Search
 
 

Display results as :
 


Rechercher Advanced Search

Web Applications
install Joomla Wordpress Phpbb Drupal FluxBB PunBB osCommerce simple-machines MYBB moodle vBulletin Dolphin-v.7.1.1 PHPNUKE XOOPS
Services
install BorkNet Services X3 Services Anope Atheme Services Srvx IRC Srervices
IRCD
install Snircd IRCU INSPIRCD UNREAL Nefarious Bircd Bahamut Asuka Charybdis
TCL SCRIPT
TCL SCRIPT FOR EGGDROP Allprotection4.7 Antiproxy
Bots
Bots install FishBot bobot++ Eggdrop janus Omega Security Services Botnix Bopm SupyBot PyLink Hopm
Latest topics
» mIRCx IRC Network Config
Sun Dec 10, 2017 2:22 am by Chief

» מדריך התקנה Pylink על unrealircd4 && inspircd
Sat Nov 18, 2017 6:35 am by Chief

» מדריך כיצד משתמשים עם SSH
Sat Nov 11, 2017 7:22 pm by Chief

» מדריך התקנה hybrid open proxy monitor
Thu Oct 12, 2017 1:39 am by Chief

» install Eggdrop in FreeBsd 11
Sun Oct 01, 2017 4:22 am by Chief

» install Nefarious2 && X3 IRC Services in FreeBsd
Sat Sep 23, 2017 8:42 pm by Chief

» מדריך התקנה גירסאות DESKTOP על FREEBSD11
Sat Sep 09, 2017 1:47 pm by Chief

» working with ubuntu 14.04 and fix a problem
Wed Aug 23, 2017 1:26 am by Chief

» מדריך התקנה WORDPRESS על FREEBSD11
Mon Jul 17, 2017 2:50 am by Chief

December 2017
MonTueWedThuFriSatSun
    123
45678910
11121314151617
18192021222324
25262728293031

Calendar Calendar

Affiliates
free forum

Affiliates
free forum


Bopm.conf for Nefarious IRCD

View previous topic View next topic Go down

Bopm.conf for Nefarious IRCD

Post  Chief on Sun Jan 06, 2013 6:46 am

bopm conf for Nefarious IRCD
credit and thanks to ZioN for help
i set two conf for Nefarious but before you need in bopm.conf some options before you run bopm...
you need set mode like this
Code:

mode = "+is +22285";
you need change the connregex for bot
Code:

 connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
and you need change zline to Gline only gline you can using for bot
Code:

kline = "GLINE +*@%i * 86400 :An open proxy was detected on your host. Ensure you have removed any malware from your computer and secured any proxy software running";
    };
and this look like this

and more options from proxy you can also using in DNSBL ircd.conf and this work good this look like this

if you see 360 proxy clones try to connect and is cant
and this two conf you only to fix for your server
bopm1
Code:


    /*
     * BOPM sample configuration for Blitzed Admins.  For explanations of what all
     * the directives do, please see bopm.conf.sample.
     *
     * Most of this stuff is just suggestions.  Any setting that is required will
     * be noted as such.
     *
     */

    options {

       pidfile = "/home/asher/bopm/bopm.pid";
       dns_fdlimit = 64;
      
       /*
        * You can use this to log ALL port scans that are done.  This is
        * optional and may be useful if you ever have to deal with abuse
        * reports.
        */
    #  scanlog = "/home/asher/bopm/scan.log";
    };


    IRC {
    #  vhost = "72.20.42.118";

       /* You're required to keep to this naming scheme! */
       nick = "BMT";

       realname = "SweetBD Open Proxy Monitor";
       username = "SweetBD";
       server = "10.0.0.4";

       /* It makes sense to put the nick password here so it ID's quicker. */
    #  password = "secret";
       port = 6660;

       /*
        * Your BOPM will need a registered nick and be identified to it, to get
        * into #wg. (see below)
        */
#       nickserv = "nickserv :identify bopm-nick-password";
       oper = "darksis leetmo"; /* i changed the password before i post this conf in this theard */
      

       /* Please use these modes, they're the only ones that make sense. */
       mode = "+is +22285";
       away = "I'm a bot.  Your messages will be ignored.";

       channel {
          /*
           * This is where all of Blitzed's BOPMs are.  The name "#wg" is left over
           * from the days of dalnet's wgmon.
           */
          name = "#2";

          /*
           * Make sure your BOPM is set to ID to its nick, and that it has access
           * enough in #wg to use the chanserv invite command.  Anyone opped in #wg
           * can add this access for you.
           */
          invite = "chanserv :invite #staff";
       };

       /* Hybrid / Bahamut / Unreal (in HCN mode) */
       connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
       /*
        * "kline" controls the command used when an open proxy is confirmed.
        *
        *  %n     User's nick
        *  %u     User's username
        *  %h     User's irc hostname
        *  %i     User's IP address
        *
        * You're required to use the following kline_command:
        */
       kline = "GLINE +*@%i * 86400:An open proxy was detected on your host. Ensure you have removed any malware from your computer and secured any proxy software running";
    };


    OPM {
       /* DroneBL (see http://www.dronebl.org/howtouse.do for details) */
       blacklist {
          name = "dnsbl.dronebl.org";
          type = "A record bitmask";
          ban_unknown = no;
          
          reply {
                2 = "Sample";
                3 = "IRC Drone";
                5 = "Bottler";
                6 = "Unknown spambot or drone";
                7 = "DDOS Drone";
                8 = "SOCKS Proxy";
                9 = "HTTP Proxy";
                10 = "ProxyChain";
                255 = "Unknown";
                 1 = "WinGate";
                  11 = "Socks";
                  4 = "HTTP";
                  12 = "Router";
                  16 = "HTTPPOST";
          };
          kline = "GLINE +*@%i * 86400 :Host listed in the DroneBL. For more information visit http://dronebl.org/lookup.do?ip=%i";
       };


            blacklist {
               name = "opm.tornevall.org";
               type = "A record bitmask";
               ban_unknown = yes;
               reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
                  8 = "SOCKS Proxy";
                   9 = "HTTP Proxy";
               };
               kline = "GLINE +*@%i * 86400  :Sorry, %n, Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
            };
             blacklist {
                name = "dnsbl.njabl.org";
                type = "A record bitmask";
                reply {
                   1 = "WinGate";
                   2 = "Socks";
                   4 = "HTTP";
                   8 = "Router";
                   16 = "HTTPPOST";
                };
                ban_unknown = no;
                kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Open Proxy List.. www.njabl.org/cgi-bin/lookup.cgi?query=%i";
            };
#
#            blacklist {
#               name = "virbl.dnsbl.bit.nl";
#               type = "A record reply";
#               ban_unknown = yes;
#               reply {
#                  2 = "Virus";
#               };
#               kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Virus List.. http://virbl.bit.nl/list.php";
#            };

            blacklist {
               name = "ircbl.ahbl.org";
               type = "A record bitmask";
               ban_unknown = yes;
               reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
    
