mudinfo.net

Well I quoted the line you need to look for...

INVALID PASSWORD ATTEMPT Chan 06 177.40.???.???:23 attempt on

As far as the block IP no clue never used the settings.

Nah I'd need to see the whole thing in order to write a good script.

20161106 214154 USER LOGON VIA TELNET Chan 0E User-ID: Dopechylde, from ???????
20161106 214156 USER LOGON VIA TELNET Chan 0C User-ID: Dolemite, from ???????
20161106 214158 USER LOGON VIA TELNET Chan 10 User-ID: Huggy Bear, from ?????????
20161106 214206 USER LOGON VIA TELNET Chan 11 User-ID: Ideal Confusion, from ????????
20161106 220122 INVALID PASSWORD ATTEMPT Chan 0D 177.67.34.???:??? attempt on "User"
20161106 221836 INVALID PASSWORD ATTEMPT Chan 0D 200.237.114.???:??? attempt on "User"
20161106 222624 TELNET SERVER - NON-SGA CLIENT Chan 0D Client at ????????? does not support SGA
20161106 222934 TELNET SERVER - NON-SGA CLIENT Chan 12 Client at ????????? does not support SGA
20161106 224130 INVALID PASSWORD ATTEMPT Chan 0F ???????? attempt on "User"


?'s are ip's.

The lines with the "NON-SGA CLIENT" will show up in the log regardless of what other settings one has; connections, disconnects, rejections, etc... otherwise can all be set to not log so any script might be best to look for that NON-SGA line for its data.

EDIT : at least if the intent is to solely screen out block out these sniffers/non-sga clients.

Thanks!

The non-SGA actually can come from other clients then mega. Like windows default telnet triggers this. Also my gosbot does the same thing. So blocking just non-SGA would block more then bots.

BearFather wrote:The non-SGA actually can come from other clients then mega. Like windows default telnet triggers this. Also my gosbot does the same thing. So blocking just non-SGA would block more then bots.

Good call, something to test but I don't recall seeing it logged that way when I connect in from my Windows 10 or MacOS machines on a local test board. I was the only session, but then I wasn't watching specifically for it :/

If you want me to write a script for you I need actual files. A sample audit trail file and sample (working) IP blocking file. When scraping text in files everything matters. Line feeds, character spacing, etc. I can't go by a few redacted lines pasted to a forum. PM me if you're paranoid about publicizing people's IPs.

BearFather wrote:So try adding an IP to the file while the board is running and see if it begins to block the Ip's, or does it take restart to take it on.

If it works then you can just write a script that looks at the last say 50 lines of agsaudit.adt file and log the ip's and the attempts. Have it look for "INVALID PASSWORD ATTEMPT Chan 06 177.40.???.???:23 attempt on" parse out the IP and then if that IP shows more then once "echo "???.???.???.??? > c:\wgserv\banfile.txt".

Yeah i'll post it. its a blocklist.txt file and the restriction takes effect immediately and the file is checked per connection. I'll grab the log.

MiOw wrote:

BearFather wrote:The non-SGA actually can come from other clients then mega. Like windows default telnet triggers this. Also my gosbot does the same thing. So blocking just non-SGA would block more then bots.

Good call, something to test but I don't recall seeing it logged that way when I connect in from my Windows 10 or MacOS machines on a local test board. I was the only session, but then I wasn't watching specifically for it :/

Yeah, but anyone that will be playing regularly will most likely be using megamud. I can always remove the IP if there is an issue.

syntax wrote:If you want me to write a script for you I need actual files. A sample audit trail file and sample (working) IP blocking file. When scraping text in files everything matters. Line feeds, character spacing, etc. I can't go by a few redacted lines pasted to a forum. PM me if you're paranoid about publicizing people's IPs.

PM sent.