• Local host shows as new sign up

    From Rixter to All on Tuesday, August 06, 2024 20:46:05

    Twice in the last two months i have seen 127.0.0.1 signing up for a new account. That is the local machine ip? How are they doing that? I also noti ced.* a Chinese ip sitting on my imap for 2days now. I use iplookup to find out locations the are calling in from. I have 4 pages of silent blocking now. Does anyone else do this?
  • From Digital Man@VERT to Rixter on Tuesday, August 06, 2024 18:19:54
    Re: Local host shows as new sign up
    By: Rixter to All on Tue Aug 06 2024 08:46 pm

    Twice in the last two months i have seen 127.0.0.1 signing up for a new account. That is the local machine ip? How are they doing that?

    Paste the related log entries so we can have a look-see.
    --
    digital man (rob)

    Steven Wright quote #24:
    Why do psychics have to ask you for your name
    Norco, CA WX: 91.1F, 34.0% humidity, 11 mph W wind, 0.00 inches rain/24hrs
    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From echicken@VERT/ECBBS to Rixter on Tuesday, August 06, 2024 23:02:50
    Re: Local host shows as new sign up
    By: Rixter to All on Tue Aug 06 2024 20:46:05

    Twice in the last two months i have seen 127.0.0.1 signing up for a new account. That is the local machine ip? How are they doing that? I also

    Your BBS website (if it has one - I couldn't get yours to load) is the most likely source.

    A typical webv4 setup includes fTelnet configured to connect to your telnet server through a locally-hosted proxy service. From the telnet server's perspective, the connection comes from localhost.

    Less common but possible is you put your BBS website behind a locally hosted reverse proxy, and these users are signing up via the web registration form if enabled. Similar scenario as above, but different protocol.

    If it's not either of these ... I dunno, maybe there's a squatter living in your attic and they sneak down when you're in bed and sit down in front of your server and telnet into the server from the server and create accounts for fun and then they pop into your kitchen and help themselves to a few snacks from the fridge before heading back up to the attic, careful not to knock over their growing stash of piss jars while they settle back in, because you gotta have piss jars, that's just part of attic life, you might be stuck up there for a while and when you gotta go you gotta go, but then you always forget to bring the jars back down for disposal and so the stack just keeps growing and growing. I mean it's probably not that but maybe.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    Synchronet electronic chicken bbs - bbs.electronicchicken.com
  • From Rixter to echicken on Wednesday, August 07, 2024 04:23:35

    Re: Local host shows as new sign up
    By: Rixter to All on Tue Aug 06 2024 20:46:05

    Your BBS website (if it has one - I couldn't get yours to load) is the most likely source.

    A typical webv4 setup includes fTelnet configured to connect to your telnet server through a locally-hosted proxy service. From the telnet server's perspective, the connection comes from localhost.

    Less common but possible is you put your BBS website behind a locally hosted reverse proxy, and these users are signing up via the web registration form if enabled. Similar scenario as above, but different protocol.

    If it's not either of these ... I dunno, maybe there's a squatter living in your attic and they sneak down when you're in bed and sit down in front of your server and telnet into the server from the server and create accounts for fun and then they pop into your kitchen and help themselves to a few snacks from the fridge before heading back up to the attic, careful not to knock over their growing stash of piss jars while they settle back in, because you gotta have piss jars, that's just part of attic life, you might be stuck up there for a while and when you gotta go you gotta go, but then you always forget to bring the jars back down for disposal and so the stack just keeps growing and growing. I mean it's probably not that but maybe.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    � Synchronet � electronic chicken bbs - bbs.electronicchicken.com


    My web page is on port 8080 and 23 new users have used it for sign up or browsing. The connection to the imap for 2 1/2 days now is fascinating. What do they do with all that connection time. Lol
  • From kk4qbn@VERT/KK4QBN to Rixter on Wednesday, August 07, 2024 08:39:37
    Re: Local host shows as new sign up
    By: Rixter to echicken on Wed Aug 07 2024 04:23:35

    My web page is on port 8080 and 23 new users have used it for sign up or browsing. The connection to the imap for 2 1/2 days now is fascinating. What do they do with all that connection time. Lol

