TID: Mystic BBS 1.12 A47   
   MSGID: 1:229/664 1cf3ac06   
   REPLY: 1:153/7083 8b6ef582   
   TZUTC: -0500   
   On 25 Nov 2021, Edmund Wong said the following...   
       
    EW> I was just watching the 'mis server' screen thinking about what else to   
    EW> do with the BBS (aside for setting up doors :P), when I noticed (and   
    EW> still am) connections to SSH that are being blocked.   
      
    EW> That said, how do you guys deal with this annoyance?   
      
   I use iptables to block certain county IP blocks from connecting in the first   
   place.  Doesn't stop all of them, but it is a lot quieter when you can filter   
   out the riftraft in the first place.   
      
   Here's what I do:   
      
   # Create the ipset lists   
   ipset -q -N block4 hash:net   
   ipset -q -N block6 hash:net family inet6   
      
   # Download the aggregated country ipsets   
   wget https://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone   
   wget https://www.ipdeny.com/ipv6/ipaddresses/aggregated/cn-aggregated.zone   
      
   (Note: ipdeny.com hasn't renewed their ssl cert since May, but their site   
   still works and they're lists are still good).   
      
   # Populate the ipset lists   
   for i in $( cat /tmp/cn4-aggregated.zone ); do ipset -q -A block4 $i; done   
   for i in $( cat /tmp/cn6-aggregated.zone ); do ipset -q -A block6 $i; done   
      
      
   Just repeat this step for any other regions you'd like to block (I personally   
   do cn, ru, ir, kp & kr).  A strong case could also be made for blocking br.   
      
   Maybe geocheck the IPs that are connecting to you to see which regions may be   
   the best to block in your circumstance.   
      
   Once you have them all loaded you can save the ipset:   
      
   ipset save > /etc/ipset.conf   
      
   And then you can re-load the list on bootup:   
      
   ipset restore < /etc/ipset.conf   
      
   I have a rule in iptables just to drop traffic from any IP address listed in   
   the ipset:   
      
   iptables -A INPUT -p tcp -m set --match-set block4 src -j DROP   
   ip6tables -A INPUT -p tcp -m set --match-set block6 src -j DROP   
      
      
   I also use Phenom Production's botcheck mpl which makes users press ESC twice   
   when connecting via telnet.  If they don't it'll hang up on them after 15   
   seconds.   
      
      
   Jay   
      
   ... If everything seems easy, you have obviously overlooked something.   
      
   --- Mystic BBS v1.12 A47 2021/11/24 (Raspberry Pi/32)   
    * Origin: Northern Realms (1:229/664)   
   SEEN-BY: 1/123 90/1 105/81 120/340 123/131 129/305 226/30 227/114   
   SEEN-BY: 229/424 426 428 452 550 664 700 240/5832 249/206 307 317   
   SEEN-BY: 249/400 282/1038 292/854 301/1 317/3 322/757 342/200 633/280   
   PATH: 229/664 426