MSGID: 2:222/2.0 6bae9559
REPLY: 2:263/1.0 e6ff6fd7
TZUTC: 0200
CHRS: LATIN-1 2
> Has anyone got a script that scans log0 for repeated offenders trying telnet,
> ftp etc

I'm using rate limiting on my firewall and block too many connections there.
It's better than inet.bbb and I've had zero problems with bots.

My choice for firewall is Foomuuri: https://github.com/FoobarOy/foomuuri

Example config:

macro {
  bbbs_rate  saddr_rate "1/minute burst 2" saddr_rate_name bbbs_limit
}

public-localhost {
  ftp bbbs_rate ipv4
  ftp ipv6 reject      # bftpd doesn't support IPv6
  ftps bbbs_rate ipv4
  ftps ipv6 reject     # bftpd doesn't support IPv6
  telnet bbbs_rate
  tcp 24554 bbbs_rate  # BinkP
  ...
}

> I have been checking some of the repeaters on my logs against abuseipdb and
> adding them to the blocked section of inet

Foomuuri can automatically import and refresh external IP-lists for block
lists.

Take a look at fail2ban too. It works nicely with Foomuuri. http
://github.com/FoobarOy/foomuuri/issues/9

--- BBBS/Li6 v4.10 Toy-7
 * Origin: * BCG-Box, On The Air Since 11th February 1987! * (2:222/2)
SEEN-BY: 1/120 18/0 50/22 103/705 104/119 105/81 106/201 123/0 25
SEEN-BY: 123/180 755 3001 3002 124/5016 128/187 129/305 135/115 153/757
SEEN-BY: 153/7715 154/10 30 50 110 700 203/0 218/700 220/6 20 90 221/0
SEEN-BY: 221/6 222/2 226/18 30 44 50 227/114 229/110 114 206 317 426
SEEN-BY: 229/428 470 550 664 700 705 240/1120 5832 250/1 263/1 266/512
SEEN-BY: 275/1000 280/464 5003 5006 291/111 292/854 8125 301/1 320/219
SEEN-BY: 322/757 341/66 234 342/200 396/45 423/120 460/58 256 1124
SEEN-BY: 467/888 633/280 712/848 1321 770/1 902/26 2320/105 3634/0
SEEN-BY: 3634/12 27 57 58 60 119 5020/400 8912 5054/30 5075/35
PATH: 222/2 3634/12 154/10 280/464 460/58 229/426