Where do I edit the number of logins allowed?


Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: HusTler to All on Tue Oct 22 2019 01:07 pm

Where do I edit the number of logins allowed?

SCFG->System->Security Level Values.

digital man

Synchronet "Real Fact" #105:
You're missing the action in #synchronet at irc.synchro.net!
Norco, CA WX: 88.4øF, 15.0% humidity, 3 mph W wind, 0.00 inches rain/24hrs
--- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: Digital Man to HusTler on Tue Oct 22 2019 10:48 am

Where do I edit the number of logins allowed?

SCFG->System->Security Level Values.

digital man

I meant to say Login Attempts. It seems the default is 10 login attempts before the system disconnects. I'd like to change the number login of attempts to login number to 3. Vert appears to be set for 5 attempts. Thanks




Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: HusTler to Digital Man on Thu Oct 24 2019 01:24 pm

Where do I edit the number of logins allowed?

SCFG->System->Security Level Values.

digital man

I meant to say Login Attempts. It seems the default is 10 login attempts before the system disconnects. I'd like to change the number login of attempts to login number to 3. Vert appears to be set for 5 attempts. Thanks

I also noticed on Vert the system doesn't ask for a password if it doesn't recognize the user name. My BBS asks for a user name and password. I would like
to tighten up the login attemps and get rid of the password prompt like on vert. If that's even possible without getting involved with coding. ;-)


Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: HusTler to Digital Man on Thu Oct 24 2019 01:24 pm

Re: Logins allowed
By: Digital Man to HusTler on Tue Oct 22 2019 10:48 am

Where do I edit the number of logins allowed?

SCFG->System->Security Level Values.

digital man

I meant to say Login Attempts. It seems the default is 10 login attempts before the system disconnects. I'd like to change the number login of attempts to login number to 3. Vert appears to be set for 5 attempts. Thanks

The login module settings are in the [login] section of your modopts.ini file and documented here: http://wiki.synchro.net/module:login

digital man

Synchronet/BBS Terminology Definition #21:
DOVE = Domain/Vertrauen
Norco, CA WX: 87.2øF, 6.0% humidity, 8 mph SE wind, 0.00 inches rain/24hrs
--- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: HusTler to Digital Man on Thu Oct 24 2019 01:36 pm

Re: Logins allowed
By: HusTler to Digital Man on Thu Oct 24 2019 01:24 pm

Where do I edit the number of logins allowed?

SCFG->System->Security Level Values.

digital man

I meant to say Login Attempts. It seems the default is 10 login attempts before the system disconnects. I'd like to change the number login of attempts to login number to 3. Vert appears to be set for 5 attempts. Thanks

I also noticed on Vert the system doesn't ask for a password if it doesn't recognize the user name. My BBS asks for a user name and password. I would like to tighten up the login attemps and get rid of the password prompt like on vert. If that's even possible without getting involved with coding. ;-)

Set SCFG->Nodes->Node 1->Toggle Options->Always Prompt for Password to "No".

digital man

Synchronet/BBS Terminology Definition #66:
SpiderMonkey = Mozilla's C/C++ JavaScript Engine (libmozjs)
Norco, CA WX: 87.2øF, 6.0% humidity, 8 mph SE wind, 0.00 inches rain/24hrs
--- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: HusTler to Digital Man on Thu Oct 24 2019 01:36 pm

I also noticed on Vert the system doesn't ask for a password if it doesn't recognize the user name. My BBS asks for a user name and password. I would like to tighten up the login attemps and get rid of the password prompt like on vert. If that's even possible without getting involved with coding. ;-)

For security reasons, it's probably actually better for it to always ask for both a username and password. If the BBS gives a message indicating that the username is not valid, hackers could more easily guess what usernames are valid
on your system. On the other hand, if it asks for both a username and password and says something like "invalid login", they don't know if it's the username or password that was invalid.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: Nightfox to HusTler on Thu Oct 24 2019 12:42 pm

Re: Logins allowed
By: HusTler to Digital Man on Thu Oct 24 2019 01:36 pm

I also noticed on Vert the system doesn't ask for a password if it doesn't recognize the user name. My BBS asks for a user name and password. I would like to tighten up the login attemps and get rid of the password prompt like on vert. If that's even possible without getting involved with coding. ;-)

For security reasons, it's probably actually better for it to always ask for both a username and password. If the BBS gives a message indicating that the username is not valid, hackers could more easily guess what usernames are valid on your system. On the other hand, if it asks for both a username and password and says something like "invalid login", they don't know if it's the username or password that was invalid.

