• CAPTCHA with Synchronet

    From Daryl Stout@1:103/705 to All on Wed Feb 22 14:57:11 2023
    I had a bit of a crash last night, and unfortunately, I wasn't able
    to salvage data in the exec directory, but I did have backups of the
    rest (ctrl, msgs, files, xtrn, textfiles, etc.). I was using the CAPTCHA utility from Lord Blackfair at logon, but while I had the captcha.src
    file, I can't remember how to integrate it into the logon sequence,
    after the answer.msg screen and before the matrix logon module. I
    thought it was something related to editing captcha.src and putting it
    into possibly default.src, then doing baja default -- but that didn't
    work. I also don't recall if an option should be set up in SCFG at
    logon.

    Daryl Stout, Sysop, The Thunderbolt BBS, Little Rock, Arkansas
    ---
    þ Synchronet þ The Thunderbolt BBS - Little Rock, Arkansas
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to Daryl Stout on Thu Feb 23 09:10:46 2023
    Re: CAPTCHA with Synchronet
    By: Daryl Stout to All on Wed Feb 22 2023 02:57 pm

    I had a bit of a crash last night, and unfortunately, I wasn't able
    to salvage data in the exec directory, but I did have backups of the
    rest (ctrl, msgs, files, xtrn, textfiles, etc.). I was using the CAPTCHA

    What data are you missing in exec? Normally exec should be kept stock, as anything you've modified should go into sbbs\mods or other directories. If you have backups of your other directories, you should be able to get the latest Synchronet binaries and other things for exec and be good to go.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Daryl Stout@1:2320/33 to Nightfox on Sun Feb 26 03:30:00 2023
    What data are you missing in exec? Normally exec should be kept stock,
    as anything you've modified should go into sbbs\mods or other
    directories. If you have backups of your other directories, you should
    be able to get the latest Synchronet binaries and other things for exec and be good to go.

    In short, all of it. I thought I had a backup, but the directory was
    gone. I felt that if I tried to put the old data back in on top of the
    new data that I'd corrupt things...so I zapped it. To make matters worse,
    the 2 USB external drives "quit"...one failed completely, and the other
    one wouldn't let me restore data.

    The other problem was when tried to run the xtrn-setup program, it
    messed up several doors. So, I had to go in, and zap the node#.cfg
    files, and change the dropfile to DORINFO1.DEF instead of DOOR.SYS, and
    set the doors to "single user only" for the doors to work.

    I have discovered in the loss of the CAPTCHA deal that with the entry
    in MODOPTS.INI, I lowered the timeout timer for "DUMB terminals" (which
    are usually with the bots), to 15 seconds for inactivity. They usually reconnect after getting dumped, and it has tied up all 4 nodes at times.
    But, if they enter "an invalid entry" (supervisor, root, sysop, admin,
    default, etc.), they get dropped, and a temporary ban (10 days) is put
    on the IP.

    In looking at the control panel, when I see these "temporary bans",
    I copy the IP to the ip.can file, and I do the same for the IP's that repeatedly slam the port. It got so bad with the SSH and QOTD ports
    that I had to change those to non-conventional values. Obviously, once
    an IP is in ip.can, they are permanently blocked from the BBS.

    Twice, I've tried to update to 3.20, and have run into issues both
    times...so I'm going to stay with 3.19, unless there's a compelling
    reason to upgrade to 3.20, even when the full package comes out. It's
    like with support for Windows 10...Microsoft is stopping support for
    it in October, 2025...so I'll either quit getting the Windows updates
    and leave things as they are...zap 95% of the doors (most legacy, and
    what I had paid to register in years past), or just shut the whole
    thing down after 35 years of Sysoping. Obviously, none of those options
    are desired.

    Yet, Microsoft is only interested in corporate greed, and I can't
    see discarding perfectly good working hardware and software, just
    to buy new stuff to satisfy their bottom line...never mind that being
    on a fixed income, I can't afford an upgrade to "the latest and greatest items".

    In short, "if it ain't broke, don't fix it"...but that's the advice
    I personally should've heeded in regards to upgrading the BBS. I still
    use the old DOS 8.3 filename syntax, in case someone has a system that
    won't handle the long filenames, even though that was started back with
    Windows 95 many years ago.