               };
               kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our DDoS/Drone/Spammer/Abuse List.. http://www.ahbl.org/tools/lookup.php?ip=%i";
            };


#
#            blacklist {
#               name = "tor.dnsbl.sectoor.de";
#               type = "A record reply";
#               reply {
#                  1 = "Tor exit server";
#               };
#               ban_unknown = no;
#               kline = "ZLINE *@%i 1d :%n, Your IP, %i, is in our TOR Server List.. http://www.sectoor.de/tor.php?ip=%i";
#           };
#

       /* rbl.efnet.org - http://rbl.efnet.org/ */
       blacklist {
          name = "rbl.efnet.org";
          type = "A record bitmask";
          reply {
                  1 = "Open proxy";
                  2 = "Trojan spreader";
                  3 = "Trojan infected client";
                  5 = "Drones / Flooding";
                  6 = "Socks";
          };
          ban_unknown = no;
          kline = "GLINE +*@%i * 86400 :Listed in rbl.efnet.org. See http://rbl.efnet.org/?i=%i";
       };

            blacklist {
               name = "rbl.efnetrbl.org";
               type = "A record bitmask";
               reply {
     1 = "Open Proxy";
   2 = "spamtrap666";
   3 = "spamtrap50";
     4 = "TOR";
   5 = "Drones / Flooding";
                   6 = "WinGate";
                   7 = "Socks";
                  
               };
               ban_unknown = no;
               kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our TOR Server List..  http://www.ahbl.org/tools/lookup.php?ip=%i";
            };

          blacklist {
               name = "dnsbl.tornevall.org";
               type = "A record bitmask";
               ban_unknown = no;
               reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
                  5 = "Open Proxy";
   6 = "spamtrap666";
   7 = "spamtrap50";
               };
               kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Open Proxy List.. http://moensted.dk/spam/no-more-funn?addr=%i";
            };

          blacklist {
               name = "tor.efnet.org";
               type = "A record bitmask";
               ban_unknown = no;
               reply {
                   1 = "WinGate";
                   2 = "Socks";
                   4 = "HTTP";
                   8 = "Router";
                   16 = "HTTPPOST";
               };
               kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Open Proxy List as a %t.. http://openrbl.org/cgi-bin/db?IP=%i";
            };

#    blacklist {
#      name = "spbl.bl.winbots.org";
#      type = "A record reply";
#      ban_unknown = yes;
#      reply {
#        1 = "Test";
#        2 = "UnderNet Spam";
#        3 = "QuakeNet Spam";
#        4 = "Winbots Spam";
#      };
#      kline = "ZLINE *@%i 1d :%n, Your IP, %i, is in our %t List.. Email cobi@winbots.org to get this resolved.";
#    };
#
#
#            blacklist {
#               name = "dronebl.noderebellion.net";
#               type = "A record reply";
#               ban_unknown = no;
#               reply {
#                  3 = "IRC spam drone (litmus/sdbot)";
#                  4 = "Tor anonymous proxy";
#                  5 = "IRC DDoS drone (wisdom/agobot/phatbot/rxbot)";
#                  10 = "Open proxy";
#                  14 = "Unknown worm/bot (found in DDoS attack by dronebl user)";
#                  17 = "Unknown worm/bot (found scanning NodeRebellion's IP network)";
#                  19 = "Open proxy (proxychain)";
#               };
#               kline = "ZLINE *@%i 1d :Your IP (%i), is listed as a %t in the DroneBL, see http://www.noderebellion.net/tools/lookup/?ip=%i";
#            };
#
#    blacklist {
#            name = "tor.sectoor.de";
#            type = "A record reply";
#            reply {
#                    1 = "tor exit server";
#            };
#            ban_unknown = no;
#            kline = "ZLINE *@%i 1d :You are in the tor.sectoor.de DNSBL. Please visit http://www.sectoor.de/tor.php?ip=%i";
#    };


       /* You must use a real email address below (that you actually read). */
       dnsbl_from = "aaa@aaa.com";

       /* Don't change this, it's already the correct address. */
       dnsbl_to = "bopm-report@dronebl.org";

       /* This is usually correct. */
       sendmail = "/usr/sbin/sendmail";
    };

    scanner {
       name = "default";

