

Re: Re: Crazy BBS connections
By: dragon to MRO on Sat Apr 02 2022 12:31 pm

> > i'm with ya on that. using non standard ports when you have users
> > is really stupid. its hard enough getting them to call.
> > ---
>
> There are hundreds of BBSes on non-standard ports in my database. Are
> all these sysops "really stupid"?

yes they are. i devoted the last 25 years of my life running services for sysops and users.

you're a bit late to the show and i assume you are one of those guys that is into this stuff for the technology aspect, and learning new things.

so yes, obviously you are doing something stupid if you make it harder for people to use your system when they can go someplace else with no hassle.

Half of the top 10 most popular sites in the voting section of my
website use non-standard ports. Perhaps you are selling the users short
or inflating the degree this is a "hassle".

I'm not late. I've just been away for a while.

I have been involved in computer technology since 1981. I ran RBBS and PCBoard multinode dialup boards for well over a decade. I was a Fidonet coordinator with a Planet Connect feed servicing a large number of
downstream nodes for over a decade.

I've been managing and securing IP networks for nearly 30 years.

Since 2017 I've become re-interested in BBSes, mostly because I was
amazed to find out so many still existed. You're correct that I'm not
looking to build a community on my BBS at this time.

---
¡ Synchronet ¡ IPTIA - bbs2.ipingthereforeiam.com:2323

Re: Re: Crazy BBS connections
By: dragon to MRO on Sun Apr 03 2022 01:15 am

Half of the top 10 most popular sites in the voting section of my
website use non-standard ports. Perhaps you are selling the users short
or inflating the degree this is a "hassle".

your voting section is fucking bullshit.
i've talked about this before.

I have been involved in computer technology since 1981. I ran RBBS and PCBoard multinode dialup boards for well over a decade. I was a Fidonet coordinator with a Planet Connect feed servicing a large number of downstream nodes for over a decade.

I've been managing and securing IP networks for nearly 30 years.

GOOD FOR YOU.

Since 2017 I've become re-interested in BBSes, mostly because I was
amazed to find out so many still existed. You're correct that I'm not

like i said, you are late to the party.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

I've been managing and securing IP networks for nearly 30 years.

As they say, there's always a bigger fish.

The concept of moving to nonstandard ports is dated and not useful anymore. It accomplishes nothing other than making it more difficult for users to connect. For all the people that say otherwise, I'll wait to see all of the examples
of exploited BBS systems that were using 22/23.


- Andre

---
■ Synchronet ■ Radio Mentor BBS - bbs.radiomentor.org

On 4/3/2022 8:44 AM, Andre wrote:

I've been managing and securing IP networks for nearly 30 years.

As they say, there's always a bigger fish.

The concept of moving to nonstandard ports is dated and not useful anymore. It
accomplishes nothing other than making it more difficult for users to connect.
For all the people that say otherwise, I'll wait to see all of the examples of exploited BBS systems that were using 22/23.

- Andre

---
¿ Synchronet ¿ Radio Mentor BBS - bbs.radiomentor.org

The original question was about how to cut down on doorknob rattling.

---
¡ Synchronet ¡ IPTIA - bbs2.ipingthereforeiam.com:2323

On 4/3/2022 7:11 AM, MRO wrote:

Re: Re: Crazy BBS connections
By: dragon to MRO on Sun Apr 03 2022 01:15 am

> Half of the top 10 most popular sites in the voting section of my
> website use non-standard ports. Perhaps you are selling the users short
> or inflating the degree this is a "hassle".

your voting section is fucking bullshit.
i've talked about this before.

> I have been involved in computer technology since 1981. I ran RBBS and
> PCBoard multinode dialup boards for well over a decade. I was a Fidonet
> coordinator with a Planet Connect feed servicing a large number of
> downstream nodes for over a decade.
>
> I've been managing and securing IP networks for nearly 30 years.
>

GOOD FOR YOU.