    Daryl

    ... C:\BELFRY is where I keep my .BAT files. ^^^oo^^^
    === MultiMail/Win v0.52
    --- SBBSecho 3.14-Win32
    * Origin: The Thunderbolt BBS - Little Rock, Arkansas (1:2320/33)
  • From Nightfox@1:103/705 to Daryl Stout on Mon Feb 27 10:37:28 2023
    Re: CAPTCHA with Synchronet
    By: Daryl Stout to Nightfox on Sun Feb 26 2023 03:30 am

    Twice, I've tried to update to 3.20, and have run into issues both times...so I'm going to stay with 3.19, unless there's a compelling
    reason to upgrade to 3.20, even when the full package comes out. It's

    IMO, a good reason to upgrade is at least for the bug fixes. And it doesn't cost any money to update Synchronet, so I don't think there's any downside to upgrading. You'd also be missing out on new features if you don't upgrade, but I suppose whether or not you'll use any of those new features is what makes it a "compelling" upgrade or not.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Gamgee@1:103/705 to Nightfox on Mon Feb 27 19:48:00 2023
    Nightfox wrote to Daryl Stout <=-

    Twice, I've tried to update to 3.20, and have run into issues both times...so I'm going to stay with 3.19, unless there's a compelling
    reason to upgrade to 3.20, even when the full package comes out. It's

    IMO, a good reason to upgrade is at least for the bug fixes. And
    it doesn't cost any money to update Synchronet, so I don't think
    there's any downside to upgrading. You'd also be missing out on
    new features if you don't upgrade, but I suppose whether or not
    you'll use any of those new features is what makes it a
    "compelling" upgrade or not.

    All of that is true. I suppose there are cases where there's no great
    benefit to updating, but I have a hard time seeing that logic. There
    are *LOTS* of bug fixes, and *LOTS* of new features in 3.20 vs 3.19.
    Why someone wouldn't want those is hard to understand.

    For Daryl - many people have upgraded without issues. I have to think
    it is some procedural error on your part. I can't remember if you've
    posted the details on what happened to your upgrade attempts, but if you
    would give those details I'm sure we could get things resolved so you
    can complete the upgrade.




    ... Enter any 12-digit prime number to continue.
    --- MultiMail/Linux v0.52
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Havok@1:103/705 to Daryl Stout on Mon Feb 27 18:46:34 2023
    Re: CAPTCHA with Synchronet
    By: Daryl Stout to Nightfox on Sun Feb 26 2023 03:30 am

    are usually with the bots), to 15 seconds for inactivity. They usually reconnect after getting dumped, and it has tied up all 4 nodes at times. But, if they enter "an invalid entry" (supervisor, root, sysop, admin, default, etc.), they get dropped, and a temporary ban (10 days) is put
    on the IP.

    Hello Daryl

    With a Windows install of Synchronet you may want to try Peerblock small
    little foot print program that has a option to make a list bad ip's in
    any and all countries. I did a search and found one place that you can
    make a list from of bot type peeps and it has worked very well.

    The very best thing is something like what I use pfSense the uses
    geo country blocking.

    I bought 3 small check point firewalls off of ebay wipped the drive and
    thew pfSense on one, bang done I can block any and all countries and if
    one say message net from over seas I just white lict his IP address.
    A day to a week or two you got it done pat.

    Best part it only uses 40 watts.


    -*|04Hav|12o|04k|07*-

    ---
    þ Synchronet þ Anarchy BBS - The Villages,FL
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Havok@1:103/705 to Gamgee on Tue Feb 28 16:46:45 2023
    Re: Re: CAPTCHA with Synchronet
    By: Gamgee to Nightfox on Mon Feb 27 2023 07:48 pm

    *LOTS* of bug fixes, and *LOTS* of new features in 3.20 vs 3.19.

    Fast question

    What are the new features your talking about, I've been following the
    development of 3.20 but may have missed a list of things new in it!

    Thanks...


    -*|04Hav|12o|04k|07*-

    ---
    þ Synchronet þ Anarchy BBS - The Villages,FL
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Havok on Tue Feb 28 14:36:43 2023
    Re: Re: CAPTCHA with Synchronet
    By: Havok to Gamgee on Tue Feb 28 2023 04:46 pm

    Re: Re: CAPTCHA with Synchronet
    By: Gamgee to Nightfox on Mon Feb 27 2023 07:48 pm

    *LOTS* of bug fixes, and *LOTS* of new features in 3.20 vs 3.19.

    Fast question

    What are the new features your talking about, I've been following the
    development of 3.20 but may have missed a list of things new in it!

    The configuration file format and userbase formats have opened up a lot of (now easier to add) new features (e.g. File library default directory configuration) or just long-overdue-improvements (e.g. longer internal codes).