       /*
        * Any user will get scanned on these protocols.  This is the top 10 list of
        * protocol/ports found in our blacklist and you're required to test at
        * least these.
        *
        * If you want to add more, ask the OPM people for some sensible
        * suggestions.
        */
            protocol = ROUTER:23;
            protocol = SOCKS4:559;
            protocol = HTTPPOST:3128;
            protocol = SOCKS4:1080;
            protocol = HTTP:8080;
            protocol = SOCKS5:1182;
            protocol = HTTP:3128;
            protocol = HTTPPOST:8080;
            protocol = SOCKS4:9999;
            protocol = HTTPPOST:80;
            protocol = SOCKS5:1080;
            protocol = HTTP:63000;
            protocol = HTTP:8000;
            protocol = HTTPPOST:808;
            protocol = HTTP:80;
            protocol = HTTPPOST:6588;
            protocol = HTTP:6588;
            protocol = SOCKS5:3128;
            protocol = SOCKS5:10080;
            protocol = HTTPPOST:4480;
            protocol = SOCKS4:6664;
            protocol = SOCKS4:63808;
            protocol = HTTP:6667;
            protocol = SOCKS4:19991;
            protocol = SOCKS4:1098;
            protocol = SOCKS4:10000;
            protocol = SOCKS4:4471;
            protocol = HTTP:65506;
            protocol = HTTP:63809;
            protocol = SOCKS5:9090;
            protocol = HTTP:9090;
            protocol = HTTP:6668;
            protocol = SOCKS4:58;
            protocol = SOCKS5:58;
            protocol = SOCKS4:6969;
            protocol = WINGATE:23;
            protocol = SOCKS5:3380;
            protocol = SOCKS4:40;
            protocol = SOCKS5:443;
            protocol = SOCKS4:8888;
            protocol = HTTPPOST:9090;
            protocol = HTTP:5490;
            protocol = SOCKS4:8080;
            protocol = SOCKS5:6969;
            protocol = SOCKS4:1026;
            protocol = SOCKS4:1025;
            protocol = HTTP:8888;
            protocol = HTTP:6669;
            protocol = HTTP:8090;
            protocol = HTTP:808;
            protocol = SOCKS5:1029;
            protocol = SOCKS4:41080;
            protocol = SOCKS5:8020;
            protocol = SOCKS5:6000;
            protocol = HTTPPOST:8081;
            protocol = HTTP:4480;
            protocol = SOCKS5:1027;
            protocol = SOCKS4:1028;
            protocol = HTTP:3332;
            protocol = SOCKS5:8888;
            protocol = SOCKS5:1028;
            protocol = SOCKS4:3330;
            protocol = SOCKS4:29992;
            protocol = SOCKS4:1234;
            protocol = SOCKS4:1029;
            protocol = HTTP:5000;
            protocol = HTTP:443;
            protocol = SOCKS5:1813;
            protocol = SOCKS5:1081;
            protocol = SOCKS5:1026;
            protocol = SOCKS4:1337;
            protocol = SOCKS4:1050;
            protocol = HTTP:1080;
            protocol = SOCKS5:9999;
            protocol = SOCKS5:9100;
            protocol = SOCKS5:19991;
            protocol = SOCKS5:1098;
            protocol = SOCKS4:9100;
            protocol = SOCKS4:7080;
            protocol = SOCKS4:1033;
            protocol = HTTP:9000;
            protocol = HTTP:5800;
            protocol = HTTP:5634;
            protocol = HTTP:4471;
            protocol = HTTP:3382;
            protocol = SOCKS5:1200;
            protocol = SOCKS5:1039;
            protocol = SOCKS5:1025;
            protocol = SOCKS4:8002;
            protocol = SOCKS4:6748;
            protocol = SOCKS4:44548;
            protocol = SOCKS4:3380;
            protocol = SOCKS4:32167;
            protocol = SOCKS4:2000;
            protocol = SOCKS4:1979;
            protocol = SOCKS4:12654;
            protocol = SOCKS4:11225;
            protocol = SOCKS4:1066;
            protocol = SOCKS4:1030;
            protocol = SOCKS4:1027;
            protocol = SOCKS4:10099;
            protocol = HTTP:81;
            protocol = HTTP:6665;
            protocol = HTTP:6664;
            protocol = HTTP:6663;
            protocol = SOCKS5:8278;
            protocol = SOCKS5:6748;
            protocol = SOCKS5:4914;
            protocol = SOCKS5:4471;
            protocol = SOCKS5:29992;
            protocol = SOCKS5:17235;
            protocol = SOCKS5:1234;
            protocol = SOCKS5:1202;
            protocol = SOCKS5:1180;
            protocol = SOCKS5:1075;
            protocol = SOCKS5:1033;
            protocol = SOCKS5:10000;
            protocol = SOCKS4:8020;
            protocol = SOCKS4:4044;
            protocol = SOCKS4:3128;
            protocol = SOCKS4:3127;
            protocol = SOCKS4:28882;
            protocol = SOCKS4:24973;
            protocol = SOCKS4:21421;
            protocol = SOCKS4:1182;
            protocol = SOCKS4:1032;
            protocol = SOCKS4:10242;
            protocol = HTTPPOST:8089;
            protocol = HTTP:8082;
            protocol = HTTP:6661;
            protocol = HTTP:35233;
            protocol = HTTP:19991;
            protocol = HTTP:1098;
            protocol = HTTP:1050;
            protocol = SOCKS5:9988;
            protocol = SOCKS5:8080;
            protocol = SOCKS5:8009;
            protocol = SOCKS5:6561;
            protocol = SOCKS5:24971;
            protocol = SOCKS5:18844;
            protocol = SOCKS5:1122;
            protocol = SOCKS5:10777;
            protocol = SOCKS5:1030;
            protocol = SOCKS5:10130;
            protocol = SOCKS5:10099;
            protocol = SOCKS4:8751;
            protocol = SOCKS4:8278;
            protocol = SOCKS4:8111;
            protocol = SOCKS4:7007;
            protocol = SOCKS4:6551;
            protocol = SOCKS4:5353;
            protocol = SOCKS4:443;
            protocol = SOCKS4:43341;
            protocol = SOCKS4:3801;
            protocol = SOCKS4:2280;
            protocol = SOCKS4:1978;
            protocol = SOCKS4:1212;
            protocol = SOCKS4:1039;
            protocol = SOCKS4:1031;
            protocol = HTTPPOST:81;
            protocol = HTTP:9988;
            protocol = HTTP:7868;
            protocol = HTTP:7070;
            protocol = HTTP:444;
            protocol = HTTP:1200;
            protocol = HTTP:1039;


       /*
        * If your ircd is running from a machine with more than one interface,
        * you'll need to specify the IP to scan from here.  Particularly important
        * if you're running on a shell server.
        */
#      vhost = "72.20.42.118";

       /* Don't bother changing these unless you know what they do. */
       fd = 512;
       max_read = 4096;
       timeout = 30;

       /* Don't forget to change this to the public IP of your server! */
#       target_ip     = "irc.mynetwork.com";

       /* This needs to be a port that is available to normal clients. */
#       target_port   = 6667;