> Since 2017 I've become re-interested in BBSes, mostly because I was
> amazed to find out so many still existed. You're correct that I'm not

like i said, you are late to the party.
---
¿ Synchronet ¿ ::: BBSES.info - free BBS services :::

Man, you're unpleasant. Where did the bad man touch you?

---
¡ Synchronet ¡ IPTIA - bbs2.ipingthereforeiam.com:2323

Re: Re: Crazy BBS connections
By: dragon to MRO on Sun Apr 03 2022 11:27 am

> coordinator with a Planet Connect feed servicing a large number of
> downstream nodes for over a decade.
>
> I've been managing and securing IP networks for nearly 30 years.
>

GOOD FOR YOU.

> Since 2017 I've become re-interested in BBSes, mostly because I was
> amazed to find out so many still existed. You're correct that I'm not

like i said, you are late to the party.
---
¡ Synchronet ¡ ::: BBSES.info - free BBS services :::

Man, you're unpleasant. Where did the bad man touch you?

sorry, i just dont suffer fools. you asked why something was stupid and i explained how i have focused decades on giving bbs users content with what they want. i could type for over a half an hour about what i've done for bbsing and sysops and bbs users over the past 20+ years. none of it matters now, but i did it.

you reply back that you ran fidonet nodes.
and you run a website that collects bbs urls and has a voting feature where sysop vote for their own bbses.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: Re: Crazy BBS connections
By: Andre to dragon on Sun Apr 03 2022 07:44 am

I've been managing and securing IP networks for nearly 30 years.

As they say, there's always a bigger fish.

The concept of moving to nonstandard ports is dated and not useful anymore. It accomplishes nothing other than making it more difficult for users to connect. For all the people that say otherwise, I'll wait to see all of the examples
of exploited BBS systems that were using 22/23.

I think the reason that some sysops use non-standard ports is to cut down on bots busying their nodes (attempting logins or just waiting to timeout) and possibly denying service to legit users.
--
digital man (rob)

Synchronet "Real Fact" #84:
The Electronic Frontier Foundation used to run Synchronet (circa 1993)
Norco, CA WX: 65.2°F, 66.0% humidity, 9 mph SSW wind, 0.00 inches rain/24hrs

---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

I'm finally in a place where I can setup a new board -- probably will just be for my own benefit and the fun of doing it. I'm quite surprised at the barrage of connections I started getting right out of the gate! I'm getting telnet and ssh connections almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm running sync at home over my broadband connection, so I guess it's people just scanning ports and ip's.

Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.
Thanks- Sam

Just people with a lot of time on their hands.

$ The Millionaire $

---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

I think the reason that some sysops use non-standard ports is to cut down on bots busying their nodes (attempting logins or just waiting to timeout) and possibly denying service to legit users.

I've been waiting for someone to say that, which is a valid reason I guess. I get maybe two concurrent attacks/scans at the very most. Whatever, still a reason that makes some sense.

But so far, everyone who brings it up has said it's for security reasons. Which just doesn't hold water anymore.

- Andre

---
■ Synchronet ■ Radio Mentor BBS - bbs.radiomentor.org

Re: Re: Crazy BBS connections
By: Andre to dragon on Sun Apr 03 2022 07:44 am

users to connect. For all the people that say otherwise, I'll wait to see all of the examples of exploited BBS systems that were using 22/23.

Reducing the number of idiots and botnets trying to hammer your system is the main reason why many use non standard ports.

---
■ Synchronet ■ Inland Utopia - iutopia.duckdns.org:2023

Re: Re: Crazy BBS connections
By: Utopian Galt to Andre on Sun Apr 03 2022 12:54 pm

Reducing the number of idiots and botnets trying to hammer your system is the main reason why many use non standard ports.

Which accomplishes pretty much nothing. No security impact. Maybe have to run a couple more nodes for the times when you end up with a couple nodes taken up by scanners and bots.


