|
|
| Author |
Message |
x0x
none
Joined: 15 Apr 2008
Posts: 27
|
 Posted: Jan 16, 2009 4:45am Post subject: bopm isnt working on unrealircd... please help me ASAP |
 |
|
Hi, i installed bopm yesterday... the problem is bopm is not checking user on connect... then i installed neostats with opsb and blsb...neostats seems to work but not bopm...
here is my conf
| Code: |
/*
* BOPM sample configuration for Blitzed Admins. For explanations of what all
* the directives do, please see bopm.conf.sample.
*
* Most of this stuff is just suggestions. Any setting that is required will
* be noted as such.
*
*/
options {
pidfile = "/home/c0re/bopm/bopm.pid";
dns_fdlimit = 64;
/*
* You can use this to log ALL port scans that are done. This is
* optional and may be useful if you ever have to deal with abuse
* reports.
*/
# scanlog = "/home/c0re/bopm/scan.log";
};
IRC {
# vhost = "72.20.42.118";
/* You're required to keep to this naming scheme! */
nick = "Sw33t-Elite";
realname = "SweetBD Open Proxy Monitor";
username = "SweetBD";
server = "72.20.42.118";
/* It makes sense to put the nick password here so it ID's quicker. */
# password = "secret";
port = 6667;
/*
* Your BOPM will need a registered nick and be identified to it, to get
* into #wg. (see below)
*/
nickserv = "nickserv :identify bopm-nick-password";
oper = "c0xxx xxxx"; /* i changed the password before i post this conf in this theard */
/* Please use these modes, they're the only ones that make sense. */
mode = "+Fc-h";
away = "I'm a bot. Your messages will be ignored.";
channel {
/*
* This is where all of Blitzed's BOPMs are. The name "#wg" is left over
* from the days of dalnet's wgmon.
*/
name = "#staff";
/*
* Make sure your BOPM is set to ID to its nick, and that it has access
* enough in #wg to use the chanserv invite command. Anyone opped in #wg
* can add this access for you.
*/
invite = "chanserv :invite #staff";
};
/* Hybrid / Bahamut / Unreal (in HCN mode) */
connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
/*
* "kline" controls the command used when an open proxy is confirmed.
*
* %n User's nick
* %u User's username
* %h User's irc hostname
* %i User's IP address
*
* You're required to use the following kline_command:
*/
kline = "GZLINE *@%i 1d :An open proxy was detected on your host. Ensure you have removed any malware from your computer and secured any proxy software running";
};
OPM {
/* DroneBL (see http://www.dronebl.org/howtouse.do for details) */
blacklist {
name = "dnsbl.dronebl.org";
type = "A record reply";
ban_unknown = no;
reply {
2 = "Sample";
3 = "IRC Drone";
5 = "Bottler";
6 = "Unknown spambot or drone";
7 = "DDOS Drone";
8 = "SOCKS Proxy";
9 = "HTTP Proxy";
10 = "ProxyChain";
255 = "Unknown";
};
kline = "GZLINE *@%i 1d :Host listed in the DroneBL. For more information visit http://dronebl.org/lookup.do?ip=%i";
};
blacklist {
name = "opm.blitzed.org";
type = "A record bitmask";
ban_unknown = yes;
reply {
1 = "WinGate";
2 = "Socks";
4 = "HTTP";
8 = "Router";
16 = "HTTP POST";
};
kline = "GZLINE *@%i 1d :Sorry, %n, Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
};
blacklist {
name = "dnsbl.njabl.org";
type = "A record reply";
reply {
9 = "Open proxy";
};
ban_unknown = no;
kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our Open Proxy List.. www.njabl.org/cgi-bin/lookup.cgi?query=%i";
};
blacklist {
name = "virbl.dnsbl.bit.nl";
