Re: Captcha
By: Lord Blackfair to All on Thu Jul 29 2021 05:48 pm

This is probally off topic. But i will post it here so everyone can see it. Since I innitiated my Captcha program on my BBS. Its been keeping the bots out and I have not seen any attempts at seeing any scripted bots trying to logon using SSH,ROOT,ADMIN ETC...
With the help of another sysop he made a scripted batch file that changes the captcha number every 10 minutes, so its not the same with every login. I am still working on the process of using the Randam INT, but am having problems trying to get it to work with the compare. So if anyone wishes to use it. I do have it posted for Download on Vert. and if we have any programers out there in Baja that want to help me improve it feel free to drop a line.
Lord Blackfair (Blackfair's Manor) blackf.synchro.net

INT I Ý RANDOM I 3 Ý COMPARE I 0 Ý IF_EQUAL Ý [WHATEVER COMMAND YOU WANT] Ý else Ý [WHATEVER COMMAND YOU WANT]
END_IF
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Captcha
By: MRO to Lord Blackfair on Fri Jul 30 2021 08:26 am

Re: Captcha
By: Lord Blackfair to All on Thu Jul 29 2021 05:48 pm

This is probally off topic. But i will post it here so everyone can see it. Since I innitiated my Captcha program on my BBS. Its been keeping the bots out and I have not seen any attempts at seeing any scripted bots trying to logon using SSH,ROOT,ADMIN ETC...
With the help of another sysop he made a scripted batch file that changes the captcha number every 10 minutes, so its not the same with every login. I am still working on the process of using the Randam INT, but am having problems trying to get it to work with the compare. So if anyone wishes to use it. I do have it posted for Download on Vert. and if we have any programers out there in Baja that want to help me improve it feel free to drop a line.
Lord Blackfair (Blackfair's Manor) blackf.synchro.net

INT I
Ý RANDOM I 3
Ý COMPARE I 0
Ý IF_EQUAL
Ý [WHATEVER COMMAND YOU WANT]
Ý else
Ý [WHATEVER COMMAND YOU WANT]
END_IF

By using that, wouldnt that only allow if the script picks 0?
i want to COMPARE I with the STR

Lord Blackfair (Blackfair's Manor) blackf.synchro.net

---
þ Synchronet þ Blackfair's Manor - blackf.synchro.net

Re: Captcha
By: Lord Blackfair to MRO on Fri Jul 30 2021 11:21 pm

Re: Captcha
By: MRO to Lord Blackfair on Fri Jul 30 2021 08:26 am

Re: Captcha
By: Lord Blackfair to All on Thu Jul 29 2021 05:48 pm

This is probally off topic. But i will post it here so everyone

can
see it. Since I innitiated my Captcha program on my BBS. Its been keeping the bots out and I have not seen any attempts at seeing any scripted bots trying to logon using SSH,ROOT,ADMIN ETC...
With the help of another sysop he made a scripted batch file that changes the captcha number every 10 minutes, so its not the same with every login. I am still working on the process of using the Randam INT, but am having problems trying to get it to work with the compare. So if anyone wishes to use it. I do have it posted for Download on Vert. and if we have any programers out there in Baja that want to help me improve it feel free to drop a line.
Lord Blackfair (Blackfair's Manor) blackf.synchro.net

INT I
Ý RANDOM I 3
Ý COMPARE I 0
Ý IF_EQUAL
Ý [WHATEVER COMMAND YOU WANT]
Ý else
Ý [WHATEVER COMMAND YOU WANT]
END_IF

By using that, wouldnt that only allow if the script picks 0?
i want to COMPARE I with the STR

i believe you copy it to a str and compare it

just by checking if it's an exact number you can use that code i posted.
and that's what your capcha does, right

anyways, those bots will not solve your capcha. they will get confused and sit on the connection.

---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Captcha
By: MRO to Lord Blackfair on Sat Jul 31 2021 02:33 am

anyways, those bots will not solve your capcha. they will get confused and sit on the connection.

Yup. Truth be told, you could just print "Hit ESC now to continue" and disconnect if the ESC key (or whatever key you like) isn't hit within a few seconds. No bot is going to hit the ESC key - problem solved. You don't really *need* to display/prompt for a random anything since nobody is going to build a BBS-specific bot (they just aren't a target of interest).

If you're running a recent build of Synchronet with a recent login.js, it'll disconnect dumb terminals (those not supporting ANSI or any other emulation) very quickly when no input is sent and that disconnect time is configurable.
--
digital man

Rush quote #57:
He picks up scraps of information, he's adept at adaptation .. Digital Man Norco, CA WX: 92.3øF, 35.0% humidity, 2 mph E wind, 0.00 inches rain/24hrs
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Got it running, had to tweak some things.
made it start before anything else. then load the login matrix as a xtrn_prog.

