Forum: Hobby Space

Figuring out a way to leverage fail2ban with terminal services

From Winzlo@VERT to All on Saturday, May 02, 2026 20:57:34

The bots have arrived. :/ I'm now watching as my BBS gets taken over by telnet connections, some try to use a username during the matrix menu, others just sit there tieing up the line/node until the 60 second timeout that I imposed. Despite this, I've got a real "squatter" problem to tend to, with two potential solutions - either change my BBS's telnet port off 23 and risk this happening again, or run something like fail2ban to block these connections from repeating.

I've also configured pfSense to only allow 2 concurrent connections, with no more than 5 burst sessions throttling back to 2. This did reduce the issue from happening many times a day to only a couple times a day, but it didn't knock it out. That's where fail2ban comes into play.

The issue I'm encountering is that I have my log level set to Info, and yet I have not found an obvious way to determine "BBS got an incoming connection from IP x.x.x.x". Combining that entry with a line in hack.log and/or hangup.log would make this a breeze. Is there an option I haven't spotted that would either allow this to happen, or allow some kind of logging that fail2ban cuold trap on to detect these kinds of attaacks?

-Winzlo

===
� The Down-Lo BBS � bbs.winzlo.com

...A celebrity is a person who is known for his well-knownness.
--- SBBSecho 3.37-Linux
* Origin: The Down-Lo BBS * bbs.winzlo.com (1:154/140)
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Winzlo@VERT to Digital Man on Saturday, May 02, 2026 21:34:26

Re: Figuring out a way to leverage fail2ban with terminal services
By: Digital Man to Winzlo on Sat May 02 2026 07:23 pm

Have you read https://wiki.synchro.net/howto:block-hackers ?
Have you read https://wiki.synchro.net/howto:fail2ban ? --

I am ashamed. I'm also miffed at ChatGPT who is supposed to be basing their responses off anything posted there over anything else. <Sigh> All I can say is that I'm sorry for having to get referred right back to the FM of RTFM.

-Winzlo

===
� The Down-Lo BBS � bbs.winzlo.com
--- SBBSecho 3.37-Linux
* Origin: The Down-Lo BBS * bbs.winzlo.com (1:154/140)
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

Who's Online
Recent Visitors
- Postguru
  Sunday, May 24, 2026 20:58:22
  via Telnet
- Postguru
  Saturday, May 23, 2026 21:36:40
  via Telnet
- Winter
  Saturday, May 23, 2026 09:39:16
  via Telnet
- Baldilocks
  Friday, May 22, 2026 19:45:44
  from Smyrna, De via Telnet

System Info

Sysop:	Morningstarr
Location:	Mt. Pleasant Nc
Users:	35
Nodes:	250 (0 / 250)
Uptime:	38:00:29
Calls:	161
Calls today:	161
Files:	613
U/L today:	614 files (5,824M bytes)
D/L today:	13,064 files (168G bytes)
Messages:	10,523
Posted today:	621

Figuring out a way to leverage fail2ban with terminal services

Who's Online

Recent Visitors

System Info