I agree. And that's why the "Always prompt for password" option defaults to Yes. That said, anyone with a little bit of knowledge of Synchronet systems could likely easily find a list of valid usernames via other means (e.g. finger), so the login prompt indicating and invalid user-id not too likely to actually lead to any assisted "hacking". It's a usability vs. security choice the sysop gets to make for themselves.

I got enough users asking me to tell them or change their password when in fact
they didn't actually have a current account on my system (likely expired and deleted), so I changed my system to *not* always prompt for password (via Telnet), just to make it more user friendly.

digital man

Synchronet "Real Fact" #10:
The name "DOVE-Net" was suggested by King Drafus (sysop of The Beast's Domain). Norco, CA WX: 87.8øF, 6.0% humidity, 12 mph S wind, 0.00 inches rain/24hrs
--- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: Digital Man to Nightfox on Thu Oct 24 2019 01:43 pm

I also noticed on Vert the system doesn't ask for a password if it doesn't recognize the user name. My BBS asks for a user name and password. I would like to tighten up the login attemps and get rid

For security reasons, it's probably actually better for it to always ask for both a username and password. If the BBS gives a message indicating

I agree. And that's why the "Always prompt for password" option defaults to Yes. That said, anyone with a little bit of knowledge of Synchronet systems could likely easily find a list of valid usernames via other means (e.g.

Wow. What a difference of opinions. My concern is all the login attempts the bots get. I was thinking if I lowered the number of login attempts that would lower the number of guess's they get. Maybe I'll just leave it alone. I'm sure you guys have a lot more experience then I do. I remember the boards in the 90's disconnected you by the 3rd try. I can hit the return key 10 times before it disconnects. I just feel that's too much "play time" before the system disconnects but I could be wrong. ;-)


Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: HusTler to Digital Man on Thu Oct 24 2019 06:42 pm

Wow. What a difference of opinions. My concern is all the login attempts the bots get. I was thinking if I lowered the number of login attempts that would lower the number of guess's they get. Maybe I'll just leave it alone. I'm sure you guys have a lot more experience then I do. I remember the boards in the 90's disconnected you by the 3rd try. I can hit the return key 10 times before it disconnects. I just feel that's too much "play time" before the system disconnects but I could be wrong. ;-)

Yep, limiting the number of attempts helps with security too. That and making it difficult to guess valid usernames & passwords both help for security, if you're concerned about that.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: Digital Man to Nightfox on Thu Oct 24 2019 01:43 pm

I agree. And that's why the "Always prompt for password" option defaults to Yes. That said, anyone with a little bit of knowledge of Synchronet systems

If it's supposed to default to Yes, mine did not as I had not changed any of those options until tonight. Not that it's of major importance though.

-altere

---
þ Synchronet þ Athelstan BBS - athelstan.org ssh:2222 telnet:23
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: HusTler to Digital Man on Thu Oct 24 2019 06:42 pm

Wow. What a difference of opinions. My concern is all the login attempts the bots get. I was thinking if I lowered the number of login attempts that would lower the number of guess's they get. Maybe I'll just leave it alone.

I've set mine to always prompt for a password and lowered the number of login promts to 3. This is generally how I have sshd going under my unix servers as if someone is attempting to brute force in, nothing tells them which is incorrect and disconnects their session. I also monitor logs and have added several blocks of IPs to the firewall that I find excessive attempts.

-altere

---
þ Synchronet þ Athelstan BBS - athelstan.org ssh:2222 telnet:23
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Logins allowed
By: Altere to Digital Man on Thu Oct 24 2019 09:32 pm

Re: Logins allowed
By: Digital Man to Nightfox on Thu Oct 24 2019 01:43 pm

I agree. And that's why the "Always prompt for password" option defaults to Yes. That said, anyone with a little bit of knowledge of Synchronet systems

If it's supposed to default to Yes, mine did not as I had not changed any of those options until tonight. Not that it's of major importance though.

The defaults (in the ctrl/*.cnf files) will depend on when you installed which version of Synchronet. Its either that or I'm just misremembering what the default setting for that option is.

digital man

This Is Spinal Tap quote #38:
Artie Fufkin: I'm not asking, I'm telling with this. Kick my ass.
Norco, CA WX: 86.5øF, 11.0% humidity, 4 mph W wind, 0.00 inches rain/24hrs
--- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)