       /* Don't forget to change this to have your FULL server name here! */
#       target_string = "*** Looking up your hostname...";
    };

    scanner {
       /*
        * Here's a bunch more tests to do on "suspicious-looking" clients.  Again,
        * these are the most popular ports/protocols found in our blacklist, but
        * feel free to add/remove some if you know what you're doing.
        */
       name = "extra";

       protocol = WINGATE:1181;

       protocol = HTTP:81;
       protocol = HTTP:8000;
       protocol = HTTP:8001;
       protocol = HTTP:8081;
       protocol = HTTP:5748;
       protocol = HTTP:443;

       protocol = HTTPPOST:81;
       protocol = HTTPPOST:6588;
       protocol = HTTPPOST:8000;
       protocol = HTTPPOST:8001;
       protocol = HTTPPOST:8081;

       protocol = SOCKS5:1978;
       protocol = SOCKS5:10001;
       protocol = SOCKS5:30021;
       protocol = SOCKS5:30022;
       protocol = SOCKS5:38994;
       protocol = SOCKS5:15859;
       protocol = SOCKS5:1027;
       protocol = SOCKS5:2425;

       protocol = SOCKS4:559;
       protocol = SOCKS4:29992;
       protocol = SOCKS4:38884;
       protocol = SOCKS4:18844;
       protocol = SOCKS4:17771;
       protocol = SOCKS4:31121;
       protocol = SOCKS4:1182;

       protocol = ROUTER:23;

       /* Less fds are given to this scanner */
       fd = 400;
    };

    user {
       scanner = "default";
       mask = "*!*@*";
    };

    user {
       scanner = "extra";
       /*
        * If the user matches any of these masks they will get the extra scans
        * too.
        *
        * Connections without ident will match on a vast number of connections;
        * very few proxies run ident though.
        */
       mask = "*!~*@*";
       mask = "*!squid@*";
       mask = "*!nobody@*";
       mask = "*!www-data@*";
       mask = "*!cache@*";
       mask = "*!CacheFlowS@*";
       mask = "*!*@*www*";
       mask = "*!*@*proxy*";
       mask = "*!*@*cache*";
    };

    /*
     * You can use exempts to deliberately allow certain insecure proxies onto the
     * network, but this should never be necessary!  Please consult BOPM people
     * before using this.  If you think you have found a false positive then they
     * really need to know.
     */
    /*
    exempt {
       mask = "*!*@127.0.0.1";
       mask = "*!*@255.255.255.255";
    };
    */
or select conf2 Fix By MIRCX
Code:


    /*
    * BOPM sample configuration for Blitzed Admins.  For explanations of what all
    * the directives do, please see bopm.conf.sample.
    *
    * Most of this stuff is just suggestions.  Any setting that is required will
    * be noted as such.
    *
    */

    options {

      pidfile = "/home/asher/bopm/bopm.pid";
      dns_fdlimit = 64;
    
      /*
        * You can use this to log ALL port scans that are done.  This is
        * optional and may be useful if you ever have to deal with abuse
        * reports.
        */
    #  scanlog = "/home/asher/bopm/scan.log";
    };


    IRC {
    #  vhost = "72.20.42.118";

      /* You're required to keep to this naming scheme! */
      nick = "BMT";

      realname = "SweetBD Open Proxy Monitor";
      username = "SweetBD";
      server = "10.0.0.7";

      /* It makes sense to put the nick password here so it ID's quicker. */
    #  password = "secret";
      port = 6660;

      /*
        * Your BOPM will need a registered nick and be identified to it, to get
        * into #wg. (see below)
        */
#      nickserv = "nickserv :identify bopm-nick-password";
      oper = "darksis leetmo"; /* i changed the password before i post this conf in this theard */
    

      /* Please use these modes, they're the only ones that make sense. */
      mode = "+is +22285";
      away = "I'm a bot.  Your messages will be ignored.";

      channel {
          /*
          * This is where all of Blitzed's BOPMs are.  The name "#wg" is left over
          * from the days of dalnet's wgmon.
          */
          name = "#2";

          /*
          * Make sure your BOPM is set to ID to its nick, and that it has access
          * enough in #wg to use the chanserv invite command.  Anyone opped in #wg
          * can add this access for you.
          */
          invite = "chanserv :invite #staff";
      };

      /* Hybrid / Bahamut / Unreal (in HCN mode) */
      connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
      /*
        * "kline" controls the command used when an open proxy is confirmed.
        *
        *  %n    User's nick
        *  %u    User's username
        *  %h    User's irc hostname
        *  %i    User's IP address
        *
        * You're required to use the following kline_command:
        */
      kline = "GLINE +*@%i * 86400:An open proxy was detected on your host. Ensure you have removed any malware from your computer and secured any proxy software running";
    };


    OPM {
      /* DroneBL (see http://www.dronebl.org/howtouse.do for details) */
      blacklist {
          name = "dnsbl.dronebl.org";
          type = "A record bitmask";
          ban_unknown = no;
        
          reply {
                2 = "Sample";
                3 = "IRC Drone";
                5 = "Bottler";
                6 = "Unknown spambot or drone";
                7 = "DDOS Drone";
                8 = "SOCKS Proxy";
                9 = "HTTP Proxy";
                10 = "ProxyChain";
                255 = "Unknown";
                1 = "WinGate";
                  11 = "Socks";
                  4 = "HTTP";
                  12 = "Router";
                  16 = "HTTPPOST";
          };
          kline = "GLINE +*@%i * 86400 :Host listed in the DroneBL. For more information visit http://dronebl.org/lookup.do?ip=%i";
      };


            blacklist {
              name = "opm.tornevall.org";
              type = "A record bitmask";
              ban_unknown = yes;
              reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
                  8 = "SOCKS Proxy";
                  9 = "HTTP Proxy";
              };
              kline = "GLINE +*@%i * 86400  :Sorry, %n, Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
            };
            blacklist {
                name = "dnsbl.njabl.org";
                type = "A record bitmask";
                reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
                };
                ban_unknown = no;
                kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Open Proxy List.. www.njabl.org/cgi-bin/lookup.cgi?query=%i";
            };
#
#            blacklist {
#              name = "virbl.dnsbl.bit.nl";
#              type = "A record reply";
#              ban_unknown = yes;
#              reply {
#                  2 = "Virus";
#              };
#              kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Virus List.. http://virbl.bit.nl/list.php";
#            };

            blacklist {
              name = "ircbl.ahbl.org";
              type = "A record bitmask";
              ban_unknown = yes;
              reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
  
              };
              kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our DDoS/Drone/Spammer/Abuse List.. http://www.ahbl.org/tools/lookup.php?ip=%i";
            };


