/*
-BOPM sample configuration
+HOPM sample configuration
*/
options {
/*
* Full path and filename for storing the process ID of the running
- * BOPM.
+ * HOPM.
*/
- pidfile = "/some/path/bopm.pid";
+ pidfile = "/some/path/hopm.pid";
/*
* How many seconds to store the IP address of hosts which are
* of running a proxy can get abusers onto your network - all they
* need do is shut the proxy down, connect themselves, restart the
* proxy, and tell their friends to come flood.
- *
+ *
* Keep this directive commented out to disable negative caching.
*/
# negcache = 3600;
/*
* Amount of file descriptors to allocate to asynchronous DNS. 64
- * should be plenty for almost anyone - previous versions of BOPM only
- * did one at a time!
+ * should be plenty for almost anyone.
*/
dns_fdlimit = 64;
/*
* Put the full path and filename of a logfile here if you wish to log
- * every scan done. Normally BOPM only logs successfully detected
- * proxies in the bopm.log, but you may get abuse reports to your ISP
- * about portscanning. Being able to show that it was BOPM that did
+ * every scan done. Normally HOPM only logs successfully detected
+ * proxies in the hopm.log, but you may get abuse reports to your ISP
+ * about portscanning. Being able to show that it was HOPM that did
* the scan in question can be useful. Leave commented for no
* logging.
*/
IRC {
/*
* IP to bind to for the IRC connection. You only need to use this if
- * you wish BOPM to use a particular interface (virtual host, IP
+ * you wish HOPM to use a particular interface (virtual host, IP
* alias, ...) when connecting to the IRC server. There is another
* "vhost" setting in the scan {} block below for the actual
* portscans. Note that this directive expects an IP address, not a
# vhost = "0.0.0.0";
/*
- * Nickname for BOPM to use.
+ * Nickname for HOPM to use.
*/
- nick = "MyBopm";
+ nick = "MyHopm";
/*
- * Text to appear in the "realname" field of BOPM's /whois output.
+ * Text to appear in the "realname" field of HOPM's /whois output.
*/
- realname = "Blitzed Open Proxy Monitor";
+ realname = "Hybrid Open Proxy Monitor";
/*
* If you don't have an identd running, what username to use.
*/
- username = "bopm";
+ username = "hopm";
/*
- * Hostname (or IP) of the IRC server which BOPM will monitor
+ * Hostname (or IP) of the IRC server which HOPM will monitor
* connections on.
*/
server = "myserver.somenetwork.org";
-
/*
* Password used to connect to the IRC server (PASS)
*/
-
# password = "secret";
-
/*
- * Port of the above server to connect to. This is what BOPM uses to
+ * Port of the above server to connect to. This is what HOPM uses to
* get onto IRC itself, it is nothing to do with what ports/protocols
* are scanned, nor do you need to list every port your ircd listens
* on.
* it). This is the raw IRC command text, and the below example
* corresponds to "/msg nickserv identify password" in a client. If
* you don't understand, just edit "password" in the line below to be
- * your BOPM's nick password. Leave commented out if you don't need
+ * your HOPM's nick password. Leave commented out if you don't need
* to identify to NickServ.
*/
-# nickserv = "privmsg nickserv :identify password";
+# nickserv = "NS IDENTIFY password";
/*
- * The username and password needed for BOPM to oper up.
+ * The username and password needed for HOPM to oper up.
*/
- oper = "bopm operpass";
+ oper = "hopm operpass";
/*
- * Mode string that BOPM needs to set on itself as soon as it opers
+ * Mode string that HOPM needs to set on itself as soon as it opers
* up. This needs to include the mode for seeing connection notices,
- * otherwise BOPM won't scan anyone (that's usually umode +c). It's
- * often also a good idea to remove any helper modes so that users
- * don't try to talk to the BOPM.
- *
- * REMEMBER THAT IRCU AND LATER VERSIONS OF UNREAL DO NOT USE A SIMPLE
- * +c !!
+ * otherwise HOPM won't scan anyone (that's usually umode +c).
*/
- mode = "+c-h";
-
- /* Example for Bahamut; +F gives BOPM relaxed flood limits */
-# mode = "+Fc-h";
+ mode = "+c";
/*
- * If this is set then BOPM will use it as an /away message as soon as
+ * If this is set then HOPM will use it as an /away message as soon as
* it connects.
*/
away = "I'm a bot. Your messages will be ignored.";
/*
- * Info about channels you wish BOPM to join in order to accept
- * commands. BOPM will also print messages in these channels every
- * time it detects a proxy. Only IRC operators can command BOPM to do
- * anything, but some of the things BOPM reports to these channels
- * could be soncidered sensitive, so it's best not to put BOPM into
+ * Info about channels you wish HOPM to join in order to accept
+ * commands. HOPM will also print messages in these channels every
+ * time it detects a proxy. Only IRC operators can command HOPM to do
+ * anything, but some of the things HOPM reports to these channels
+ * could be soncidered sensitive, so it's best not to put HOPM into
* public channels.