type = "A record reply";
ban_unknown = yes;
reply {
2 = "Virus";
};
kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our Virus List.. http://virbl.bit.nl/list.php";
};
blacklist {
name = "ircbl.ahbl.org";
type = "A record reply";
ban_unknown = yes;
reply {
2 = "Abusive";
};
kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our DDoS/Drone/Spammer/Abuse List.. http://www.ahbl.org/tools/lookup.php?ip=%i";
};
blacklist {
name = "tor.dnsbl.sectoor.de";
type = "A record reply";
reply {
1 = "Tor exit server";
};
ban_unknown = no;
kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our TOR Server List.. http://www.sectoor.de/tor.php?ip=%i";
};
/* rbl.efnet.org - http://rbl.efnet.org/ */
blacklist {
name = "rbl.efnet.org";
type = "A record reply";
reply {
1 = "Open proxy";
2 = "Trojan spreader";
3 = "Trojan infected client";
5 = "Drones / Flooding";
};
ban_unknown = no;
kline = "GZLINE *@%i 1d :Listed in rbl.efnet.org. See http://rbl.efnet.org/?i=%i";
};
blacklist {
name = "tor.ahbl.org";
type = "A record reply";
reply {
2 = "Tor exit server";
};
ban_unknown = no;
kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our TOR Server List.. http://www.ahbl.org/tools/lookup.php?ip=%i";
};
blacklist {
name = "no-more-funn.moensted.dk";
type = "A record reply";
ban_unknown = no;
reply {
10 = "Open Proxy";
};
kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our Open Proxy List.. http://moensted.dk/spam/no-more-funn?addr=%i";
};
blacklist {
name = "dnsbl.sorbs.net";
type = "A record reply";
ban_unknown = no;
reply {
2 = "Open HTTP Proxy";
3 = "Open Socks Proxy";
4 = "Other Open Proxy";
};
kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our Open Proxy List as a %t.. http://dnsbl.sorbs.net/cgi-bin/db?IP=%i";
};
blacklist {
name = "spbl.bl.winbots.org";
type = "A record reply";
ban_unknown = yes;
reply {
1 = "Test";
2 = "UnderNet Spam";
3 = "QuakeNet Spam";
4 = "Winbots Spam";
};
kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our %t List.. Email cobi@winbots.org to get this resolved.";
};
blacklist {
name = "dronebl.noderebellion.net";
type = "A record reply";
ban_unknown = no;
reply {
3 = "IRC spam drone (litmus/sdbot)";
4 = "Tor anonymous proxy";
5 = "IRC DDoS drone (wisdom/agobot/phatbot/rxbot)";
10 = "Open proxy";
14 = "Unknown worm/bot (found in DDoS attack by dronebl user)";
17 = "Unknown worm/bot (found scanning NodeRebellion's IP network)";
19 = "Open proxy (proxychain)";
};
kline = "GZLINE *@%i 1d :Your IP (%i), is listed as a %t in the DroneBL, see http://www.noderebellion.net/tools/lookup/?ip=%i";
};
blacklist {
name = "tor.sectoor.de";
type = "A record reply";
reply {
1 = "tor exit server";
};
ban_unknown = no;
kline = "GZLINE *@%i 1d :You are in the tor.sectoor.de DNSBL. Please visit http://www.sectoor.de/tor.php?ip=%i";
};
/* You must use a real email address below (that you actually read). */
dnsbl_from = "dude.st3v3n@coolscorpio.com";
/* Don't change this, it's already the correct address. */
dnsbl_to = "bopm-report@dronebl.org";
/* This is usually correct. */
sendmail = "/usr/sbin/sendmail";
};
scanner {
name = "default";
/*
* Any user will get scanned on these protocols. This is the top 10 list of
* protocol/ports found in our blacklist and you're required to test at
* least these.
*
* If you want to add more, ask the OPM people for some sensible
* suggestions.