- Andre

---
■ Synchronet ■ Radio Mentor BBS - bbs.radiomentor.org

On 4/3/2022 6:02 PM, Digital Man wrote:

Re: Re: Crazy BBS connections
By: Andre to dragon on Sun Apr 03 2022 07:44 am

> > I've been managing and securing IP networks for nearly 30 years.
>
> As they say, there's always a bigger fish.
>
> The concept of moving to nonstandard ports is dated and not useful anymore.
> It accomplishes nothing other than making it more difficult for users to
> connect. For all the people that say otherwise, I'll wait to see all of the
> examples
> of exploited BBS systems that were using 22/23.

I think the reason that some sysops use non-standard ports is to cut down on bots busying their nodes (attempting logins or just waiting to timeout) and possibly denying service to legit users.

That's actually what the original poster seemed to be asking about and
what I thought I was providing an OPTION for him to deal with it.

---
¡ Synchronet ¡ IPTIA - bbs2.ipingthereforeiam.com:2323

Re: Re: Crazy BBS connections
By: dragon to MRO on Sat Apr 02 2022 12:31:41

i'm with ya on that. using non standard ports when you have users
is really stupid. its hard enough getting them to call.

There are hundreds of BBSes on non-standard ports in my database. Are
all these sysops "really stupid"?

They're doing a stupid thing, but it doesn't make them all-around stupid. No need to escalate.

Something doesn't become smart just because hundreds of people do it. I'm not about to eat shit because trillions of flies seem to enjoy it.

There are legit reasons for using non-standard ports - eg. your ISP prevents you from using the proper ones - but more often than not it's done for silly reasons. There are proper ways to deal with bots and hack attempts, including just ignoring them.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
■ Synchronet ■ electronic chicken bbs - bbs.electronicchicken.com

Re: Re: Crazy BBS connections
By: echicken to dragon on Mon Apr 04 2022 04:29 am

Something doesn't become smart just because hundreds of people do it. I'm not about to eat shit because trillions of flies seem to enjoy it.

There are legit reasons for using non-standard ports - eg. your ISP prevents you from using the proper ones - but more often than not it's done for silly reasons. There are proper ways to deal with bots and hack attempts, including just ignoring them.

i do stupid things all the time, lots of times i just do it to be interesting.

but there's common sense stuff and people need to attempt to think sometimes.

you don't want to make things difficult for an audience that would rather just drop their connection on you and watch some memes.

i dont care if 1000 people are running their bbses and other things on wrong ports and think it's a great idea. it's not. you're on the internet and this means you are going to be scanned all day long no matter WHAT you do.

i just opened up vnc on THIS server and i have shadowserver scanning me all day, a email attacks, and web attacks. i'm not shitting my pants over it.
i'm still able to type out my nasty comments here and it's not lagging.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

On 4/2/22 09:31, dragon wrote:

I disagree... I tend to prefer the "standard" ports and just
accept or blacklist the bot stuff.

i'm with ya on that. using non standard ports when you have users
is really stupid. its hard enough getting them to call.

There are hundreds of BBSes on non-standard ports in my database. Are
all these sysops "really stupid"?

I wouldn't say stupid... only that discoverability is slightly harder.
Of course it's much harder if you aren't running http/https on the
default port(s).

I would probably just pay for ngrok pro, a similar service, or host on a
VPS if your residential ISP won't let you use those ports.
--
Michael J. Ryan - tracker1@roughneckbbs.com

---
■ Synchronet ■ Roughneck BBS - roughneckbbs.com

Tracker1 wrote to dragon <=-

I would probably just pay for ngrok pro, a similar service, or host on
a VPS if your residential ISP won't let you use those ports.

Funny you should mention ngrok - I just saved this to my pocket account to read later:

https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html

Roll your own Ngrok with Nginx, Letsencrypt, and SSH reverse tunnelling

Ngrok is a fantastic tool for creating a secure tunnel from the public web
to a machine behind NAT or a firewall. Sadly, it costs money and it¼╟╓s proprietary. If you're a developer, odds are that you're already renting a server in the public cloud, so why not roll your own ngrok?