*/
channel {
- /*
- * Channel name. Local ("&") channels are supported if your ircd
- * supports them.
- */
- name = "#bopm";
-
- /*
- * If BOPM will need to use a key to enter this channel, this is
- * where you specify it.
- */
-# key = "somekey";
-
- /*
- * If you use ChanServ then maybe you want to set the channel
- * invite-only and have each BOPM do "/msg ChanServ invite" to get
- * itself in. Leave commented if you don't, or if this makes no
- * sense to you.
- */
-# invite = "privmsg chanserv :invite #bopm";
+ /*
+ * Channel name. Local ("&") channels are supported if your ircd
+ * supports them.
+ */
+ name = "#hopm";
+
+ /*
+ * If HOPM will need to use a key to enter this channel, this is
+ * where you specify it.
+ */
+# key = "somekey";
+
+ /*
+ * If you use ChanServ then maybe you want to set the channel
+ * invite-only and have each HOPM do "/msg ChanServ invite" to get
+ * itself in. Leave commented if you don't, or if this makes no
+ * sense to you.
+ */
+# invite = "CS INVITE #hopm";
};
/*
*
* channel { name = "#other"; }; channel { name="#channel"; }
*/
-
+
/*
* connregex is a POSIX regular expression used to parse connection
* (+c) notices from the ircd. The complexity of the expression should
* be kept to a minimum.
- *
+ *
* Items in order MUST be: nick user host IP
*
- * BOPM will not work with ircds which do not send an IP in the
+ * HOPM will not work with ircds which do not send an IP in the
* connection notice.
*
* This is fairly complicated stuff, and the consequences of getting
- * it wrong are the BOPM does not scan anyone. Unless you know
+ * it wrong are the HOPM does not scan anyone. Unless you know
* absolutely what you are doing, please just uncomment the example
* below that best matches the type of ircd you use.
- *
- * !!! NOTE !!! If a connregex for your ircd does not appear here and the
- * hybrid connregex does not appear to work, check the BOPM FAQ at
- * http://wiki.blitzed.org/BOPM before contacting our lists for help.
- *
*/
-
- /* Hybrid / Bahamut / Unreal (in HCN mode) */
connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
- /*
- * Ultimate ircd - note the control-B characters around Connect/Exit,
- * that is because that text appears in bold in the actual connect
- * notice. Be very careful when editing this, do it as you would put
- * bold characters into IRC MOTDs.
- */
-# connregex = "\\*\\*\\* \ 2Connect/Exit\ 2 -- from [^:]+: Client connecting on port [0-9]+: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
-
- /*
- * SorIRCd 1.3.4+ / StarIRCd 5.26+.
- */
-# connregex = "\\*\\*\\* Notice -- Client connecting on port [0-9]+: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
-
-
/*
* "kline" controls the command used when an open proxy is confirmed.
* We suggest applying a temporary (no more than a few hours) KLINE on the host.
*
* <WARNING>
- * Make sure if you need to change this string you also change the
- * kline command for every DNSBL you enable below.
+ * Make sure if you need to change this string you also change the
+ * kline command for every DNSBL you enable below.
*
- * Also note that some servers do not allow you to include ':' characters
- * inside the KLINE message (e.g. for a http:// address).
+ * Also note that some servers do not allow you to include ':' characters
+ * inside the KLINE message (e.g. for a http:// address).
*
* Users rewriting this message into something that isn't even a valid
* IRC command is the single most common cause of support requests and
* %i User's IP address
*
*/
- kline = "KLINE *@%h :Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
-
- /* A GLINE example for IRCu: */
-# kline = "GLINE +*@%i 1800 :Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
+ kline = "KLINE *@%h :Open Proxy found on your host.";
- /* An AKILL example for services with OperServ
- * Your BOPM must have permission to AKILL for this to work! */
-
-# kline = "PRIVMSG OpenServ :AKILL +3h *@%h Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
-
/*
- * Text to send on connection, these can be stacked and will be sent in this order
- *
- * !!! UNREAL USERS PLEASE NOTE !!!
- * Unreal users will need PROTOCTL HCN to force hybrid connect
- * notices.
- *
- * Yes Unreal users! That means you! That means you need the line
- * below! See that thing at the start of the line? That's what we
- * call a comment! Remove it to UNcomment the line.
+ * An AKILL example for services with OperServ. Your HOPM must have permission to
+ * AKILL for this to work!
*/
-# perform = "PROTOCTL HCN";
+# kline = "OS AKILL +3h *@%h Open proxy found on your host.";
+ /*
+ * Text to send on connection, these can be stacked and will be sent in this order.
+ */
+# perform = "TIME";
};
* to a dns blacklist. DNS-based blacklists store IP addresses in a DNS zone
* file. There are several blacklist that list IP addresses known to be open
* proxies or other forms of IRC abuse. By checking against these blacklists,
- * BOPMs are able to ban known sources of abuse without completely scanning them.