#
#            blacklist {
#              name = "tor.dnsbl.sectoor.de";
#              type = "A record reply";
#              reply {
#                  1 = "Tor exit server";
#              };
#              ban_unknown = no;
#              kline = "ZLINE *@%i 1d :%n, Your IP, %i, is in our TOR Server List.. http://www.sectoor.de/tor.php?ip=%i";
#          };
#

      /* rbl.efnet.org - http://rbl.efnet.org/ */
      blacklist {
          name = "rbl.efnet.org";
          type = "A record bitmask";
          reply {
                  1 = "Open proxy";
                  2 = "Trojan spreader";
                  3 = "Trojan infected client";
                  5 = "Drones / Flooding";
                  6 = "Socks";
          };
          ban_unknown = no;
          kline = "GLINE +*@%i * 86400 :Listed in rbl.efnet.org. See http://rbl.efnet.org/?i=%i";
      };

            blacklist {
              name = "rbl.efnetrbl.org";
              type = "A record bitmask";
              reply {
          1 = "Open Proxy";
        2 = "spamtrap666";
        3 = "spamtrap50";
          4 = "TOR";
        5 = "Drones / Flooding";
                  6 = "WinGate";
                  7 = "Socks";
                
              };
              ban_unknown = no;
              kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our TOR Server List..  http://www.ahbl.org/tools/lookup.php?ip=%i";
            };

          blacklist {
              name = "dnsbl.tornevall.org";
              type = "A record bitmask";
              ban_unknown = no;
              reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
                  5 = "Open Proxy";
        6 = "spamtrap666";
        7 = "spamtrap50";
              };
              kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Open Proxy List.. http://moensted.dk/spam/no-more-funn?addr=%i";
            };

          blacklist {
              name = "tor.efnet.org";
              type = "A record bitmask";
              ban_unknown = no;
              reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
              };
              kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Open Proxy List as a %t.. http://openrbl.org/cgi-bin/db?IP=%i";
            };

#    blacklist {
#      name = "spbl.bl.winbots.org";
#      type = "A record reply";
#      ban_unknown = yes;
#      reply {
#        1 = "Test";
#        2 = "UnderNet Spam";
#        3 = "QuakeNet Spam";
#        4 = "Winbots Spam";
#      };
#      kline = "ZLINE *@%i 1d :%n, Your IP, %i, is in our %t List.. Email [You must be registered and logged in to see this link.] to get this resolved.";
#    };
#
#
#            blacklist {
#              name = "dronebl.noderebellion.net";
#              type = "A record reply";
#              ban_unknown = no;
#              reply {
#                  3 = "IRC spam drone (litmus/sdbot)";
#                  4 = "Tor anonymous proxy";
#                  5 = "IRC DDoS drone (wisdom/agobot/phatbot/rxbot)";
#                  10 = "Open proxy";
#                  14 = "Unknown worm/bot (found in DDoS attack by dronebl user)";
#                  17 = "Unknown worm/bot (found scanning NodeRebellion's IP network)";
#                  19 = "Open proxy (proxychain)";
#              };
#              kline = "ZLINE *@%i 1d :Your IP (%i), is listed as a %t in the DroneBL, see http://www.noderebellion.net/tools/lookup/?ip=%i";
#            };
#
#    blacklist {
#            name = "tor.sectoor.de";
#            type = "A record reply";
#            reply {
#                    1 = "tor exit server";
#            };
#            ban_unknown = no;
#            kline = "ZLINE *@%i 1d :You are in the tor.sectoor.de DNSBL. Please visit http://www.sectoor.de/tor.php?ip=%i";
#    };


      /* You must use a real email address below (that you actually read). */
      dnsbl_from = "aaa@aaa.com";

      /* Don't change this, it's already the correct address. */
      dnsbl_to = "bopm-report@dronebl.org";

      /* This is usually correct. */
      sendmail = "/usr/sbin/sendmail";
    };

    scanner {
      name = "default";

