ÄÄÄ TG SysOp's Protect Your Selves ÄÄÄ
ÄÄÄ From Baddies ÄÄÄ
ÄÄÄ by Man Against The Mob ÄÄÄ
ÄÄÄ The Pie BBS 516-689-5413 ÄÄÄ
Hey you, don't be silly, put a rubber on your willy!
As telegard is a popular BBS software package, and is widely available
to the general public, it becomes easy for hackers to crash your system.
I have written this file to help protect your self from these people.
Included are tree ways to protect your self. I also recommend you use a
shuttle logon menu to provide more security. With one new users do not have
access to the board on their first call.
1) The PKZIP back door - Users who wish to crash your board can call your
board, upload a zip file containing a trojan named PKZIP.EXE. they can use
the archive file menus to unzip the PKZIP.EXE trojan file to your temp file
directory. They can then run the file by selecting Add to Archive which will
then attempt to run PKZIP.EXE to zip up the file. But if a PKZIP.EXE file is
in the temporary directory, it will run that one instead of the true PKZIP
program. To protect your self from this, press //\\*P from any menu, select
option 'F' and then press 'A'. Modify the PkZip Archive entry to include the
path of the true PKZIP.EXE and PKUNZIP.EXE files.
ie. use 3) C:\ZIP\PKZIP.EXE -aex @F @I
instead of 3) PKZIP.EXE -aex @F @I.
2) The Logoff.Bat back door - A user can ZModem batch upload a file called
Logoff.Bat to your Telegard directory using various commands in DSZ. I won't
go into them because this is a file to prevent it, not tell how to do it.
This uploading is mostly blindly giving a path name hoping it is in the
C:\BBS directory or whatever path they try. They they are trying to do is
get ZModem batch to upload a file called Logoff.Bat to the main BBS
What Logoff.Bat does is each time a user logs off, telegard will run
Logoff.Bat if it exists. It is mostly used in BBS's which use front doors to
help run echo's between different bulletin boards, such as D'Bridge. If the
Logoff.Bat file contains a nasty such as WIPEDISK C: or something to that
extent, bad things will happen. You can stop that by adding the word
'Restrict' to the end of your Zmodem upload strings.
ie. use dsz port %P speed %B rz %F Restrict
instead of dsz port %P speed %B rz %F.
Here is DSZ's documentation or Restrict:
restrict Restrict pathnames to the current disk and directory tree, and
disallow overwriting of existing files. When DSZ is restricted,
it will refuse to transfer files containing the string autoexec.bat
and command.com in upper or lower case. This provides some defense
from malicious uploaded files.
3) Scan all uploaded files for viruses and trojans before you run them.
A method used by some Telegard's I have seen is to replace the Integrity
check line with a batch file which tests for initial integrity, then it
Unzips the file to a temporary directory, run the SCAN program and exit with
a good exit code telling TG it is alright. This is a sample batch file for
doing that: (You will have to look up the correct exit codes for your SCAN
and PkZip programs)
C:\ZIP\PKUNZIP -t %1
IF ERRORLEVEL = 1 Goto Badfile
C:\ZIP\PKUNZIP %1 C:\0UR12.$$$
echo y|del *.*
And have in Telegard 0 (or whatever) as a good exit code. (And make sure
SCAN's exit code is not 0 (or whatever) for bad files.
For more help with Telegard Call <\ The Pie BBS /> 516-689-5413.
This text file was written by Man Against The Mob.
This text file has been brought to you by MHEB Enterprises.