    There's no single "new feature" list for v3.20 yet, but it'll be quite long. The list of more recent changes since v3.19 has been viewed at https://git.synchro.net/gitpushlog.ssjs (append ?<number> for a longer log/history of changes).
    --
    digital man (rob)

    Rush quote #77:
    The world is, the world is, love and life are deep, maybe as his skies are wide Norco, CA WX: 53.2øF, 69.0% humidity, 5 mph ESE wind, 0.07 inches rain/24hrs --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Gamgee@1:103/705 to Havok on Tue Feb 28 18:17:00 2023
    Havok wrote to Gamgee <=-

    *LOTS* of bug fixes, and *LOTS* of new features in 3.20 vs 3.19.

    Fast question

    What are the new features your talking about, I've been
    following the development of 3.20 but may have missed a list of
    things new in it!

    I don't know of any actual "list" of features. If you follow the
    messages in DoveNet Synchronet Programming and DoveNet Synchronet
    Discussion, you'll see the commit messages that DM (or gitlab) posts
    in there. There are usually several updates every single day.

    Another way is to explore the git commit listings, one such way would be
    here:

    https://gitlab.com/SynchronetBBS/sbbs/-/commits/master?ref_type=heads



    ... If it weren't for Edison we'd be using computers by candlelight
    --- MultiMail/Linux v0.52
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Greg Youngblood@1:123/131 to Digital Man on Tue Feb 28 20:30:45 2023
    Re: Re: CAPTCHA with Synchronet
    By: Digital Man to Havok on Tue Feb 28 2023 02:36 pm

    What are the new features your talking about, I've been following the
    development of 3.20 but may have missed a list of things new in it!

    Sounds like a plan I look forward to reading through all the things
    coming to light with the new release.

    Good going...
    --- SBBSecho 3.14-Linux
    * Origin: Anarchy BBS - The Villages,FL (1:123/131)
  • From Greg Youngblood@1:123/131 to Gamgee on Tue Feb 28 20:32:25 2023
    Re: Re: CAPTCHA with Synchronet
    By: Gamgee to Havok on Tue Feb 28 2023 06:17 pm

    https://gitlab.com/SynchronetBBS/sbbs/-/commits/master?ref_type=heads

    On my way there now thanks for the feed back, I look forward to reading!
    --- SBBSecho 3.14-Linux
    * Origin: Anarchy BBS - The Villages,FL (1:123/131)
  • From Daryl Stout@1:2320/33 to Nightfox on Tue Feb 28 00:37:00 2023
    IMO, a good reason to upgrade is at least for the bug fixes. And it doesn't cost any money to update Synchronet, so I don't think there's
    any downside to upgrading. You'd also be missing out on new features
    if you don't upgrade, but I suppose whether or not you'll use any of
    those new features is what makes it a "compelling" upgrade or not.

    I'm going to wait until the new version is released...let everyone else
    work out the bugs. Back when I was running GT Power for dial-up, I was
    one of the beta testers for the last version released by original author
    Paul Meiners.

    I did find the original version of the CAPTCHA utility that was done
    by Lord Blackfair, which had just one set of 6 numbers, along with the batchfile that I had previously created (I thought all those files were
    long gone as well).

    Bascially, after decompiling it, I made 144 copies of the file, and
    edited in a different number. Then, I named them different batchfiles,
    in 5 minute increments, from HOUR0000.BAT to HOUR2355.BAT, around the
    clock. Then, I used the Windows 10 Task Scheduler to set up the batchfiles
    to run at the appointed times. It copies a new ACEMTRX.BIN file (with the CAPTCHA code) into the \exec directory every 5 minutes. So, while it does
    not change with each connect, at least it changes every 5 minutes. And, besides, the bots are unlikely to see the CAPTCHA anyway.

    I also lowered the variable for the inactivity timeout from 30 seconds
    to 10 seconds. Before I found the original CAPTCHA deal (as noted above),
    the bots were slamming the telnet port, tying up all 4 of them. With the "invalid user names" (root, admin, supervisor, sysop, default, etc.), the connects with these are dropped, and in many cases, a temporary ban is
    put on them. I then add that IP to the ip.can file.

    Daryl

    ... I found a piano stool -- I thought they were potty trained!!
    === MultiMail/Win v0.52
    --- SBBSecho 3.14-Win32
    * Origin: The Thunderbolt BBS - Little Rock, Arkansas (1:2320/33)
  • From Daryl Stout@1:2320/33 to Havok on Tue Feb 28 00:50:00 2023
    With a Windows install of Synchronet you may want to try Peerblock small
    little foot print program that has a option to make a list bad ip's in
    any and all countries. I did a search and found one place that you can
    make a list from of bot type peeps and it has worked very well.