      /*
        * Any user will get scanned on these protocols.  This is the top 10 list of
        * protocol/ports found in our blacklist and you're required to test at
        * least these.
        *
        * If you want to add more, ask the OPM people for some sensible
        * suggestions.
        */
            protocol = ROUTER:23;
            protocol = SOCKS4:559;
            protocol = HTTPPOST:3128;
            protocol = SOCKS4:1080;
            protocol = HTTP:8080;
            protocol = SOCKS5:1182;
            protocol = HTTP:3128;
            protocol = HTTPPOST:8080;
            protocol = SOCKS4:9999;
            protocol = HTTPPOST:80;
            protocol = SOCKS5:1080;
            protocol = HTTP:63000;
            protocol = HTTP:8000;
            protocol = HTTPPOST:808;
            protocol = HTTP:80;
            protocol = HTTPPOST:6588;
            protocol = HTTP:6588;
            protocol = SOCKS5:3128;
            protocol = SOCKS5:10080;
            protocol = HTTPPOST:4480;
            protocol = SOCKS4:6664;
            protocol = SOCKS4:63808;
            protocol = HTTP:6667;
            protocol = SOCKS4:19991;
            protocol = SOCKS4:1098;
            protocol = SOCKS4:10000;
            protocol = SOCKS4:4471;
            protocol = HTTP:65506;
            protocol = HTTP:63809;
            protocol = SOCKS5:9090;
            protocol = HTTP:9090;
            protocol = HTTP:6668;
            protocol = SOCKS4:58;
            protocol = SOCKS5:58;
            protocol = SOCKS4:6969;
            protocol = WINGATE:23;
            protocol = SOCKS5:3380;
            protocol = SOCKS4:40;
            protocol = SOCKS5:443;
            protocol = SOCKS4:8888;
            protocol = HTTPPOST:9090;
            protocol = HTTP:5490;
            protocol = SOCKS4:8080;
            protocol = SOCKS5:6969;
            protocol = SOCKS4:1026;
            protocol = SOCKS4:1025;
            protocol = HTTP:8888;
            protocol = HTTP:6669;
            protocol = HTTP:8090;
            protocol = HTTP:808;
            protocol = SOCKS5:1029;
            protocol = SOCKS4:41080;
            protocol = SOCKS5:8020;
            protocol = SOCKS5:6000;
            protocol = HTTPPOST:8081;
            protocol = HTTP:4480;
            protocol = SOCKS5:1027;
            protocol = SOCKS4:1028;
            protocol = HTTP:3332;
            protocol = SOCKS5:8888;
            protocol = SOCKS5:1028;
            protocol = SOCKS4:3330;
            protocol = SOCKS4:29992;
            protocol = SOCKS4:1234;
            protocol = SOCKS4:1029;
            protocol = HTTP:5000;
            protocol = HTTP:443;
            protocol = SOCKS5:1813;
            protocol = SOCKS5:1081;
            protocol = SOCKS5:1026;
            protocol = SOCKS4:1337;
            protocol = SOCKS4:1050;
            protocol = HTTP:1080;
            protocol = SOCKS5:9999;
            protocol = SOCKS5:9100;
            protocol = SOCKS5:19991;
            protocol = SOCKS5:1098;
            protocol = SOCKS4:9100;
            protocol = SOCKS4:7080;
            protocol = SOCKS4:1033;
            protocol = HTTP:9000;
            protocol = HTTP:5800;
            protocol = HTTP:5634;
            protocol = HTTP:4471;
            protocol = HTTP:3382;
            protocol = SOCKS5:1200;
            protocol = SOCKS5:1039;
            protocol = SOCKS5:1025;
            protocol = SOCKS4:8002;
            protocol = SOCKS4:6748;
            protocol = SOCKS4:44548;
            protocol = SOCKS4:3380;
            protocol = SOCKS4:32167;
            protocol = SOCKS4:2000;
            protocol = SOCKS4:1979;
            protocol = SOCKS4:12654;
            protocol = SOCKS4:11225;
            protocol = SOCKS4:1066;
            protocol = SOCKS4:1030;
            protocol = SOCKS4:1027;
            protocol = SOCKS4:10099;
            protocol = HTTP:81;
            protocol = HTTP:6665;
            protocol = HTTP:6664;
            protocol = HTTP:6663;
            protocol = SOCKS5:8278;
            protocol = SOCKS5:6748;
            protocol = SOCKS5:4914;
            protocol = SOCKS5:4471;
            protocol = SOCKS5:29992;
            protocol = SOCKS5:17235;
            protocol = SOCKS5:1234;
            protocol = SOCKS5:1202;
            protocol = SOCKS5:1180;
            protocol = SOCKS5:1075;
            protocol = SOCKS5:1033;
            protocol = SOCKS5:10000;
            protocol = SOCKS4:8020;
            protocol = SOCKS4:4044;
            protocol = SOCKS4:3128;
            protocol = SOCKS4:3127;
            protocol = SOCKS4:28882;
            protocol = SOCKS4:24973;
            protocol = SOCKS4:21421;
            protocol = SOCKS4:1182;
            protocol = SOCKS4:1032;
            protocol = SOCKS4:10242;
            protocol = HTTPPOST:8089;
            protocol = HTTP:8082;
            protocol = HTTP:6661;
            protocol = HTTP:35233;
            protocol = HTTP:19991;
            protocol = HTTP:1098;
            protocol = HTTP:1050;
            protocol = SOCKS5:9988;
            protocol = SOCKS5:8080;
            protocol = SOCKS5:8009;
            protocol = SOCKS5:6561;
            protocol = SOCKS5:24971;
            protocol = SOCKS5:18844;
            protocol = SOCKS5:1122;
            protocol = SOCKS5:10777;
            protocol = SOCKS5:1030;
            protocol = SOCKS5:10130;
            protocol = SOCKS5:10099;
            protocol = SOCKS4:8751;
            protocol = SOCKS4:8278;
            protocol = SOCKS4:8111;
            protocol = SOCKS4:7007;
            protocol = SOCKS4:6551;
            protocol = SOCKS4:5353;
            protocol = SOCKS4:443;
            protocol = SOCKS4:43341;
            protocol = SOCKS4:3801;
            protocol = SOCKS4:2280;
            protocol = SOCKS4:1978;
            protocol = SOCKS4:1212;
            protocol = SOCKS4:1039;
            protocol = SOCKS4:1031;
            protocol = HTTPPOST:81;
            protocol = HTTP:9988;
            protocol = HTTP:7868;
            protocol = HTTP:7070;
            protocol = HTTP:444;
            protocol = HTTP:1200;
            protocol = HTTP:1039;


      /*
        * If your ircd is running from a machine with more than one interface,
        * you'll need to specify the IP to scan from here.  Particularly important
        * if you're running on a shell server.
        */
#      vhost = "72.20.42.118";

      /* Don't bother changing these unless you know what they do. */
      fd = 512;
      max_read = 4096;
      timeout = 30;

      /* Don't forget to change this to the public IP of your server! */
#      target_ip    = "irc.mynetwork.com";

      /* This needs to be a port that is available to normal clients. */
#      target_port  = 6667;

      /* Don't forget to change this to have your FULL server name here! */
#      target_string = "*** Looking up your hostname...";
    };

    scanner {
      /*
        * Here's a bunch more tests to do on "suspicious-looking" clients.  Again,
        * these are the most popular ports/protocols found in our blacklist, but
        * feel free to add/remove some if you know what you're doing.
        */
      name = "extra";

      protocol = WINGATE:1181;

      protocol = HTTP:81;
      protocol = HTTP:8000;
      protocol = HTTP:8001;
      protocol = HTTP:8081;
      protocol = HTTP:5748;
      protocol = HTTP:443;

      protocol = HTTPPOST:81;
      protocol = HTTPPOST:6588;
      protocol = HTTPPOST:8000;
      protocol = HTTPPOST:8001;
      protocol = HTTPPOST:8081;

      protocol = SOCKS5:1978;
      protocol = SOCKS5:10001;
      protocol = SOCKS5:30021;
      protocol = SOCKS5:30022;
      protocol = SOCKS5:38994;
      protocol = SOCKS5:15859;
      protocol = SOCKS5:1027;
      protocol = SOCKS5:2425;

      protocol = SOCKS4:559;
      protocol = SOCKS4:29992;
      protocol = SOCKS4:38884;
      protocol = SOCKS4:18844;
      protocol = SOCKS4:17771;
      protocol = SOCKS4:31121;
      protocol = SOCKS4:1182;

      protocol = ROUTER:23;

