Crash Proofing GBBS II Systems

How to Crash GBBS Systems

The following is a text file that I downloaded from the O.S.B. Systems In Allentown.  I think it is a very interesting file for all to look over see what we can use for our own systems After all that is what this SysOp board is all about, keeping the undesirables away and discouraging the crashers. -Nonsuch-

<><> ><> CRASH PROTECTING YOUR GBBS II! <>< <><>
by init hello

Let’s dispense with formalities at go directly to the matter at hand. This tutorial will outline the ways in which a GBBS II can be crashed and offer solutions. If all directions are followed, then your board will be impervious to user interference.

(A) the most common and most elementary methods is by what is commonly refereed to as “the old space trick”. What is done is a person enters as a “NEW” user and uses the sysop’s name with a space before the first name. This bypasses all the “NAME IN USE” checks but awards a sysop security of 64 upon entry. The simple remedy would be to not allow spaces in a name that aren’t embedded. For example:

510 O$=EL$+”LAST NAME–>”:GOSUB 7000 : GOSUB 8200 : A2$=I$…ETC.
add the line:
515 IF LEFT$(I$,1)=” ” THEN 510

this should be also entered on a line after the FIRST name is inputted.

(B) Another common method is taking advantage of the sysop’s mods, namely, onerr goto statements. What a person can do is purposely make an error to get him to where the onerr goto state- ment is pointing. This might be an area that the user does NOT have access to. To prevent this, nullify all your onerr goto statements after you’re done with them with a “POKE 216,0”. When the onerr flag is reset with this statement all errors will result in a prompt log- off. Common methods of creating errors are: 1) when the program asks for a number, entering a “99E99”.

2) when asking for a password, entering a negative number embedded in the letters. (ie.  G-99FFF, OR A-01AAA )

3)  then there are the fatal errors that will be covered in section C.

(C)  Here is the good part. The GBBS II driver ignores the entry of all characters with an ascii equivalent of hexadecimal ($20) and below, EXEPT…. a big EXCEPT…for a few!! Now these few characters when entered, goes unnoticed….that is…unless enough of the are entered. If a sufficient number is entered,(which would take a long time without a repeat key), then the buffer suffers what I call a “FATAL ERROR” which will promptly put the user into machine language with DOS intact. Oh noooooooo!! But there is good, news! If the following pokes are entered directly after the GBBS DRIVER is loaded, let’s say on line 60, then it will treat those certain characters like all the rest of the trash and ignore them!!

60 POKE 36942,37: POKE 36943,208: POKE 36944,35: POKE 36945,76: POKE 36946,95: POKE 36947,255: POKE 36948,234

And that’s it! All of the above has been carefully tested and retested so the informatin is valid. This tutorial has been written in a way to discourage those seeking ways to crash people’s boards as well as possible.

[0;_[0m [1m[8] Tfiles: (1-29,?,Q) :