*/
protocol = ROUTER:23;
protocol = SOCKS4:559;
protocol = HTTPPOST:3128;
protocol = SOCKS4:1080;
protocol = HTTP:8080;
protocol = SOCKS5:1182;
protocol = HTTP:3128;
protocol = HTTPPOST:8080;
protocol = SOCKS4:9999;
protocol = HTTPPOST:80;
protocol = SOCKS5:1080;
protocol = HTTP:63000;
protocol = HTTP:8000;
protocol = HTTPPOST:808;
protocol = HTTP:80;
protocol = HTTPPOST:6588;
protocol = HTTP:6588;
protocol = SOCKS5:3128;
protocol = SOCKS5:10080;
protocol = HTTPPOST:4480;
protocol = SOCKS4:6664;
protocol = SOCKS4:63808;
protocol = HTTP:6667;
protocol = SOCKS4:19991;
protocol = SOCKS4:1098;
protocol = SOCKS4:10000;
protocol = SOCKS4:4471;
protocol = HTTP:65506;
protocol = HTTP:63809;
protocol = SOCKS5:9090;
protocol = HTTP:9090;
protocol = HTTP:6668;
protocol = SOCKS4:58;
protocol = SOCKS5:58;
protocol = SOCKS4:6969;
protocol = WINGATE:23;
protocol = SOCKS5:3380;
protocol = SOCKS4:40;
protocol = SOCKS5:443;
protocol = SOCKS4:8888;
protocol = HTTPPOST:9090;
protocol = HTTP:5490;
protocol = SOCKS4:8080;
protocol = SOCKS5:6969;
protocol = SOCKS4:1026;
protocol = SOCKS4:1025;
protocol = HTTP:8888;
protocol = HTTP:6669;
protocol = HTTP:8090;
protocol = HTTP:808;
protocol = SOCKS5:1029;
protocol = SOCKS4:41080;
protocol = SOCKS5:8020;
protocol = SOCKS5:6000;
protocol = HTTPPOST:8081;
protocol = HTTP:4480;
protocol = SOCKS5:1027;
protocol = SOCKS4:1028;
protocol = HTTP:3332;
protocol = SOCKS5:8888;
protocol = SOCKS5:1028;
protocol = SOCKS4:3330;
protocol = SOCKS4:29992;
protocol = SOCKS4:1234;
protocol = SOCKS4:1029;
protocol = HTTP:5000;
protocol = HTTP:443;
protocol = SOCKS5:1813;
protocol = SOCKS5:1081;
protocol = SOCKS5:1026;
protocol = SOCKS4:1337;
protocol = SOCKS4:1050;
protocol = HTTP:1080;
protocol = SOCKS5:9999;
protocol = SOCKS5:9100;
protocol = SOCKS5:19991;
protocol = SOCKS5:1098;
protocol = SOCKS4:9100;
protocol = SOCKS4:7080;
protocol = SOCKS4:1033;
protocol = HTTP:9000;
protocol = HTTP:5800;
protocol = HTTP:5634;
protocol = HTTP:4471;
protocol = HTTP:3382;
protocol = SOCKS5:1200;
protocol = SOCKS5:1039;
protocol = SOCKS5:1025;
protocol = SOCKS4:8002;
protocol = SOCKS4:6748;
protocol = SOCKS4:44548;
protocol = SOCKS4:3380;
protocol = SOCKS4:32167;
protocol = SOCKS4:2000;
protocol = SOCKS4:1979;
protocol = SOCKS4:12654;
protocol = SOCKS4:11225;
protocol = SOCKS4:1066;
protocol = SOCKS4:1030;
protocol = SOCKS4:1027;
protocol = SOCKS4:10099;
protocol = HTTP:81;
protocol = HTTP:6665;
protocol = HTTP:6664;
protocol = HTTP:6663;
protocol = SOCKS5:8278;
protocol = SOCKS5:6748;
protocol = SOCKS5:4914;
protocol = SOCKS5:4471;
protocol = SOCKS5:29992;
protocol = SOCKS5:17235;
protocol = SOCKS5:1234;
protocol = SOCKS5:1202;
protocol = SOCKS5:1180;
protocol = SOCKS5:1075;
protocol = SOCKS5:1033;
protocol = SOCKS5:10000;
protocol = SOCKS4:8020;
protocol = SOCKS4:4044;
protocol = SOCKS4:3128;