      /* Less fds are given to this scanner */
      fd = 400;
    };

    user {
      scanner = "default";
      mask = "*!*@*";
    };

    user {
      scanner = "extra";
      /*
        * If the user matches any of these masks they will get the extra scans
        * too.
        *
        * Connections without ident will match on a vast number of connections;
        * very few proxies run ident though.
        */
      mask = "*!~*@*";
      mask = "*!squid@*";
      mask = "*!nobody@*";
      mask = "*!www-data@*";
      mask = "*!cache@*";
      mask = "*!CacheFlowS@*";
      mask = "*!*@*www*";
      mask = "*!*@*proxy*";
      mask = "*!*@*cache*";
    };

    /*
    * You can use exempts to deliberately allow certain insecure proxies onto the
    * network, but this should never be necessary!  Please consult BOPM people
    * before using this.  If you think you have found a false positive then they
    * really need to know.
    */
    /*
    exempt {
      mask = "*!*@127.0.0.1";
      mask = "*!*@255.255.255.255";
    };
    */
thanks to ZioN for help and to Network Afternet
By mIRCx
www.mIRCx.co.il
mIRCx the old Community
avatar
Chief
Admin

מספר הודעות : 215
Join date : 2011-12-09
מיקום : mIRCx IRC Network

View user profile

Back to top Go down

bopm.conf to ircu u2.10.12.pk-WGN5

Post  Chief on Sun Mar 20, 2016 5:36 am

bopm.conf good to ircu2.10.12-pk fix by ASHER
more thing if do you run a version ircu u2.10.12 then you need set in features the CONNEXIT_NOTICES and you can run bopm this work 100 %
Code:

/*
    * BOPM sample configuration for Blitzed Admins.  For explanations of what all
    * the directives do, please see bopm.conf.sample.
    *
    * Most of this stuff is just suggestions.  Any setting that is required will
    * be noted as such.
    *
    */

    options {

      pidfile = "/home/mircx/bopm/bopm.pid";
      dns_fdlimit = 64;
    
      /*
        * You can use this to log ALL port scans that are done.  This is
        * optional and may be useful if you ever have to deal with abuse
        * reports.
        */
    #  scanlog = "/home/mircx/bopm/scan.log";
    };


    IRC {
    #  vhost = "72.20.42.118";

      /* You're required to keep to this naming scheme! */
      nick = "BMT";

      realname = "SweetBD Open Proxy Monitor";
      username = "SweetBD";
      server = "192.168.1.14";

      /* It makes sense to put the nick password here so it ID's quicker. */
    #  password = "secret";
      port = 6667;

      /*
        * Your BOPM will need a registered nick and be identified to it, to get
        * into #wg. (see below)
        */
#      nickserv = "nickserv :identify bopm-nick-password";
      oper = "darksis leetmoo"; /* i changed the password before i post this conf in this theard */
    

      /* Please use these modes, they're the only ones that make sense. */
      mode = "+s +16384";
      away = "I'm a bot.  Your messages will be ignored.";

      channel {
          /*
          * This is where all of Blitzed's BOPMs are.  The name "#wg" is left over
          * from the days of dalnet's wgmon.
          */
          name = "#ircops";

          /*
          * Make sure your BOPM is set to ID to its nick, and that it has access
          * enough in #wg to use the chanserv invite command.  Anyone opped in #wg
          * can add this access for you.
          */
          invite = "chanserv :invite #staff";
      };

      /* Hybrid / Bahamut / Unreal (in HCN mode) */
      connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
      #connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
      #connregex = "\\*\\*\\* CONNECT: Client connecting on port [0-9]+: ([^ ]+)!([^@]+)@([^\\)]+) \\[([0-9\\.]+)\\] \\[.*\\]";
      #connregex = ":[^\n\r.]\{1,\}\.[^\n\r.]\{1,\}\.[^\n\r ]\{1,\} NOTICE .\{1,\} :\\*\\*\\* CONNECT: Client connecting on port [0-9]\{1,\}";
      #connregex = "\\*\\*\\* CONNECT: Client connecting on port [0-9]\{1,\} (class [^\n\r):]\{1,\}): [^\n\r!]\{1,\}![^\n\r@]\{1,\}@[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\} \[[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}] \[[^]\n\r]\{1,\}]";
      #connregex = "\\*\\*\\* PRIVMSG #opers :CONNECT: Client connecting on port [0-9]+: ([^ ]+)!([^@]+)@([^\\)]+) \\[([0-9\\.]+)\\] \\[.*\\]";
      /*
        * "kline" controls the command used when an open proxy is confirmed.
        *
        *  %n    User's nick
        *  %u    User's username
        *  %h    User's irc hostname
        *  %i    User's IP address
        *
        * You're required to use the following kline_command:
        */
      kline = "GLINE +*@%i * 86400:An open proxy was detected on your host. Ensure you have removed any malware from your computer and secured any proxy software running";
    };


    OPM {
      /* DroneBL (see http://www.dronebl.org/howtouse.do for details) */
      blacklist {
          name = "dnsbl.dronebl.org";
          type = "A record bitmask";
          ban_unknown = no;
        
          reply {
                2 = "Sample";
                3 = "IRC Drone";
                5 = "Bottler";
                6 = "Unknown spambot or drone";
                7 = "DDOS Drone";
                8 = "SOCKS Proxy";
                9 = "HTTP Proxy";
                10 = "ProxyChain";
                255 = "Unknown";
                1 = "WinGate";
                  11 = "Socks";
                  4 = "HTTP";
                  12 = "Router";
                  16 = "HTTPPOST";
          };
          kline = "GLINE +*@%i * 86400 :Host listed in the DroneBL. For more information visit http://dronebl.org/lookup.do?ip=%i";
      };


            blacklist {
              name = "dyn.shlink.org";
              type = "A record bitmask";
              ban_unknown = yes;
              reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
                  8 = "SOCKS Proxy";
                  9 = "HTTP Proxy";
              };
              kline = "GLINE +*@%i * 86400  :Sorry, %n, Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
            };
            blacklist {
                name = "dnsbl.njabl.org";
                type = "A record bitmask";
                reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
                };
                ban_unknown = no;
                kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Open Proxy List.. www.njabl.org/cgi-bin/lookup.cgi?query=%i";
            };
#
#            blacklist {
#              name = "virbl.dnsbl.bit.nl";
#              type = "A record reply";
#              ban_unknown = yes;
#              reply {
#                  2 = "Virus";
#              };
#              kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Virus List.. http://virbl.bit.nl/list.php";
#            };

            blacklist {
              name = "dnsbl.ahbl.org";
              type = "A record bitmask";
              ban_unknown = yes;
              reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
  
