From: michael Date: Mon, 22 Dec 2014 13:29:14 +0000 (+0000) Subject: - Update reference.conf X-Git-Tag: 1.0.0beta1~82 X-Git-Url: http://git.serene-ircd.net/?a=commitdiff_plain;h=c4903fbebd337abb133b80288403e10d6f9a28b7;p=hopm.git - Update reference.conf git-svn-id: svn://svn.ircd-hybrid.org/svnroot/hopm/trunk@5056 82007160-df01-0410-b94d-b575c5fd34c7 --- diff --git a/doc/reference.conf b/doc/reference.conf index 74483e1..3051212 100644 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -1,15 +1,15 @@ /* -BOPM sample configuration +HOPM sample configuration */ options { /* * Full path and filename for storing the process ID of the running - * BOPM. + * HOPM. */ - pidfile = "/some/path/bopm.pid"; + pidfile = "/some/path/hopm.pid"; /* * How many seconds to store the IP address of hosts which are @@ -22,23 +22,22 @@ options { * of running a proxy can get abusers onto your network - all they * need do is shut the proxy down, connect themselves, restart the * proxy, and tell their friends to come flood. - * + * * Keep this directive commented out to disable negative caching. */ # negcache = 3600; /* * Amount of file descriptors to allocate to asynchronous DNS. 64 - * should be plenty for almost anyone - previous versions of BOPM only - * did one at a time! + * should be plenty for almost anyone. */ dns_fdlimit = 64; /* * Put the full path and filename of a logfile here if you wish to log - * every scan done. Normally BOPM only logs successfully detected - * proxies in the bopm.log, but you may get abuse reports to your ISP - * about portscanning. Being able to show that it was BOPM that did + * every scan done. Normally HOPM only logs successfully detected + * proxies in the hopm.log, but you may get abuse reports to your ISP + * about portscanning. Being able to show that it was HOPM that did * the scan in question can be useful. Leave commented for no * logging. */ @@ -49,7 +48,7 @@ options { IRC { /* * IP to bind to for the IRC connection. You only need to use this if - * you wish BOPM to use a particular interface (virtual host, IP + * you wish HOPM to use a particular interface (virtual host, IP * alias, ...) when connecting to the IRC server. There is another * "vhost" setting in the scan {} block below for the actual * portscans. Note that this directive expects an IP address, not a @@ -59,36 +58,33 @@ IRC { # vhost = "0.0.0.0"; /* - * Nickname for BOPM to use. + * Nickname for HOPM to use. */ - nick = "MyBopm"; + nick = "MyHopm"; /* - * Text to appear in the "realname" field of BOPM's /whois output. + * Text to appear in the "realname" field of HOPM's /whois output. */ - realname = "Blitzed Open Proxy Monitor"; + realname = "Hybrid Open Proxy Monitor"; /* * If you don't have an identd running, what username to use. */ - username = "bopm"; + username = "hopm"; /* - * Hostname (or IP) of the IRC server which BOPM will monitor + * Hostname (or IP) of the IRC server which HOPM will monitor * connections on. */ server = "myserver.somenetwork.org"; - /* * Password used to connect to the IRC server (PASS) */ - # password = "secret"; - /* - * Port of the above server to connect to. This is what BOPM uses to + * Port of the above server to connect to. This is what HOPM uses to * get onto IRC itself, it is nothing to do with what ports/protocols * are scanned, nor do you need to list every port your ircd listens * on. @@ -100,65 +96,57 @@ IRC { * it). This is the raw IRC command text, and the below example * corresponds to "/msg nickserv identify password" in a client. If * you don't understand, just edit "password" in the line below to be - * your BOPM's nick password. Leave commented out if you don't need + * your HOPM's nick password. Leave commented out if you don't need * to identify to NickServ. */ -# nickserv = "privmsg nickserv :identify password"; +# nickserv = "NS IDENTIFY password"; /* - * The username and password needed for BOPM to oper up. + * The username and password needed for HOPM to oper up. */ - oper = "bopm operpass"; + oper = "hopm operpass"; /* - * Mode string that BOPM needs to set on itself as soon as it opers + * Mode string that HOPM needs to set on itself as soon as it opers * up. This needs to include the mode for seeing connection notices, - * otherwise BOPM won't scan anyone (that's usually umode +c). It's - * often also a good idea to remove any helper modes so that users - * don't try to talk to the BOPM. - * - * REMEMBER THAT IRCU AND LATER VERSIONS OF UNREAL DO NOT USE A SIMPLE - * +c !! + * otherwise HOPM won't scan anyone (that's usually umode +c). */ - mode = "+c-h"; - - /* Example for Bahamut; +F gives BOPM relaxed flood limits */ -# mode = "+Fc-h"; + mode = "+c"; /* - * If this is set then BOPM will use it as an /away message as soon as + * If this is set then HOPM will use it as an /away message as soon as * it connects. */ away = "I'm a bot. Your messages will be ignored."; /* - * Info about channels you wish BOPM to join in order to accept - * commands. BOPM will also print messages in these channels every - * time it detects a proxy. Only IRC operators can command BOPM to do - * anything, but some of the things BOPM reports to these channels - * could be soncidered sensitive, so it's best not to put BOPM into + * Info about channels you wish HOPM to join in order to accept + * commands. HOPM will also print messages in these channels every + * time it detects a proxy. Only IRC operators