TUCoPS :: Dialup BBSes :: crashgbb.txt

GBBS: Crashing GBBS systems
 


	How to Crash GBBS Systems



   The following is a text file theat
I downloaded from the O.S.B. Systems
In Allentown.  I think it is a very
interesting file for all to look over
see what we can use for our own systems
After all that is what this SysOp board
is all about, keeping the undesirables
away and discouraging the crashers.
                   -Nonsuch-


 <><><><><><><><><><><><><><><><><><><>
 ><> CRASH PROTECTING YOUR GBBS II! <><
 <><><><><><><><><><><><><><><><><><><>
             by init hello


   Let's dispense with formalites at go
 directly to the matter at hand. This
 tutuorial will outline the ways in
 which a GBBS II can be crashed and
 offer solutions. If all directions are
 followed, then your board will be
 impervious to user interference.

   (A) the most common and most elemen-
 tary methods is by what is commonly
 refered to as "the old space trick".
 What is done is a person enters as a
 "NEW" user and uses the sysop's name
 with a space before the first name.
 This bypasses all the "NAME IN USE"
 checks but awards a sysop security of
 64 upon entry. The simple remedy would
 be to not allow spaces in a name that
 aren't imbedded. For example:

    510 O$=EL$+"LAST NAME-->":GOSUB
        7000:GOSUB8200:A2$=I$...ETC.
add the
line:515 IF LEFT$(I$,1)=" " THEN 510


   this should be also entered on a
line after the FIRST name is inputted.


  (B) Another common method is taking
advantage of the sysop's mods, namely,
onerr goto statements. What a person
can do is purposely make an error to
get him to where the onerr goto state-
ment is pointing. This might be an area
that the user does NOT have access to.
To prevent this, nullify all your onerr
goto statements after you're done with
them with a "POKE 216,0". When the
onerr flag is reset with this statement
all errors will result in a prompt log-
off.
      Common methods of creating errors
are:
     1) when the program asks for a
        number, entering a "99E99".

     2) when asking for a password,
        entering a negative number
        imbedded in the letters.
        (ie.  G-99FFF, OR A-01AAA )

     3)  then there are the fatal
        errors that will be covered in
        section C.


   (C)  Here is the good part. The
GBBS II driver ignores the entry of all
characters with an ascii equivalent of
hexadecimal ($20) and below, EXEPT....
a big EXCEPT...for a few!! Now these
few characters when entered, goes
unnoticed....that is...unless enough
of the are entered. If a sufficient
number is entered,(which would take a
long time without a repeat key), then
the buffer suffers what I call a
"FATAL ERROR" which will promptly put
the user into machine language with
DOS intact. Oh noooooooo!! But there is
good, news! If the following pokes are
entered directly after the GBBS DRIVER
is loaded, let's say on line 60, then
it will treat those certain characters
like all the rest of the trash and
ignore them!!

  60 POKE 36942,37:
     POKE 36943,208:
     POKE 36944,35:
     POKE 36945,76:
     POKE 36946,95:
     POKE 36947,255:
     POKE 36948,234

 And that's it! All of the above has
been carefully tested and retested so
the informatin is valid. This tutorial
has been written in a way to discourage
those seeking ways to crash people's
boards as well as possible.

[0;_[0m
[1m[8] Tfiles: (1-29,?,Q) :

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH