Detect & block "free VPN" users



  • Make fun if you will, but I run an old school BBS over telnet, which is hosted on a VM box running DOS 6.22. 
    I get about 800 hits per day (presumably from the same source) trying to gain access to the box attempting to login as root with various password attempts, then run a few shell lines (mostly calls to busybox and deleting the etc folder), so the user's intent is malicious.

    Problem is, they are using various (or a bouncing) VPN service like HideMyAss or something similar, so the IP changes on every use.  Blacklisting or blocking is rather useless.

    So, the question is:
    Is there any package (or feature) that allows me to detect the use of a VPN (like a free VPN IP range list file) or something similar? 
    It doesn't necessarily even need to be run from pfSense, but it would be nice if it did so the logs could be integrated.



  • Make fun if you will

    Hey, some of us greybeards loved the BBS days of the 80's.

    What you're asking for isn't really practical.  As you yourself said,

    Blacklisting or blocking is rather useless.

    and I completely agree.  The bots are relentless and random.  Have a strong password, have good backups and just ignore the noise.



  • Good luck to them, he may want to modify his script a little bit, considering DOS don't give a damn who "root" is.


  • Rebel Alliance Global Moderator

    You could for sure use something like pfblockerng to create lists of huge swaths of netblocks to block..  Block out all the other countries, etc.

    So you get 800 hits a day from this root user, how much actual real traffic do you get?

    I remember my bbs days!!!  Miss them actually, so freaking cool could get an email from other side of the planet using fido in less than a day ;)  One of my fav games was barren realms elite.. And tradewars - Can I check out this bbs??  Could you PM me info on how I request an account..