It turns out that you can do it using free, off-the-shelf tools, with no sophisticated scripting required!


... Humanise something free of error
--- MultiMail/DOS v0.52
■ Synchronet ■ .: realitycheckbbs.org :: scientia potentia est :.

On 4/5/22 08:09, poindexter FORTRAN wrote:

I would probably just pay for ngrok pro, a similar service, or host
on a VPS if your residential ISP won't let you use those ports.

...

https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html

Roll your own Ngrok with Nginx, Letsencrypt, and SSH reverse
tunnelling

Cool, been thinking of doing the same on a cheap VPS.

Ngrok is a fantastic tool for creating a secure tunnel from the
public web to a machine behind NAT or a firewall. Sadly, it costs
money and it's proprietary. If you're a developer, odds are that
you're already renting a server in the public cloud, so why not
roll your own ngrok?

It turns out that you can do it using free, off-the-shelf tools,
with no sophisticated scripting required!

In fairness I did mention a VPS option, though specifically for hosting.
Was thinking of something similar instead of NGrok myself, just passing
80, 443, etc to my local system(s) where 80/443 would be a configured reverse-proxy on my local side.

Probaly Caddy over NginX as it's much easier to configure/use.
--
Michael J. Ryan - tracker1@roughneckbbs.com

---
■ Synchronet ■ Roughneck BBS - roughneckbbs.com

Re: Re: Crazy BBS connections
By: dragon to Digital Man on Sun Apr 03 2022 10:10 pm

On 4/3/2022 6:02 PM, Digital Man wrote:

Re: Re: Crazy BBS connections
By: Andre to dragon on Sun Apr 03 2022 07:44 am

> > I've been managing and securing IP networks for nearly 30 years.
>
> As they say, there's always a bigger fish.
>
> The concept of moving to nonstandard ports is dated and not useful any
> It accomplishes nothing other than making it more difficult for users
> connect. For all the people that say otherwise, I'll wait to see all o
> examples
> of exploited BBS systems that were using 22/23.

I think the reason that some sysops use non-standard ports is to cut down

That's actually what the original poster seemed to be asking about and
what I thought I was providing an OPTION for him to deal with it.

When I explain ports to my non-technical friends and co-workers, I explain
the system being a large factory building with mulitple doors dedicated to specific customer or vendor traffic. If a caterer is bringing in food, you wa nt him to use the dedicated kitchen entrance. That may bring up the
argument that someone who wants to sneak in the building knows doors 22 or
23 are the kitchen entrance. You may have to lock those doors down and tell the caterer to use another entrance. Is this an issue? Not really if the caterer knows which door to bring the food in. That information is provided
by the building manager. If you want to invite a select group of people in, you would have to advertise wherever else these people go and inform them as
to which non-common door to enter from.

---
■ Synchronet ■ The Cave BBS - Since 1992 - cavebbs.homeip.net

That may bring up the
argument that someone who wants to sneak in the building knows doors 22 or
23 are the kitchen entrance. You may have to lock those doors down and tell the caterer to use another entrance. Is this an issue? Not really if the caterer knows which door to bring the food in. That information is provided by the building manager. If you want to invite a select group of people in, you would have to advertise wherever else these people go and inform them as to which non-common door to enter from.

To continue with your analogy. You're only keeping out the people who would normally park in the parking lot and only check the front door with the sign on it that says kitchen.

Any idiot who wants to break in can just walk around the building and see where the other doors are, walk up to them, and rattle each one to see if it's
locked or not.

The caterers have a key to the door they're supposed to enter because you
gave it to them. Doesn't make a difference at all which door you give them a key to. They're all locked doors and they all work the same way.


- Andre

---
■ Synchronet ■ Radio Mentor BBS - bbs.radiomentor.org