• System issues on bbs.dragonsweb.org

    From James Digriz@80:774/61 to All on Fri Apr 5 11:31:46 2019
    Well, it happened again. A spambot managed to find the unpassworded newuser login, and despite my having disabled email access for new users the last time this happened, managed to start sending spam by using or forwarding ssh from there, to port 25 on the localhost address.

    I've blocked IP's the bot was using, and some others that csf hadn't caught, but to fix
    this I'm going have to disable localhost's smtp access except for valid users. Remains to be see how much is involved there. It's supposed to have already been done, but apparently I missed something.

    So, if you experience any difficulty posting emails from, or sending to, bbs.dragonsweb.org, that's the reason. The smtp server is turned off while I modify the configuration and do some testing, till further notice.

    Sorry this happened, but I can't tell you how much I detest apologizing for someone else being a jerk.

    jbdigriz

    ps. it wouldn't have stopped this particular incident, but this is the kind of thing that also has me seriously considering allowing telnet access through a TLS tunnel. Only. So, if you're running old systems and require telnet access,
    you'll be wise to be able to do so from behind an stunnel or other TLSified port on your linux or rpi "firewall", portmaster, etc.

    Also why everyone should be sure their netmail is working properly;-)

    Greetings, James Digriz
    email: jbdigriz@bbs.dragonsweb.org

    --- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
    * Origin: DragonsWeb Labs BBS 80:774/61 (80:774/61)