wcSECURE BBS Security Hints & Tips! Tip #1: Only use REAL NAMES for logging in. BBS's which allow alias names for logging in will have tremendous difficulty in keeping track of things. Additionally, many kiddie hackers refuse to use their real name on BBS's, and as such, won't call those BBS's which require them! Tip #2: Require REAL phone Numbers & other Caller Information. If you get to be a popular BBS, you'll want to be able to make sure your caller database is complete, not only for the liability concerns, but for security as well. Tip #3: Verify your callers! How you verify your callers is your choice. Voice verification offers a high degree of security for your BBS. Voice verification, plus a screening program, such as wcSECURE will give you the most secure environment. Part of the reason I created wcSECURE was out of my own personal need. I wanted something that would tell me if someone was duplicated on the system. There are some freeware programs which give you a printout of duplicated caller information, but I found these to be difficult to use at best. By checking for duplicated information from the callers very first call, I found this to be highly effective in screening callers. Many callers with multi-first names like Richard, were calling back a week or so later with RICH, RICK, etc. In the first week of beta testing, 2 callers using this approach were accurately identifed by wcSECURE. Continued use has shown that numerous callers are calling back with variations of their first names. Honest mistake or ???? Tip #4. Have a consistant policy regarding people who try and cheat your BBS. By always handling the "less than honorable" callers the same way, you eliminate the "personal" attack that some callers may feel. If you set down the rules, and someone violates the rules, they should realize what will happen to them and not feel that they are being singled out for some reason. Tip #5. (WC 4.0x and newer) Place your disclaimer in your QUESNEW (New User Questionnaire) file. By displaying this file and the all important qualifying question "Do you agree to follow the rules" (or what ever is correct for your BBS) within the new caller questionnaire, you can politely "hang up" on the caller if they answer no. What makes this so great, is that the caller is never logged into the BBS, and you don't have to worry about them! (If you'd like more info on specifically how to do this, please feel to contact me!) Tip #6. Use Wildcats! Built in fake number screening. When someone logs into your BBS using 111-111-1111 as their phone number, Wildcat! will send them a display file, then log them off. Wildcat! has this feature fairly well documented, however, if you'd like help in setting up the text file which contains the bogus phone numbers, just let me know. Tip #7. Use Wildcats! built in alias name filter. By requiring real names, you can effectively prevent callers using names like "master blaster" or "ghost rider" from calling your BBS. Wildcat! does an excellent job in this regard, and with a comprehensive filtering file, you'll deter most fake names from even logging in! Tip #8. Always use Wildcat! BBS software. It not only gives you and your callers the easiest BBS to use and operate, it also gives you the most secure BBS! My goal with this hints file, and the program wcSECURE is to give sysops an edge on the problem callers, that are out there, and that will try all sorts of things to cheat YOUR BBS. I hope this information is helpful, and if you'd like additional help with BBS security, feel free to contact me (the info is posted in the SYSOP.DOC file). Joe Goeller has been a Wildcat! Sysop for 5 years, and has been a specialist in the area of digital security for nearly a decade. (Wildcat! is a registered Trade Mark of Mustang Software, Inc)