    Most of the web traffic is probably bots and webcrawlers you've had 23 new users in 2 1/2 days?
    ---
    Tim (kk4qbn)
    +o kk4qbn.synchro.net
    Synchronet KK4QBN BBS - kk4qbn.synchro.net - Chatsworth, GA USA
  • From echicken@VERT/ECBBS to Rixter on Wednesday, August 07, 2024 09:00:09
    Re: Local host shows as new sign up
    By: Rixter to echicken on Wed Aug 07 2024 04:23:35


    My web page is on port 8080 and 23 new users have used it for sign up or

    People connecting via ftelnet on your Home page are the most likely source of these sign-ups from 127.0.0.1 then. These connections flow from the web browser, to your websocket server, to your terminal server.

    I've done a few things over the years to make the user's true IP address available to the BBS for these connections, but it's all a bit hacky and doesn't apply everywhere.

    browsing. The connection to the imap for 2 1/2 days now is fascinating.

    Likely a script that connected and got stuck after failing to send email or exploit some known flaw in a common IMAP server and not handling the problem gracefully. Probably not hurting anything to just let them sit there forever, but it sounds like the IMAP server should probably be made to boot clients off after a while.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    Synchronet electronic chicken bbs - bbs.electronicchicken.com
  • From Dumas Walker@VERT/CAPCITY2 to ECHICKEN on Wednesday, August 07, 2024 08:39:00
    If it's not either of these ... I dunno, maybe there's a squatter living in your attic and they sneak down when you're in bed and sit down in front of you
    server and telnet into the server from the server and create accounts for fun and then they pop into your kitchen and help themselves to a few snacks from the fridge before heading back up to the attic, careful not to knock over thei
    growing stash of piss jars while they settle back in, because you gotta have piss jars, that's just part of attic life, you might be stuck up there for a while and when you gotta go you gotta go, but then you always forget to bring the jars back down for disposal and so the stack just keeps growing and growing. I mean it's probably not that but maybe.

    <shudders and thinks of installing a lock on the attic hatch> :D


    * SLMR 2.1a * Safe sex used to mean to put the car in "Park"
    ---
    Synchronet CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Rixter to echicken on Wednesday, August 07, 2024 12:06:01

    Re: Local host shows as new sign up
    By: Rixter to echicken on Wed Aug 07 2024 04:23:35

    People connecting via ftelnet on your Home page are the most likely source of these sign-ups from 127.0.0.1 then. These connections flow from the web browser, to your websocket server, to your terminal server.

    I've done a few things over the years to make the user's true IP address available to the BBS for these connections, but it's all a bit hacky and doesn't apply everywhere.

    Likely a script that connected and got stuck after failing to send email or exploit some known flaw in a common IMAP server and not handling the problem gracefully. Probably not hurting anything to just let them sit there forever, but it sounds like the IMAP server should probably be made to boot clients off after a while.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    � Synchronet � electronic chicken bbs - bbs.electronicchicken.com


    🙏 thank you. I understand.
  • From Rixter to kk4qbn on Wednesday, August 07, 2024 12:08:40

    Re: Local host shows as new sign up
    By: Rixter to echicken on Wed Aug 07 2024 04:23:35

    Most of the web traffic is probably bots and webcrawlers you've had 23 new users in 2 1/2 days?
    ---
    Tim (kk4qbn)
    +o kk4qbn.synchro.net
    � Synchronet � KK4QBN BBS - kk4qbn.synchro.net - Chatsworth, GA USA


    23 sign ups in 2 months on the web client. The imap connection was gone after breakfast 🥞 this morning. 😃
  • From Rixter to Digital Man on Wednesday, August 07, 2024 13:16:33

    Re: Local host shows as new sign up
    By: Rixter to All on Tue Aug 06 2024 08:46 pm

    Paste the related log entries so we can have a look-see.
    --
    digital man (rob)

    Steven Wright quote #24:
    Why do psychics have to ask you for your name
    Norco, CA WX: 91.1�F, 34.0% humidity, 11 mph W wind, 0.00 inches rain/24hrs ---
    � Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net