#Captcha program by Keith Cunningham edit to how you would like
:Home
INT R
STR A
random r 999999
CLS
#menu "Gate"
Print "\r\n Welcome to Lord Blackfair's Captcha for Synchronet BBS v4.00\r\n"
Print "\r\n To Prove you are not a BOT please enter [ The Number ] below.\r\n"

print R
Print " "
GETLINE A 6
COMPARE R A
IF_false
goto wrong
PAUSE
#Print "Welcome to The BBS!!!"

end_if
goto start
:wrong
Print "\r\nThat is not correct, Please try again.\r\n"
pause
goto home
:start
Print "Welcome to The BBS!!!"
exec_xtrn matrix

Lord Blackfair (Blackfair's Manor) blackf.synchro.net

---
þ Synchronet þ Blackfair's Manor - blackf.synchro.net

Re: Captcha
By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

Got it running, had to tweak some things.
made it start before anything else. then load the login matrix as a xtrn_prog.

so you have something for the bots to sit there and perhaps loop back if they enter any input.

and your users have to enter a long number each time.

i would rethink that.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Captcha
By: MRO to Lord Blackfair on Thu Aug 05 2021 09:20 am

Re: Captcha
By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

Got it running, had to tweak some things.
made it start before anything else. then load the login matrix as a xtrn_prog.

so you have something for the bots to sit there and perhaps loop back if they enter any input.

and your users have to enter a long number each time.

i would rethink that.

If his goal is to experiment with/learn Baja, then he's achieving that. If the goal is keep bots from tieing up nodes, there's much easier solutions. If the goal is prevent bots from trying to authenticate with a username and password (why?), there's easier solutions (e.g. just prompt for a specific key, like ESC).

Actually letting a bot send a username and password is a good way to detect and auto-block them and that support is built-into SBBS:
https://wiki.synchro.net/howto:block-hackers
--
digital man

Synchronet "Real Fact" #1:
Development began in 1990 of the (unnamed at the time) Synchronet BBS software. Norco, CA WX: 89.5øF, 40.0% humidity, 4 mph WNW wind, 0.00 inches rain/24hrs ---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: Captcha
By: MRO to Lord Blackfair on Thu Aug 05 2021 09:20 am

Re: Captcha
By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

Got it running, had to tweak some things.
made it start before anything else. then load the login matrix as a xtrn_prog.

I could always rewite it so that a user has to press a key, but so far its working and i get no complaints yet.

Lord Blackfair (Blackfair's Manor) blackf.synchro.net

---
þ Synchronet þ Blackfair's Manor - blackf.synchro.net

Re: Captcha
By: Digital Man to MRO on Thu Aug 05 2021 11:53 am

Re: Captcha
By: MRO to Lord Blackfair on Thu Aug 05 2021 09:20 am

Re: Captcha
By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

Got it running, had to tweak some things.
made it start before anything else. then load the login matrix as a xtrn_prog.

so you have something for the bots to sit there and perhaps loop back if they enter any input.

and your users have to enter a long number each time.

i would rethink that.

If his goal is to experiment with/learn Baja, then he's achieving that. If the goal is keep bots from tieing up nodes, there's much easier solutions. If the goal is prevent bots from trying to authenticate with a username and password (why?), there's easier solutions (e.g. just prompt for a specific key, like ESC).

Actually letting a bot send a username and password is a good way to detect and auto-block them and that support is built-into SBBS: https://wiki.synchro.net/howto:block-hackers

and in my case i block all the ones that fail my challenge code. so, eventually the .can file gets so huge it slows down synchronet.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Captcha
By: MRO to Digital Man on Thu Aug 05 2021 09:43 pm

and in my case i block all the ones that fail my challenge code. so, eventually the .can file gets so huge it slows down synchronet.

Maybe you should rethink that design then.
--
digital man

Synchronet "Real Fact" #117:
Synchronet v1b r0 (for MS-DOS) was released on September 25, 1992
Norco, CA WX: 77.1øF, 54.0% humidity, 3 mph ENE wind, 0.00 inches rain/24hrs ---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: Captcha
By: Lord Blackfair to MRO on Thu Aug 05 2021 09:31 pm

Re: Captcha
By: MRO to Lord Blackfair on Thu Aug 05 2021 09:20 am

Re: Captcha
By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

Got it running, had to tweak some things.
made it start before anything else. then load the login matrix as a xtrn_prog.

I could always rewite it so that a user has to press a key, but so far its working and i get no complaints yet.

i complained.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Captcha
By: Digital Man to MRO on Thu Aug 05 2021 08:11 pm

Re: Captcha
By: MRO to Digital Man on Thu Aug 05 2021 09:43 pm

and in my case i block all the ones that fail my challenge code. so, eventually the .can file gets so huge it slows down synchronet.

Maybe you should rethink that design then.

i just trim it down every year.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Captcha
By: MRO to Lord Blackfair on Fri Aug 06 2021 08:31 am

Re: Captcha
By: Lord Blackfair to MRO on Thu Aug 05 2021 09:31 pm

Re: Captcha
By: MRO to Lord Blackfair on Thu Aug 05 2021 09:20 am

Re: Captcha
By: Lord Blackfair to All on Wed Aug 04 2021 10:35 pm

Got it running, had to tweak some things.
made it start before anything else. then load the login matrix as a xtrn_prog.

I could always rewite it so that a user has to press a key, but so far its working and i get no complaints yet.

i complained.

Yes you did. And you have a right to.
Lord Blackfair (Blackfair's Manor) blackf.synchro.net

---
þ Synchronet þ Blackfair's Manor - blackf.synchro.net