This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Telnet connection flood ignores

General support and discussion of Eggdrop bots.
Post Reply
User avatar
NewzNZ
Halfop
Posts: 68
Joined: Thu Mar 05, 2009 5:15 am
Contact:

Telnet connection flood ignores

Post by NewzNZ »

Hi

My bots have recently been getting flooded by Telnet connections such as:

[09:48:18] Telnet connection: 185.100.87.250/45920
[09:48:17] Telnet connection: ip231.208-100-26.static.steadfastdns.net/45518

...so many floods at a time that it causes the bots to Ping timeout.

(numbers after the / change with every connection attempt)

Have tried using +ignore but they eventually time out - is there a way to place a perm ignore on an address or set of addresses...such as that first 185 one or the steadfastdns.net one?

Thanks in advance.
w
willyw
Revered One
Posts: 1196
Joined: Thu Jan 15, 2009 12:55 am

Re: Telnet connection flood ignores

Post by willyw »

NewzNZ wrote: ...
Have tried using +ignore but they eventually time out - is there a way to place a perm ignore on an address or set of addresses...such as that first 185 one or the steadfastdns.net one?
...
Some months ago, I was getting it on a couple bots, too. Not that bad though - it never caused a timeout.

I discovered that if I put the address on ignore for about a week, that was enough. By the time the ignore expired, they had stopped. One day was not enough.

Anyway - just experimented with the ignore command, and it seems that 364 days is the maximum it will keep an ignore active.
Try it. Give it 1000 days. It will save the ignore with 364.

The question for you is: Isn't that enough? :)

Also, look in eggdrop.conf.
Find:

Code: Select all

# Define here how many telnet connection attempts in how many seconds from
# the same host constitute a flood. The correct format is Attempts:Seconds.
set telnet-flood 5:60
This will cause the bot to automatically put them on ignore. I just tested it - it works.

What I don't understand is ( if you have left it at the default settings as shown above) why - with the volume of telnet attempts and frequency of them that you have described - why the bot is not automatically putting them on ignore all by itself.

Check that setting. Maybe you have it off ?
And set it to something that you feel is appropriate.

The length ot time before such an ignore expires is controlled by:

Code: Select all

# Set the time in minutes that temporary ignores should last.
set ignore-time 15
If you want automatic ignores to be longer, that's where you change that.


I hope this helps.
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
w
willyw
Revered One
Posts: 1196
Joined: Thu Jan 15, 2009 12:55 am

Re: Telnet connection flood ignores

Post by willyw »

Do you own the server that the bot is on? Are you root?

If so, do you know how to use iptables ?

I have only barely scratched the surface with iptables, and that was some time ago. It is very powerful, and highly configurable. You can easily make a mess of it, and block people that you don't want to be blocked, including yourself.

However, if you study it, it is a very useful tool.

With it, I'm thinking that you can block an ip or range of ips. If you do it at this level, the bot won't even ever see the incoming traffic at all.

Just a thought....
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
User avatar
caesar
Mint Rubber
Posts: 3776
Joined: Sun Oct 14, 2001 8:00 pm
Location: Mint Factory

Post by caesar »

Open up your eggdrop.conf file and at 'BOTNET/DCC/TELNET' section tell us what did you set on the 'listen' line? 'listen 3333 all' or something like this?
Once the game is over, the king and the pawn go back in the same box.
Post Reply