Category : BBS Programs+Doors
Archive   : TONSMOD.ZIP
Filename : SECREG.MOD

SECURITY REGISTRATION CODE
By The Captain of The White Star Line (@2370)

This is a simple modification that may help persuade your local hacker

to find another line of work. It is primarily geared to stop

"killer-macros," which repeatedly logon to bulletin boards entering false

accounts, the goal being to fill up the user base and cause great

aggravation on the part of the sysop. Most of these macros operate by a

series of commands that wait for certain strings to appear, then they

output the information. The advanced ones will randomly generate a user

name each time it is run (usually a string of characters that are

unintelligible). Others simply use delays, waiting a few seconds, sending

data, waiting a few more, sending more, and so on. This modification will

add a "registration code" to the new user procedure. It randomly generates

an alphanumeric string ranging (randomly again) from 4 to 9 characters in

length. This string is then output for the user to see, and the user is

then prompted to type in the registration code. The user has three tries to

get it right (a different code being shown each time) before automatic

disconnection. If the user gets the string right, then registration

proceeds normally. It would take a very bright person indeed to develop a

"killer-macro" that would read the string when it appears and then output

that string back to the BBS. Telix is generally thought to have the best

script language, and looking through it I didn't notice any such capability.

I've been told by someone that it is possible, but the skills required to

generate the macro were of a high calibur indeed. So, this modification will

present no trouble for your genuine users, and I can guarantee that

"killer-macros" will not like it at all. Too bad.

* * * * * * *
In NEWUSER.C, add this function before void input_name()

void input_code()
{
int i,i2,i3,ok,count;
char n[11],code[11],ch;

count=0;

do {

i2=rand();
if (i2<6500) i3=4;
else if (i2<13000) i3=5;
else if (i2<19500) i3=6;
else if (i2<26000) i3=7;
else if (i2<32500) i3=8;
else i3=9;

for (i=0; i ch=rand() % 36;
if (ch<10)
ch+='0';
else
ch+='A'-10;
code[i]=ch;
}
code[i3]=0;

nl();
prt(2,"Registration Code: ");
prt(1,code);
nl();
nl();
prt(3,"Please enter the above Registration Code");
nl();
prt(3,"for security reasons.");
nl();
outstr(":");
mpl(i3);
input(n,i3);
nl();
if ((strcmp(code,n)==0))
ok=1;
else ok=0;
if (!ok) {
prt(2,"That is not correct.");
nl();
++count;
if (count==3)
hangup=1;
}
} while ((!ok) && (!hangup));
}

* * * * * * *
Now search in NEWUSER.C for "NEWUSER" and look down a few lines. You will

see a block of code that calls the various registration functions, as in...

input_name();
input_realname();
input_phone();

...et cetera. Add the line:

input_code();

somewhere among those lines, wherever you wish the question to appear. A

good place might be before the input_name line. For an added measure of

security, and to further complicate matters for hackers, you can have

the line appear elsewhere during registration. That's entirely up to you.

The Captain of The White Star Line
Long Beach, California - @2370