+ * HOPMs are able to ban known sources of abuse without completely scanning them.
*/
OPM {
* trust a remotely managed blacklist, you could set up your own, or
* leave these commented out in which case every user will be
* scanned. The use of at least one open proxy DNSBL is recommended
- * however.
- *
- * Blitzed is not associated with any of these DNSBLs, please check
- * the policies of each blacklist you use to check you are comfortable
- * with using them to block access to your server (and that you are
- * allowed to use them).
+ * however.
+ *
+ * Please check the policies of each blacklist you use to check you
+ * are comfortable with using them to block access to your server
+ * (and that you are allowed to use them).
*/
/* DroneBL - http://dronebl.org */
/*
* Email address to send reports TO.
- * For example DroneBL:
+ * For example DroneBL:
*/
# dnsbl_to = "bopm-report@dronebl.org";
* Note that if your ircd has "ping cookies" then clients from HTTP
* POST proxies cannot actually ever get onto your network anyway. If
* you leave the checks in then you'll still find some (because some
- * people IRC from boxes that run them), but if you use BOPM purely as
+ * people IRC from boxes that run them), but if you use HOPM purely as
* a protective measure and you have ping cookies, you need not scan
* for HTTP POST.
*/
/*
* IP this scanner will bind to. Use this if you need your scans to
- * come FROM a particular interface on the machine you run BOPM from.
+ * come FROM a particular interface on the machine you run HOPM from.
* If you don't understand what this means, please leave this
* commented out, as this is a major source of support queries!
*/
*
* Please use an IP that is publically reachable from anywhere on the
* Internet, because you have no way of knowing where the insecure
- * proxies will be located. Just because you and your BOPM can
+ * proxies will be located. Just because you and your HOPM can
* connect to your ircd on some private IP like 192.168.0.1, does not
* mean that the insecure proxies out there on the Internet will be
* able to. And if they never connect, you will never detect them.
*
* Remember to change this setting for every scanner you configure.
- *
*/
- target_ip = "127.0.0.1";
+ target_ip = "127.0.0.1";
/*
* Target port to tell the proxy to connect to. This is usually
* something like 6667. Basically any client-usable port.
*/
- target_port = 6667;
+ target_port = 6667;
/*
* Target string we check for in the data read back by the scanner.
* connections. Comment out any others for efficiency.
*/
- /* Usually first line sent to client on connection to ircd.
+ /*
+ * Usually first line sent to client on connection to ircd.
* If your ircd supports a more specific line (see below),
* using it will reduce false positives.
*/
- target_string = "*** Looking up your hostname...";
+ target_string = ":server.yournetwork.org NOTICE AUTH :*** Looking up your hostname";
- /* Some ircds give a source for the NOTICE AUTH (bahamut for example).
- * It is recommended you use the following instead of the generic
- * "*** Looking up your hostname..." if your ircd supports it.
- * This will reduce the chances of false positives.
- */
-# target_string = ":server.yournetwork.org NOTICE AUTH :*** Looking up your hostname...";
-
- /* If you try to connect too fast, you'll be throttled by your own
+ /*
+ * If you try to connect too fast, you'll be throttled by your own
* ircd. Here's what a hybrid throttle message looks like:
*/
- target_string = "ERROR :Trying to reconnect too fast.";
-
- /* And the same for bahamut (comment this out if you're not using bahamut): */
target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
};
+
scanner {
name = "extended";
};
-
/*
* User blocks define what scanners will be used to scan which hostmasks. When
* a user connects they will be scanned on every scanner {} (above) that
* matches their host.
*/
-
user {
/*
* Users matching this host mask will be scanned with all the
};
user {
- /* Connections without ident will match on a vast number of connections
- * very few proxies run ident though */
+ /*
+ * Connections without ident will match on a vast number of connections
+ * very few proxies run ident though
+ */
# mask = "*!~*@*";
mask = "*!squid@*";
mask = "*!nobody@*";
/*
* Exempt hosts matching certain strings from any form of scanning or dnsbl.
- * BOPM will check each string against both the hostname and the IP address of
+ * HOPM will check each string against both the hostname and the IP address of
* the user.
*
- * There are very few valid reasons to actually use "exempt". BOPM should
+ * There are very few valid reasons to actually use "exempt". HOPM should
* never get false positives, and we would like to know very much if it does.
- * One possible scenario is that the machine BOPM runs from is specifically
+ * One possible scenario is that the machine HOPM runs from is specifically
* authorized to use certain hosts as proxies, and users from those hosts use
- * your network. In this case, without exempt, BOPM will scan these hosts,
+ * your network. In this case, without exempt, HOPM will scan these hosts,
* find itself able to use them as proxies, and ban them.
*/
exempt {
projects / hopm.git / commitdiff