egghelp.org community Forum Index
[ egghelp.org home | forum home ]
egghelp.org community
Discussion of eggdrop bots, shell accounts and tcl scripts.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Telnet connection flood ignores

 
Post new topic   Reply to topic    egghelp.org community Forum Index -> Eggdrop Help
View previous topic :: View next topic  
Author Message
NewzNZ
Halfop


Joined: 05 Mar 2009
Posts: 44

PostPosted: Sat Aug 03, 2019 6:23 am    Post subject: Telnet connection flood ignores Reply with quote

Hi

My bots have recently been getting flooded by Telnet connections such as:

[09:48:18] Telnet connection: 185.100.87.250/45920
[09:48:17] Telnet connection: ip231.208-100-26.static.steadfastdns.net/45518

...so many floods at a time that it causes the bots to Ping timeout.

(numbers after the / change with every connection attempt)

Have tried using +ignore but they eventually time out - is there a way to place a perm ignore on an address or set of addresses...such as that first 185 one or the steadfastdns.net one?

Thanks in advance.
Back to top
View user's profile Send private message Visit poster's website
willyw
Revered One


Joined: 15 Jan 2009
Posts: 1031

PostPosted: Sat Aug 03, 2019 7:46 am    Post subject: Re: Telnet connection flood ignores Reply with quote

NewzNZ wrote:

...
Have tried using +ignore but they eventually time out - is there a way to place a perm ignore on an address or set of addresses...such as that first 185 one or the steadfastdns.net one?
...


Some months ago, I was getting it on a couple bots, too. Not that bad though - it never caused a timeout.

I discovered that if I put the address on ignore for about a week, that was enough. By the time the ignore expired, they had stopped. One day was not enough.

Anyway - just experimented with the ignore command, and it seems that 364 days is the maximum it will keep an ignore active.
Try it. Give it 1000 days. It will save the ignore with 364.

The question for you is: Isn't that enough? Smile

Also, look in eggdrop.conf.
Find:

Code:

# Define here how many telnet connection attempts in how many seconds from
# the same host constitute a flood. The correct format is Attempts:Seconds.
set telnet-flood 5:60


This will cause the bot to automatically put them on ignore. I just tested it - it works.

What I don't understand is ( if you have left it at the default settings as shown above) why - with the volume of telnet attempts and frequency of them that you have described - why the bot is not automatically putting them on ignore all by itself.

Check that setting. Maybe you have it off ?
And set it to something that you feel is appropriate.

The length ot time before such an ignore expires is controlled by:

Code:

# Set the time in minutes that temporary ignores should last.
set ignore-time 15


If you want automatic ignores to be longer, that's where you change that.


I hope this helps.
_________________
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
Back to top
View user's profile Send private message
willyw
Revered One


Joined: 15 Jan 2009
Posts: 1031

PostPosted: Sat Aug 03, 2019 7:52 am    Post subject: Re: Telnet connection flood ignores Reply with quote

Do you own the server that the bot is on? Are you root?

If so, do you know how to use iptables ?

I have only barely scratched the surface with iptables, and that was some time ago. It is very powerful, and highly configurable. You can easily make a mess of it, and block people that you don't want to be blocked, including yourself.

However, if you study it, it is a very useful tool.

With it, I'm thinking that you can block an ip or range of ips. If you do it at this level, the bot won't even ever see the incoming traffic at all.

Just a thought....
_________________
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
Back to top
View user's profile Send private message
caesar
Mint Rubber


Joined: 14 Oct 2001
Posts: 3581
Location: Mint Factory

PostPosted: Sun Aug 04, 2019 3:31 am    Post subject: Reply with quote

Open up your eggdrop.conf file and at 'BOTNET/DCC/TELNET' section tell us what did you set on the 'listen' line? 'listen 3333 all' or something like this?
_________________
I tawt I taw a puddy tat!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    egghelp.org community Forum Index -> Eggdrop Help All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Forum hosting provided by Reverse.net

Powered by phpBB © 2001, 2005 phpBB Group
subGreen style by ktauber