can command HOPM to do + * anything, but some of the things HOPM reports to these channels + * could be soncidered sensitive, so it's best not to put HOPM into * public channels. */ channel { - /* - * Channel name. Local ("&") channels are supported if your ircd - * supports them. - */ - name = "#bopm"; - - /* - * If BOPM will need to use a key to enter this channel, this is - * where you specify it. - */ -# key = "somekey"; - - /* - * If you use ChanServ then maybe you want to set the channel - * invite-only and have each BOPM do "/msg ChanServ invite" to get - * itself in. Leave commented if you don't, or if this makes no - * sense to you. - */ -# invite = "privmsg chanserv :invite #bopm"; + /* + * Channel name. Local ("&") channels are supported if your ircd + * supports them. + */ + name = "#hopm"; + + /* + * If HOPM will need to use a key to enter this channel, this is + * where you specify it. + */ +# key = "somekey"; + + /* + * If you use ChanServ then maybe you want to set the channel + * invite-only and have each HOPM do "/msg ChanServ invite" to get + * itself in. Leave commented if you don't, or if this makes no + * sense to you. + */ +# invite = "CS INVITE #hopm"; }; /* @@ -166,55 +154,34 @@ IRC { * * channel { name = "#other"; }; channel { name="#channel"; } */ - + /* * connregex is a POSIX regular expression used to parse connection * (+c) notices from the ircd. The complexity of the expression should * be kept to a minimum. - * + * * Items in order MUST be: nick user host IP * - * BOPM will not work with ircds which do not send an IP in the + * HOPM will not work with ircds which do not send an IP in the * connection notice. * * This is fairly complicated stuff, and the consequences of getting - * it wrong are the BOPM does not scan anyone. Unless you know + * it wrong are the HOPM does not scan anyone. Unless you know * absolutely what you are doing, please just uncomment the example * below that best matches the type of ircd you use. - * - * !!! NOTE !!! If a connregex for your ircd does not appear here and the - * hybrid connregex does not appear to work, check the BOPM FAQ at - * http://wiki.blitzed.org/BOPM before contacting our lists for help. - * */ - - /* Hybrid / Bahamut / Unreal (in HCN mode) */ connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*"; - /* - * Ultimate ircd - note the control-B characters around Connect/Exit, - * that is because that text appears in bold in the actual connect - * notice. Be very careful when editing this, do it as you would put - * bold characters into IRC MOTDs. - */ -# connregex = "\\*\\*\\* Connect/Exit -- from [^:]+: Client connecting on port [0-9]+: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*"; - - /* - * SorIRCd 1.3.4+ / StarIRCd 5.26+. - */ -# connregex = "\\*\\*\\* Notice -- Client connecting on port [0-9]+: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*"; - - /* * "kline" controls the command used when an open proxy is confirmed. * We suggest applying a temporary (no more than a few hours) KLINE on the host. * * - * Make sure if you need to change this string you also change the - * kline command for every DNSBL you enable below. + * Make sure if you need to change this string you also change the + * kline command for every DNSBL you enable below. * - * Also note that some servers do not allow you to include ':' characters - * inside the KLINE message (e.g. for a http:// address). + * Also note that some servers do not allow you to include ':' characters + * inside the KLINE message (e.g. for a http:// address). * * Users rewriting this message into something that isn't even a valid * IRC command is the single most common cause of support requests and @@ -231,29 +198,18 @@ IRC { * %i User's IP address * */ - kline = "KLINE *@%h :Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information."; - - /* A GLINE example for IRCu: */ -# kline = "GLINE +*@%i 1800 :Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information."; + kline = "KLINE *@%h :Open Proxy found on your host."; - /* An AKILL example for services with OperServ - * Your BOPM must have permission to AKILL for this to work! */ - -# kline = "PRIVMSG OpenServ :AKILL +3h *@%h Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information."; - /* - * Text to send on connection, these can be stacked and will be sent in this order - * - * !!! UNREAL USERS PLEASE NOTE !!! - * Unreal users will need PROTOCTL HCN to force hybrid connect - * notices. - * - * Yes Unreal users! That means you! That means you need the line - * below! See that thing at the start of the line? That's what we - * call a comment! Remove it to UNcomment the line. + * An AKILL example for services with OperServ. Your HOPM must have permission to + * AKILL for this to work! */ -# perform = "PROTOCTL HCN"; +# kline = "OS AKILL +3h *@%h Open proxy found on your host."; + /* + * Text to send on connection, these can be stacked and will be sent in this order. + */ +# perform = "TIME"; }; @@ -262,7 +218,7 @@ IRC { * to a dns blacklist. DNS-based blacklists store IP addresses in a DNS zone * file. There are several blacklist that list IP addresses known to be open * proxies or other forms of IRC abuse. By checking against these blacklists, - * BOPMs are able to ban known sources of abuse without completely scanning them. + * HOPMs are able to ban known sources of abuse without completely scanning them. */ OPM { @@ -271,12 +227,11 @@ OPM { * trust a remotely managed blacklist, you could set up your own, or * leave these commented out in which case every user will be * scanned. The use of at least one open proxy DNSBL is recommended - * however. - * - * Blitzed is not associated with any of these DNSBLs, please check - * the policies of each blacklist you use to check you are comfortable - * with using them to block access to your server (and that you are - * allowed to use them). + * however. + * + * Please check the policies of each blacklist you use to check you + * are comfortable with using them to block access to your server + * (and that you are allowed to use them). */ /* DroneBL - http://dronebl.org */ @@ -393,7 +348,7 @@ OPM { /* * Email address to send reports TO. - * For example DroneBL: + * For example DroneBL: */ # dnsbl_to = "bopm-report@dronebl.org"; @@ -480,7 +435,7 @@ scanner { * Note that if your ircd has "ping cookies" then clients from HTTP * POST proxies cannot actually ever get onto your network anyway. If * you leave the checks in then you'll still find some (because some - * people IRC from boxes that run them), but if you use BOPM purely as + * people IRC from boxes that run them), but if you use HOPM purely as * a protective measure and you have ping cookies, you need not scan * for HTTP POST. */ @@ -488,7 +443,7 @@ scanner { /* * IP this scanner will bind to. Use this if you need your scans to - * come FROM a particular interface on the machine you run BOPM from. + * come FROM a particular interface on the machine you run HOPM from. * If you don't understand what this means, please leave this * commented out, as this is a major source of support queries! */ @@ -528,21 +483,20 @@ scanner { * * Please use an IP that is publically reachable from anywhere on the * Internet, because you have no way of knowing where the insecure - * proxies will be located. Just because you and your BOPM can + * proxies will be located. Just because you and your HOPM can * connect to your ircd on some private IP like 192.168.0.1, does not * mean that the insecure proxies out there on the Internet will be * able to. And if they never connect, you will never detect them. * * Remember to change this setting for every scanner you configure. - * */ - target_ip = "127.0.0.1"; + target_ip = "127.0.0.1"; /* * Target port to tell the proxy to connect to. This is usually * something like 6667. Basically any client-usable port. */ - target_port = 6667; + target_port = 6667; /* * Target string we check for in the data read back by the scanner. @@ -555,28 +509,21 @@ scanner { * connections. Comment out any others for efficiency. */ - /* Usually first line sent to client on connection to ircd. + /* + * Usually first line sent to client on connection to ircd. * If your ircd supports a more specific line (see below), * using it will reduce false positives. */ - target_string = "*** Looking up your hostname..."; + target_string = ":server.yournetwork.org NOTICE AUTH :*** Looking up your hostname"; - /* Some ircds give a source for the NOTICE AUTH (bahamut for example). - * It is recommended you use the following instead of the generic - * "*** Looking up your hostname..." if your ircd supports it. - * This will reduce the chances of false positives. - */ -# target_string = ":server.yournetwork.org NOTICE AUTH :*** Looking up your hostname..."; - - /* If you try to connect too fast, you'll be throttled by your own + /* + * If you try to connect too fast, you'll be throttled by your own * ircd. Here's what a hybrid throttle message looks like: */ - target_string = "ERROR :Trying to reconnect too fast."; - - /* And the same for bahamut (comment this out if you're not using bahamut): */ target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled."; }; + scanner { name = "extended"; @@ -643,13 +590,11 @@ scanner { }; - /* * User blocks define what scanners will be used to scan which hostmasks. When * a user connects they will be scanned on every scanner {} (above) that * matches their host. */ - user { /* * Users matching this host mask will be scanned with all the @@ -660,8 +605,10 @@ user { }; user { - /* Connections without ident will match on a vast number of connections - * very few proxies run ident though */ + /* + * Connections without ident will match on a vast number of connections + * very few proxies run ident though + */ # mask = "*!~*@*"; mask = "*!squid@*"; mask = "*!nobody@*"; @@ -678,14 +625,14 @@ user { /* * Exempt hosts matching certain strings from any form of scanning or dnsbl. - * BOPM will check each string against both the hostname and the IP address of + * HOPM will check each string against both the hostname and the IP address of * the user. * - * There are very few valid reasons to actually use "exempt". BOPM should + * There are very few valid reasons to actually use "exempt". HOPM should * never get false positives, and we would like to know very much if it does. - * One possible scenario is that the machine BOPM runs from is specifically + * One possible scenario is that the machine HOPM runs from is specifically * authorized to use certain hosts as proxies, and users from those hosts use - * your network. In this case, without exempt, BOPM will scan these hosts, + * your network. In this case, without exempt, HOPM will scan these hosts, * find itself able to use them as proxies, and ban them. */ exempt {