    I already have PeerBlock set up and running. However, for some of the ham radio traffic nets that I do, I had to disable it, as I couldn't connect to certain "reflectors" with the D-Star mode.

    At least for the nets that I run, I can leave Peerblock enabled. The fee
    to renew the data files each year is only around $10...you can't get a good meal for that anymore!!

    As I was telling Nightfox, I found the ORIGINAL CAPTCHA utility that was
    done by Lord Blackfair. It first only had one set number with it (he later released another version, which generates a different number with each new connect)...but I was able decompile it with the UNBAJA utility (if I recall correctly).

    Then what I did (this was before he released the version that generates a different number with each connect), was to make 144 copies of the file.
    Next, I used a Random Number program for Windows to generate such...and I edited that into the file, which basically was a combination of ACEMTRX.SRC
    and the different CAPTCHA.SRC files...the latter which were renamed to HOUR####.SRC, where #### was a 24 hour time digit from 0000 (12:00am) to
    2355 (11:55pm), in 5 minute intervals around the clock. Then, I compiled
    each of these with the Baja module.

    Next, I created 144 simple batchfiles, with the same name as the HOUR#### files noted earlier. All that did would copy the HOUR####.BIN file to the ACEMTRX.BIN file within the \exec directory. And to finish it off, I used
    the Task Scheduler under Windows 10 to set up the times to run the needed batchfiles.

    Admittedly, it was tedious to do it this way...but at least I have a
    CAPTCHA deal at logon, after the ANSWER.MSG screen, and before ACEMTRX
    kicks in. The bots aren't likely to see the numeric string, anyway...and
    I also lowered the "inactivity timeout" for "dumb terminals" from 30 to
    10 seconds. Before then, the bots were slamming the ports, and tying up
    all the nodes.

    Daryl

    ... I don't drink and drive, but I swig at stoplights.
    === MultiMail/Win v0.52
    --- SBBSecho 3.14-Win32
    * Origin: The Thunderbolt BBS - Little Rock, Arkansas (1:2320/33)
  • From Tracker1@1:103/705 to Daryl Stout on Wed Mar 1 06:35:03 2023
    Re: CAPTCHA with Synchronet
    By: Daryl Stout to All on Wed Feb 22 2023 14:57:11

    I had a bit of a crash last night, and unfortunately, I wasn't able
    to salvage data in the exec directory, but I did have backups of the
    rest (ctrl, msgs, files, xtrn, textfiles, etc.).

    I find it kind of a best practice, to copy the original from sbbs/exec/ to sbbs/mods/ and edit my customized version in mods, never touching sbbs/exec/ Also reducing the risk of destroying a customization, and leaving the original(s) for reference.

    I was using the CAPTCHA utility from Lord Blackfair at logon, but
    while I had the captcha.src file...

    Not familiar with that one... do you have a download location for the original file/zip/package?


    --
    Michael J. Ryan
    +o roughneckbbs.com
    tracker1@roughneckbbs.com

    ---
    þ Synchronet þ Roughneck BBS - roughneckbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Greg Youngblood@1:123/131 to Daryl Stout on Wed Mar 1 04:52:49 2023
    Re: CAPTCHA with Synchronet
    By: Daryl Stout to Havok on Tue Feb 28 2023 12:50 am

    I already have PeerBlock set up and running. However, for some of the ham radio traffic nets that I do, I had to disable it, as I couldn't connect to certain "reflectors" with the D-Star mode.

    The nice think about peerblock is you can make a ban list of country IP's
    and make a white list of a country ip that you want to pass through.
    I always like it when I was running VA on xp or Windows 7.
    --- SBBSecho 3.14-Linux
    * Origin: Anarchy BBS - The Villages,FL (1:123/131)
  • From Havok@1:103/705 to Daryl Stout on Thu Mar 2 15:14:51 2023
    Re: CAPTCHA with Synchronet
    By: Daryl Stout to Havok on Tue Feb 28 2023 12:50 am

    As I was telling Nightfox, I found the ORIGINAL CAPTCHA utility that was done by Lord Blackfair. It first only had one set number with it (he later
    released another version, which generates a different number with each new connect)...but I was able decompile it with the UNBAJA utility (if I recall
    correctly).

    Wow sounds like a lot of work, why I like pfSense after about the 3 third
    probe it blocks the IP.

    But it does sound kewl...


    -*|04Hav|12o|04k|07*-

    ---
    þ Synchronet þ Anarchy BBS - The Villages,FL
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)