protocol = SOCKS4:3127;
protocol = SOCKS4:28882;
protocol = SOCKS4:24973;
protocol = SOCKS4:21421;
protocol = SOCKS4:1182;
protocol = SOCKS4:1032;
protocol = SOCKS4:10242;
protocol = HTTPPOST:8089;
protocol = HTTP:8082;
protocol = HTTP:6661;
protocol = HTTP:35233;
protocol = HTTP:19991;
protocol = HTTP:1098;
protocol = HTTP:1050;
protocol = SOCKS5:9988;
protocol = SOCKS5:8080;
protocol = SOCKS5:8009;
protocol = SOCKS5:6561;
protocol = SOCKS5:24971;
protocol = SOCKS5:18844;
protocol = SOCKS5:1122;
protocol = SOCKS5:10777;
protocol = SOCKS5:1030;
protocol = SOCKS5:10130;
protocol = SOCKS5:10099;
protocol = SOCKS4:8751;
protocol = SOCKS4:8278;
protocol = SOCKS4:8111;
protocol = SOCKS4:7007;
protocol = SOCKS4:6551;
protocol = SOCKS4:5353;
protocol = SOCKS4:443;
protocol = SOCKS4:43341;
protocol = SOCKS4:3801;
protocol = SOCKS4:2280;
protocol = SOCKS4:1978;
protocol = SOCKS4:1212;
protocol = SOCKS4:1039;
protocol = SOCKS4:1031;
protocol = HTTPPOST:81;
protocol = HTTP:9988;
protocol = HTTP:7868;
protocol = HTTP:7070;
protocol = HTTP:444;
protocol = HTTP:1200;
protocol = HTTP:1039;
/*
* If your ircd is running from a machine with more than one interface,
* you'll need to specify the IP to scan from here. Particularly important
* if you're running on a shell server.
*/
vhost = "72.20.42.118";
/* Don't bother changing these unless you know what they do. */
fd = 512;
max_read = 4096;
timeout = 30;
/* Don't forget to change this to the public IP of your server! */
target_ip = "72.20.42.118";
/* This needs to be a port that is available to normal clients. */
target_port = 6667;
/* Don't forget to change this to have your FULL server name here! */
target_string = "*** Looking up your hostname...";
};
scanner {
/*
* Here's a bunch more tests to do on "suspicious-looking" clients. Again,
* these are the most popular ports/protocols found in our blacklist, but
* feel free to add/remove some if you know what you're doing.
*/
name = "extra";
protocol = WINGATE:1181;
protocol = HTTP:81;
protocol = HTTP:8000;
protocol = HTTP:8001;
protocol = HTTP:8081;
protocol = HTTP:5748;
protocol = HTTP:443;
protocol = HTTPPOST:81;
protocol = HTTPPOST:6588;
protocol = HTTPPOST:8000;
protocol = HTTPPOST:8001;
protocol = HTTPPOST:8081;
protocol = SOCKS5:1978;
protocol = SOCKS5:10001;
protocol = SOCKS5:30021;
protocol = SOCKS5:30022;
protocol = SOCKS5:38994;
protocol = SOCKS5:15859;
protocol = SOCKS5:1027;
protocol = SOCKS5:2425;
protocol = SOCKS4:559;
protocol = SOCKS4:29992;
protocol = SOCKS4:38884;
protocol = SOCKS4:18844;
protocol = SOCKS4:17771;
protocol = SOCKS4:31121;
protocol = SOCKS4:1182;
protocol = ROUTER:23;
/* Less fds are given to this scanner */
fd = 400;
};
user {
scanner = "default";
mask = "*!*@*";
};
user {
scanner = "extra";
/*
* If the user matches any of these masks they will get the extra scans
* too.
