��� TG SysOp's Protect Your Selves ��� ��� From Baddies ��� ��� by Man Against The Mob ��� ��� The Pie BBS 516-689-5413 ��� Hey you, don't be silly, put a rubber on your willy! As telegard is a popular BBS software package, and is widely available to the general public, it becomes easy for hackers to crash your system. I have written this file to help protect your self from these people. Included are tree ways to protect your self. I also recommend you use a shuttle logon menu to provide more security. With one new users do not have access to the board on their first call. 1) The PKZIP back door - Users who wish to crash your board can call your board, upload a zip file containing a trojan named PKZIP.EXE. they can use the archive file menus to unzip the PKZIP.EXE trojan file to your temp file directory. They can then run the file by selecting Add to Archive which will then attempt to run PKZIP.EXE to zip up the file. But if a PKZIP.EXE file is in the temporary directory, it will run that one instead of the true PKZIP program. To protect your self from this, press //\\*P from any menu, select option 'F' and then press 'A'. Modify the PkZip Archive entry to include the path of the true PKZIP.EXE and PKUNZIP.EXE files. ie. use 3) C:\ZIP\PKZIP.EXE -aex @F @I instead of 3) PKZIP.EXE -aex @F @I. 2) The Logoff.Bat back door - A user can ZModem batch upload a file called Logoff.Bat to your Telegard directory using various commands in DSZ. I won't go into them because this is a file to prevent it, not tell how to do it. This uploading is mostly blindly giving a path name hoping it is in the C:\BBS directory or whatever path they try. They they are trying to do is get ZModem batch to upload a file called Logoff.Bat to the main BBS directory. What Logoff.Bat does is each time a user logs off, telegard will run Logoff.Bat if it exists. It is mostly used in BBS's which use front doors to help run echo's between different bulletin boards, such as D'Bridge. If the Logoff.Bat file contains a nasty such as WIPEDISK C: or something to that extent, bad things will happen. You can stop that by adding the word 'Restrict' to the end of your Zmodem upload strings. ie. use dsz port %P speed %B rz %F Restrict instead of dsz port %P speed %B rz %F. Here is DSZ's documentation or Restrict: restrict Restrict pathnames to the current disk and directory tree, and disallow overwriting of existing files. When DSZ is restricted, it will refuse to transfer files containing the string autoexec.bat and command.com in upper or lower case. This provides some defense from malicious uploaded files. 3) Scan all uploaded files for viruses and trojans before you run them. A method used by some Telegard's I have seen is to replace the Integrity check line with a batch file which tests for initial integrity, then it Unzips the file to a temporary directory, run the SCAN program and exit with a good exit code telling TG it is alright. This is a sample batch file for doing that: (You will have to look up the correct exit codes for your SCAN and PkZip programs) ECHO OFF C:\ZIP\PKUNZIP -t %1 IF ERRORLEVEL = 1 Goto Badfile MD\0UR12.$$$ C:\ZIP\PKUNZIP %1 C:\0UR12.$$$ CD\0UR12.$$$ C:\ZIP\SCAN *.* echo y|del *.* :Badfile exit And have in Telegard 0 (or whatever) as a good exit code. (And make sure SCAN's exit code is not 0 (or whatever) for bad files. For more help with Telegard Call <\ The Pie BBS /> 516-689-5413. This text file was written by Man Against The Mob. This text file has been brought to you by MHEB Enterprises. ile has been brought to you by MHEB Enterprises.