• Logins allowed

    From HusTler@1:103/705 to All on Tuesday, October 22, 2019 13:07:54
    Where do I edit the number of logins allowed?


    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to HusTler on Tuesday, October 22, 2019 10:48:19
    Re: Logins allowed
    By: HusTler to All on Tue Oct 22 2019 01:07 pm

    Where do I edit the number of logins allowed?

    SCFG->System->Security Level Values.

    digital man

    Synchronet "Real Fact" #105:
    You're missing the action in #synchronet at irc.synchro.net!
    Norco, CA WX: 88.4F, 15.0% humidity, 3 mph W wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.10-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Digital Man on Thursday, October 24, 2019 13:24:34
    Re: Logins allowed
    By: Digital Man to HusTler on Tue Oct 22 2019 10:48 am


    Where do I edit the number of logins allowed?

    SCFG->System->Security Level Values.

    digital man

    I meant to say Login Attempts. It seems the default is 10 login attempts before the system disconnects. I'd like to change the number login of attempts to login number to 3. Vert appears to be set for 5 attempts. Thanks




    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Digital Man on Thursday, October 24, 2019 13:36:17
    Re: Logins allowed
    By: HusTler to Digital Man on Thu Oct 24 2019 01:24 pm



    Where do I edit the number of logins allowed?

    SCFG->System->Security Level Values.

    digital man

    I meant to say Login Attempts. It seems the default is 10 login attempts before the system disconnects. I'd like to change the number login of attempts to login number to 3. Vert appears to be set for 5 attempts. Thanks

    I also noticed on Vert the system doesn't ask for a password if it doesn't recognize the user name. My BBS asks for a user name and password. I would like
    to tighten up the login attemps and get rid of the password prompt like on vert. If that's even possible without getting involved with coding. ;-)


    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to HusTler on Thursday, October 24, 2019 12:44:01
    Re: Logins allowed
    By: HusTler to Digital Man on Thu Oct 24 2019 01:24 pm

    Re: Logins allowed
    By: Digital Man to HusTler on Tue Oct 22 2019 10:48 am


    Where do I edit the number of logins allowed?

    SCFG->System->Security Level Values.

    digital man

    I meant to say Login Attempts. It seems the default is 10 login attempts before the system disconnects. I'd like to change the number login of attempts to login number to 3. Vert appears to be set for 5 attempts. Thanks

    The login module settings are in the [login] section of your modopts.ini file and documented here: http://wiki.synchro.net/module:login

    digital man

    Synchronet/BBS Terminology Definition #21:
    DOVE = Domain/Vertrauen
    Norco, CA WX: 87.2F, 6.0% humidity, 8 mph SE wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.10-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to HusTler on Thursday, October 24, 2019 12:45:43
    Re: Logins allowed
    By: HusTler to Digital Man on Thu Oct 24 2019 01:36 pm

    Re: Logins allowed
    By: HusTler to Digital Man on Thu Oct 24 2019 01:24 pm



    Where do I edit the number of logins allowed?

    SCFG->System->Security Level Values.

    digital man

    I meant to say Login Attempts. It seems the default is 10 login attempts before the system disconnects. I'd like to change the number login of attempts to login number to 3. Vert appears to be set for 5 attempts. Thanks

    I also noticed on Vert the system doesn't ask for a password if it doesn't recognize the user name. My BBS asks for a user name and password. I would like to tighten up the login attemps and get rid of the password prompt like on vert. If that's even possible without getting involved with coding. ;-)

    Set SCFG->Nodes->Node 1->Toggle Options->Always Prompt for Password to "No".

    digital man

    Synchronet/BBS Terminology Definition #66:
    SpiderMonkey = Mozilla's C/C++ JavaScript Engine (libmozjs)
    Norco, CA WX: 87.2F, 6.0% humidity, 8 mph SE wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.10-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Thursday, October 24, 2019 12:42:41
    Re: Logins allowed
    By: HusTler to Digital Man on Thu Oct 24 2019 01:36 pm

    I also noticed on Vert the system doesn't ask for a password if it doesn't recognize the user name. My BBS asks for a user name and password. I would like to tighten up the login attemps and get rid of the password prompt like on vert. If that's even possible without getting involved with coding. ;-)

    For security reasons, it's probably actually better for it to always ask for both a username and password. If the BBS gives a message indicating that the username is not valid, hackers could more easily guess what usernames are valid
    on your system. On the other hand, if it asks for both a username and password and says something like "invalid login", they don't know if it's the username or password that was invalid.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Nightfox on Thursday, October 24, 2019 13:43:34
    Re: Logins allowed
    By: Nightfox to HusTler on Thu Oct 24 2019 12:42 pm

    Re: Logins allowed
    By: HusTler to Digital Man on Thu Oct 24 2019 01:36 pm

    I also noticed on Vert the system doesn't ask for a password if it doesn't recognize the user name. My BBS asks for a user name and password. I would like to tighten up the login attemps and get rid of the password prompt like on vert. If that's even possible without getting involved with coding. ;-)

    For security reasons, it's probably actually better for it to always ask for both a username and password. If the BBS gives a message indicating that the username is not valid, hackers could more easily guess what usernames are valid on your system. On the other hand, if it asks for both a username and password and says something like "invalid login", they don't know if it's the username or password that was invalid.