*
* Connections without ident will match on a vast number of connections;
* very few proxies run ident though.
*/
mask = "*!~*@*";
mask = "*!squid@*";
mask = "*!nobody@*";
mask = "*!www-data@*";
mask = "*!cache@*";
mask = "*!CacheFlowS@*";
mask = "*!*@*www*";
mask = "*!*@*proxy*";
mask = "*!*@*cache*";
};
/*
* You can use exempts to deliberately allow certain insecure proxies onto the
* network, but this should never be necessary! Please consult BOPM people
* before using this. If you think you have found a false positive then they
* really need to know.
*/
/*
exempt {
mask = "*!*@127.0.0.1";
};
*/
|
Last edited by x0x on Jan 16, 2009 5:05am; edited 1 time in total |
|
| Back to top |
|
 |
Jobe
Eleet
Joined: 30 Jul 2006
Posts: 526
Location: Lurking in the shadows of some random channel!
|
| Posted: Jan 16, 2009 4:49am Post subject: |
|
|
Which IRCd are you using?
If you want live support, I'm pretty sure you know where to find me on IRC |
|
| Back to top |
|
|
Trixar_za
Eleet
Joined: 10 Dec 2006
Posts: 613
Location: South Africa
|
| Posted: Jan 16, 2009 6:26am Post subject: |
|
|
Don't know if you got help with this already, but the I found doing the following tends to make BOPM run quite well on my network:
1. Make sure all ban_unknown is set to no - the can cause trouble with hosts that don't resolve and ban a lot of innocent users.
2. With unreal make sure that your BOPM get the connection snomasks (not user modes) that allows the bot to see them, those being '+s +cF' - You can do this by adding it with the snomask switch to it's O-line:
| Code: | oper BOPMOperNameHere {
class clients;
from {
userhost *@*;
};
password "passwordhash";
flags
{
global;
can_zline;
can_gzline;
can_gkline;
};
snomask cF;
}; |
3. Have a copy of it's O-line on all servers in your network.
Optionally, you can download the BOPM helper module for unrealircd from their module list - it works in a way that you don't need to have a copy of the o-line on more than one server because it forwards all the connections updates to the bot. This however needs to be on ALL servers in the network to work properly, so you can just use step 3's method to avoid having to install any extra modules. Btw if your installing modules for unrealircd, you might aswell grab antirandom - it works like a older Defender, but is 'built' into the IRCd then.
Anyway, I hope that helps  |
|
| Back to top |
|
|
x0x
none
Joined: 15 Apr 2008
Posts: 27
|
| Posted: Jan 16, 2009 7:20am Post subject: |
|
|
jobe i am banned on anope.org
Closing Link: c-0-r-e[***.***.***.***] (User has been banned from Anope (Repeated proxy attempts, email team@anope.org to dispute.)) |
|
| Back to top |
|
|
Jobe
Eleet
Joined: 30 Jul 2006
Posts: 526
Location: Lurking in the shadows of some random channel!
|
| Posted: Jan 16, 2009 10:05am Post subject: |
|
|
| x0x wrote: | jobe i am banned on anope.org
Closing Link: c-0-r-e[***.***.***.***] (User has been banned from Anope (Repeated proxy attempts, email team@anope.org to dispute.)) |
Did you follow the instructions you just pasted?
Also, for "modes" you need "+s +c" at least, or for global connections too "+s +cF"
Currently you have "+Fc-h" which wont show your BOPM ANY connect notices. |
|
| Back to top |
|
|
PingBad
Post Whore
Joined: 05 Feb 2005
Posts: 3001
Location: New Zealand
|
| Posted: Jan 16, 2009 2:49pm Post subject: |
|
|
When you are pasting error messages you receive and whatever when it comes to trouble connecting to a given network, it may be wise to censor your IP address lest you be the recipient of some lame kid's port scanning/DDoS attempts later on.