    8/6 03:59:27p Node 1 Inactive
    8/6 03:59:28p Node 1 thread terminated (0 node threads remain, 123 clients served)
    8/6 03:59:30p 3840 Telnet connection accepted from: 88.129.112.118 port 50051
    8/6 03:59:30p 3840 Telnet !CLIENT BLOCKED in ip.can: 88.129.112.118
    8/6 04:06:47p 3724 Telnet connection accepted from: 127.0.0.1 port 52540
    8/6 04:06:47p 3724 Telnet Hostname: Ricks-Laptop7 [127.0.0.1]
    8/6 04:06:47p Node 1 socket 3724 attached to local interface 127.0.0.1 port 23
    8/6 04:06:47p Node 1 04:06p Tue Aug 06 2024 Node 1
    8/6 04:06:47p Node 1 Telnet Ricks-Laptop7 [127.0.0.1]
    8/6 04:06:48p Node 1 terminal type: 80x25 ansi-bbs
    8/6 04:06:57p Node 1 Warning: same IP address as user #34 Arlan Levitan
    8/6 04:08:20p Node 1 disconnected
    8/6 04:08:22p Node 1 thread terminated (0 node threads remain, 124 clients served)
    8/6 04:09:26p 3576 Telnet connection accepted from: 171.109.159.232 port 33365
    8/6 04:09:27p 3576 Telnet Hostname: <no name> [171.109.159.232]
    8/6 04:09:27p Node 1 socket 3576 attached to local interface 192.168.0.96 port 23
    8/6 04:09:27p Node 1 04:09p Tue Aug 06 2024 Node 1
    8/6 04:09:27p Node 1 Telnet <no name> [171.109.159.232]
    8/6 04:09:32p Node 1 no Telnet commands received, reverting to Raw TCP mode
  • From Nightfox@VERT/DIGDIST to Rixter on Wednesday, August 07, 2024 10:06:57
    Re: Local host shows as new sign up
    By: Rixter to All on Tue Aug 06 2024 08:46 pm

    Twice in the last two months i have seen 127.0.0.1 signing up for a new account. That is the local machine ip? How are they doing that? I also

    If they're using fTelnet on your BBS web page, I imagine that's why.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
  • From echicken@VERT/ECBBS to Rixter on Wednesday, August 07, 2024 15:39:37
    Re: Local host shows as new sign up
    By: Rixter to Digital Man on Wed Aug 07 2024 13:16:33

    8/6 04:06:47p 3724 Telnet connection accepted from: 127.0.0.1 port 52540

    There should also be an entry in your services log from 04:06:47p (or perhaps 04:06:46p if it was right on the edge) showing activity on your websocket service. You'll likely see the true client IP shown there. It may just show up as 'WS' depending on how it's named in services.ini.

    If not, then this is something else.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    Synchronet electronic chicken bbs - bbs.electronicchicken.com
  • From kk4qbn@VERT/KK4QBN to Rixter on Wednesday, August 07, 2024 17:12:49
    Re: Local host shows as new sign up
    By: Rixter to Digital Man on Wed Aug 07 2024 13:16:33

    Paste the related log entries so we can have a look-see. --
    88.129.112.118 8/6 04:06:47p 3724 Telnet connection accepted from: 127.0.0.1 port 52540 8/6 04:06:47p 3724 Telnet Hostname: Ricks-Laptop7 [127.0.0.1] 8/6 04:06:47p Node 1 socket 3724 attached to local interface 127.0.0.1 port 23
    8/6 04:06:47p Node 1 04:06p Tue Aug 06 2024 Node 1 8/6 04:06:47p Node 1 Telnet Ricks-Laptop7 [127.0.0.1] 8/6 04:06:48p Node 1 terminal type: 80x25 ansi-bbs 8/6 04:06:57p Node 1 Warning: same IP address as user #34 Arlan Levitan 8/6 04:08:20p Node 1 disconnected

    This is the only 127.0.0.1 login you have shown, and I presume it is you?? The user "Arlan" more than likely showing the same ip because they signed in on the website or ftelnet.
    ---
    Tim (kk4qbn)
    +o kk4qbn.synchro.net

    ---
    Synchronet KK4QBN BBS - kk4qbn.synchro.net - Chatsworth, GA USA
  • From CJ@VERT/CJSPLACE to Rixter on Wednesday, August 07, 2024 18:43:00
    Rixter wrote to echicken <=-

    Re: Local host shows as new sign up
    By: Rixter to All on Tue Aug 06 2024 20:46:05


    My web page is on port 8080 and 23 new users have used it for sign up
    or browsing. The connection to the imap for 2 1/2 days now is
    fascinating. What do they do with all that connection time. Lol

    To help cut down on some of the webcrawler traffic, create a robots.txt file and put it in your webroot directory. If you're using webv4 that would be /sbbs/webv4/root. In the robots.txt file, all you need really is three lines:

    User-agent: *
    User-agent: AdsBot-Google
    Disallow: /

    It won't eliminate all of the webcrawler traffic as there are some that ignore it, but it will stop many from indexing everything on your site.