    I agree. And that's why the "Always prompt for password" option defaults to Yes. That said, anyone with a little bit of knowledge of Synchronet systems could likely easily find a list of valid usernames via other means (e.g. finger), so the login prompt indicating and invalid user-id not too likely to actually lead to any assisted "hacking". It's a usability vs. security choice the sysop gets to make for themselves.

    I got enough users asking me to tell them or change their password when in fact
    they didn't actually have a current account on my system (likely expired and deleted), so I changed my system to *not* always prompt for password (via Telnet), just to make it more user friendly.

    digital man

    Synchronet "Real Fact" #10:
    The name "DOVE-Net" was suggested by King Drafus (sysop of The Beast's Domain). Norco, CA WX: 87.8F, 6.0% humidity, 12 mph S wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.10-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Digital Man on Thursday, October 24, 2019 18:42:25
    Re: Logins allowed
    By: Digital Man to Nightfox on Thu Oct 24 2019 01:43 pm

    I also noticed on Vert the system doesn't ask for a password if it doesn't recognize the user name. My BBS asks for a user name and password. I would like to tighten up the login attemps and get rid
    For security reasons, it's probably actually better for it to always ask for both a username and password. If the BBS gives a message indicating

    I agree. And that's why the "Always prompt for password" option defaults to Yes. That said, anyone with a little bit of knowledge of Synchronet systems could likely easily find a list of valid usernames via other means (e.g.

    Wow. What a difference of opinions. My concern is all the login attempts the bots get. I was thinking if I lowered the number of login attempts that would lower the number of guess's they get. Maybe I'll just leave it alone. I'm sure you guys have a lot more experience then I do. I remember the boards in the 90's disconnected you by the 3rd try. I can hit the return key 10 times before it disconnects. I just feel that's too much "play time" before the system disconnects but I could be wrong. ;-)


    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Thursday, October 24, 2019 17:43:25
    Re: Logins allowed
    By: HusTler to Digital Man on Thu Oct 24 2019 06:42 pm

    Wow. What a difference of opinions. My concern is all the login attempts the bots get. I was thinking if I lowered the number of login attempts that would lower the number of guess's they get. Maybe I'll just leave it alone. I'm sure you guys have a lot more experience then I do. I remember the boards in the 90's disconnected you by the 3rd try. I can hit the return key 10 times before it disconnects. I just feel that's too much "play time" before the system disconnects but I could be wrong. ;-)

    Yep, limiting the number of attempts helps with security too. That and making it difficult to guess valid usernames & passwords both help for security, if you're concerned about that.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to Digital Man on Thursday, October 24, 2019 21:32:36
    Re: Logins allowed
    By: Digital Man to Nightfox on Thu Oct 24 2019 01:43 pm

    I agree. And that's why the "Always prompt for password" option defaults to Yes. That said, anyone with a little bit of knowledge of Synchronet systems

    If it's supposed to default to Yes, mine did not as I had not changed any of those options until tonight. Not that it's of major importance though.

    -altere

    ---
    Synchronet Athelstan BBS - athelstan.org ssh:2222 telnet:23
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to HusTler on Thursday, October 24, 2019 21:38:16
    Re: Logins allowed
    By: HusTler to Digital Man on Thu Oct 24 2019 06:42 pm

    Wow. What a difference of opinions. My concern is all the login attempts the bots get. I was thinking if I lowered the number of login attempts that would lower the number of guess's they get. Maybe I'll just leave it alone.

    I've set mine to always prompt for a password and lowered the number of login promts to 3. This is generally how I have sshd going under my unix servers as if someone is attempting to brute force in, nothing tells them which is incorrect and disconnects their session. I also monitor logs and have added several blocks of IPs to the firewall that I find excessive attempts.

    -altere

    ---
    Synchronet Athelstan BBS - athelstan.org ssh:2222 telnet:23
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Altere on Friday, October 25, 2019 10:54:32
    Re: Logins allowed
    By: Altere to Digital Man on Thu Oct 24 2019 09:32 pm

    Re: Logins allowed
    By: Digital Man to Nightfox on Thu Oct 24 2019 01:43 pm

    I agree. And that's why the "Always prompt for password" option defaults to Yes. That said, anyone with a little bit of knowledge of Synchronet systems

    If it's supposed to default to Yes, mine did not as I had not changed any of those options until tonight. Not that it's of major importance though.

    The defaults (in the ctrl/*.cnf files) will depend on when you installed which version of Synchronet. Its either that or I'm just misremembering what the default setting for that option is.

    digital man

    This Is Spinal Tap quote #38:
    Artie Fufkin: I'm not asking, I'm telling with this. Kick my ass.
    Norco, CA WX: 86.5F, 11.0% humidity, 4 mph W wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.10-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)