Just some friendly advice  |
|
| Back to top |
|
|
katsklaw
Guru
Joined: 28 Jun 2004
Posts: 1604
Location: Somewhere you're not.
|
| Posted: Jan 17, 2009 9:43am Post subject: |
|
|
| PingBad wrote: | When you are pasting error messages you receive and whatever when it comes to trouble connecting to a given network, it may be wise to censor your IP address lest you be the recipient of some lame kid's port scanning/DDoS attempts later on.
Just some friendly advice |
email addresses too |
|
| Back to top |
|
|
zeke
Idler
Joined: 04 Oct 2003
Posts: 338
|
| Posted: Jan 17, 2009 11:41am Post subject: |
|
|
I'm suspecting it may have something to do with the HCN thing, if using Unreal:
| Code: | /*
* Text to send on connection, these can be stacked and will be sent in$
*
* !!! UNREAL USERS PLEASE NOTE !!!
* Unreal users will need PROTOCTL HCN to force hybrid connect
* notices.
*
* Yes Unreal users! That means you! That means you need the line
* below! See that thing at the start of the line? That's what we
* call a comment! Remove it to UNcomment the line.
*/
perform = "PROTOCTL HCN";
|
|
|
| Back to top |
|
|
x0x
none
Joined: 15 Apr 2008
Posts: 27
|
| Posted: Jan 25, 2009 6:04am Post subject: |
|
|
| well thanks everyone.... zeke's post helped me a lot ... thanks and thanks everyone.... btw can i run a bopm for all unrealircd that are linked together? |
|
| Back to top |
|
|
zeke
Idler
Joined: 04 Oct 2003
Posts: 338
|
| Posted: Jan 25, 2009 10:58pm Post subject: |
|
|
Yep, you just need to modify the connregex to fit as appropriate. To work for every server, this works fine for me:
| Code: | | connregex = "\\*\\*\\* Notice -- Client connecting[.A-Za-z0-9 ]*: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*"; |
|
|
| Back to top |
|
|
b0nedaddy
none
Joined: 23 Jan 2009
Posts: 10
|
| Posted: Jan 26, 2009 6:11pm Post subject: spammer |
|
|
| [Removed Abusive Post, see below post. -PB] |
|
| Back to top |
|
|
PingBad
Post Whore
Joined: 05 Feb 2005
Posts: 3001
Location: New Zealand
|
| Posted: Jan 26, 2009 6:30pm Post subject: |
|
|
b0nedaddy - have you learnt nothing from your previous bans? Constantly attacking people, insulting people for their choice of IRCd and/or services.
Honestly, go away. No, serious - just go away, and stay away. You've been nothing but a total (and constant) pain in the ass since the first time you registered. |
|
| Back to top |
|
|
Invisible
Idler
Joined: 26 Jul 2005
Posts: 280
|
| Posted: Jan 26, 2009 6:49pm Post subject: |
|
|
| I agree, enough is enough, move on already. |
|
| Back to top |
|
|
x0x
none
Joined: 15 Apr 2008
Posts: 27
|
| Posted: Mar 07, 2009 9:15am Post subject: |
|
|
| Thanks guys for nice post |
|
| Back to top |
|
|
RedBeard
none
Joined: 25 Dec 2010
Posts: 41
Location: georgia
|
| Posted: Jan 14, 2011 9:33pm Post subject: |
|
|
here is the modes i set for my BOPM
mode = "+sFc-h";
x0x
try those and see if they work for you.
make sure you have a registered nick and password and also
an oper block or it will not work.
by the way what version of BOPM is this
mine is BOPM-3.1.3 |
|
| Back to top |
|
|
|
Register
Log in