    Chris (CJ)
    SysOp - CJ's Place BBS

    ... Gone crazy, be back later, please leave message.
    --- MultiMail/Linux v0.52
    Synchronet CJ's Place, Orange City, FL - cjsplace.thruhere.net
  • From Digital Man@VERT to Rixter on Wednesday, August 07, 2024 16:47:42
    Re: Local host shows as new sign up
    By: Rixter to Digital Man on Wed Aug 07 2024 01:16 pm

    Paste the related log entries so we can have a look-see.

    8/6 04:06:47p 3724 Telnet Hostname: Ricks-Laptop7 [127.0.0.1]

    As others here have suggested, it's possibly an fTelnet login, so look at the web server log output at the same time to see if you see corresponding http requests that would make sense in that context.
    --
    digital man (rob)

    Rush quote #56:
    His world is under anesthetic, subdivided and synthetic .. Digital Man
    Norco, CA WX: 88.2F, 44.0% humidity, 6 mph NNW wind, 0.00 inches rain/24hrs ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rixter to kk4qbn on Wednesday, August 07, 2024 21:29:57

    Re: Local host shows as new sign up
    By: Rixter to Digital Man on Wed Aug 07 2024 13:16:33

    This is the only 127.0.0.1 login you have shown, and I presume it is you?? The user "Arlan" more than likely showing the same ip because they signed in on the website or ftelnet.
    ---
    Tim (kk4qbn)
    +o kk4qbn.synchro.net

    ---
    � Synchronet � KK4QBN BBS - kk4qbn.synchro.net - Chatsworth, GA USA


    It was not me. I was watching this happen and thought it was odd.
  • From Rixter to CJ on Wednesday, August 07, 2024 21:31:20


    To help cut down on some of the webcrawler traffic, create a robots.txt file and put it in your webroot directory. If you're using webv4 that would be /sbbs/webv4/root. In the robots.txt file, all you need really is three lines:

    User-agent: *
    User-agent: AdsBot-Google
    Disallow: /

    It won't eliminate all of the webcrawler traffic as there are some that ignore it, but it will stop many from indexing everything on your site.

    Chris (CJ)
    SysOp - CJ's Place BBS

    ... Gone crazy, be back later, please leave message.
    --- MultiMail/Linux v0.52
    � Synchronet � CJ's Place, Orange City, FL - cjsplace.thruhere.net


    Thank you. I will do that.
  • From kk4qbn@VERT/KK4QBN to Rixter on Thursday, August 08, 2024 11:18:29
    Re: Local host shows as new sign up
    By: Rixter to kk4qbn on Wed Aug 07 2024 21:29:57

    It was not me. I was watching this happen and thought it was odd.

    Thats weird, Thought it was a strange coincidence that it said Ricks Laptop (127.0.0.1) thats what lead me to think that :-)
    ---
    Tim (kk4qbn)
    +o kk4qbn.synchro.net
    Synchronet KK4QBN BBS - kk4qbn.synchro.net - Chatsworth, GA USA
  • From Rixter to kk4qbn on Thursday, August 08, 2024 12:12:27

    Re: Local host shows as new sign up
    By: Rixter to kk4qbn on Wed Aug 07 2024 21:29:57

    Thats weird, Thought it was a strange coincidence that it said Ricks Laptop (127.0.0.1) thats what lead me to think that :-)
    ---
    Tim (kk4qbn)
    +o kk4qbn.synchro.net
    � Synchronet � KK4QBN BBS - kk4qbn.synchro.net - Chatsworth, GA USA


    The bbs is on an old laptop. No one in the house was on the BBS at the time. It was very strange. 👻 spoooky.