              };
              kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our DDoS/Drone/Spammer/Abuse List.. http://www.ahbl.org/tools/lookup.php?ip=%i";
            };



            blacklist {
              name = "tor.dnsbl.sectoor.de";
              type = "A record reply";
              reply {
                  1 = "Tor exit server";
              };
              ban_unknown = no;
              kline = "GLINE *@%i 1d :%n, Your IP, %i, is in our TOR Server List.. http://www.sectoor.de/tor.php?ip=%i";
          };


      /* rbl.efnet.org - http://rbl.efnet.org/ */
      blacklist {
          name = "rbl.efnet.org";
          type = "A record bitmask";
          reply {
                  1 = "Open proxy";
                  2 = "Trojan spreader";
                  3 = "Trojan infected client";
                  5 = "Drones / Flooding";
                  6 = "Socks";
          };
          ban_unknown = no;
          kline = "GLINE +*@%i * 86400 :Listed in rbl.efnet.org. See http://rbl.efnet.org/?i=%i";
      };

            blacklist {
              name = "rbl.efnetrbl.org";
              type = "A record bitmask";
              reply {
          1 = "Open Proxy";
        2 = "spamtrap666";
        3 = "spamtrap50";
          4 = "TOR";
        5 = "Drones / Flooding";
                  6 = "WinGate";
                  7 = "Socks";
                
              };
              ban_unknown = no;
              kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our TOR Server List..  http://www.ahbl.org/tools/lookup.php?ip=%i";
            };

          blacklist {
              name = "dnsbl.tornevall.org";
              type = "A record bitmask";
              ban_unknown = no;
              reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
                  5 = "Open Proxy";
        6 = "spamtrap666";
        7 = "spamtrap50";
              };
              kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Open Proxy List.. http://moensted.dk/spam/no-more-funn?addr=%i";
            };

          blacklist {
              name = "tor.efnet.org";
              type = "A record bitmask";
              ban_unknown = no;
              reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTPPOST";
              };
              kline = "GLINE +*@%i * 86400 :%n, Your IP, %i, is in our Open Proxy List as a %t.. http://openrbl.org/cgi-bin/db?IP=%i";
            };

#    blacklist {
#      name = "spbl.bl.winbots.org";
#      type = "A record reply";
#      ban_unknown = yes;
#      reply {
#        1 = "Test";
#        2 = "UnderNet Spam";
#        3 = "QuakeNet Spam";
#        4 = "Winbots Spam";
#      };
#      kline = "ZLINE *@%i 1d :%n, Your IP, %i, is in our %t List.. Email [You must be registered and logged in to see this link.] to get this resolved.";
#    };
#
#
#            blacklist {
#              name = "dronebl.noderebellion.net";
#              type = "A record reply";
#              ban_unknown = no;
#              reply {
#                  3 = "IRC spam drone (litmus/sdbot)";
#                  4 = "Tor anonymous proxy";
#                  5 = "IRC DDoS drone (wisdom/agobot/phatbot/rxbot)";
#                  10 = "Open proxy";
#                  14 = "Unknown worm/bot (found in DDoS attack by dronebl user)";
#                  17 = "Unknown worm/bot (found scanning NodeRebellion's IP network)";
#                  19 = "Open proxy (proxychain)";
#              };
#              kline = "ZLINE *@%i 1d :Your IP (%i), is listed as a %t in the DroneBL, see http://www.noderebellion.net/tools/lookup/?ip=%i";
#            };
#
#    blacklist {
#            name = "tor.sectoor.de";
#            type = "A record reply";
#            reply {
#                    1 = "tor exit server";
#            };
#            ban_unknown = no;
#            kline = "GLINE *@%i 1d :You are in the tor.sectoor.de DNSBL. Please visit http://www.sectoor.de/tor.php?ip=%i";
#    };


      /* You must use a real email address below (that you actually read). */
      dnsbl_from = "aaa@aaa.com";

      /* Don't change this, it's already the correct address. */
      dnsbl_to = "bopm-report@dronebl.org";

      /* This is usually correct. */
      sendmail = "/usr/sbin/sendmail";
    };

    scanner {
      name = "default";

      /*
        * Any user will get scanned on these protocols.  This is the top 10 list of
        * protocol/ports found in our blacklist and you're required to test at
        * least these.
        *
        * If you want to add more, ask the OPM people for some sensible
        * suggestions.
        */
            protocol = ROUTER:23;
            protocol = SOCKS4:559;
            protocol = HTTPPOST:3128;
            protocol = SOCKS4:1080;
            protocol = HTTP:8080;
            protocol = SOCKS5:1182;
            protocol = HTTP:3128;
            protocol = HTTPPOST:8080;
            protocol = SOCKS4:9999;
            protocol = HTTPPOST:80;
            protocol = SOCKS5:1080;
            protocol = HTTP:63000;
            protocol = HTTP:8000;
            protocol = HTTPPOST:808;
            protocol = HTTP:80;
            protocol = HTTPPOST:6588;
            protocol = HTTP:6588;
            protocol = SOCKS5:3128;
            protocol = SOCKS5:10080;
            protocol = HTTPPOST:4480;
            protocol = SOCKS4:6664;
            protocol = SOCKS4:63808;
            protocol = HTTP:6667;
            protocol = SOCKS4:19991;
            protocol = SOCKS4:1098;
            protocol = SOCKS4:10000;
            protocol = SOCKS4:4471;
            protocol = HTTP:65506;
            protocol = HTTP:63809;
            protocol = SOCKS5:9090;
            protocol = HTTP:9090;
            protocol = HTTP:6668;
            protocol = SOCKS4:58;
            protocol = SOCKS5:58;
            protocol = SOCKS4:6969;
            protocol = WINGATE:23;
            protocol = SOCKS5:3380;
            protocol = SOCKS4:40;
            protocol = SOCKS5:443;
            protocol = SOCKS4:8888;
            protocol = HTTPPOST:9090;
            protocol = HTTP:5490;
            protocol = SOCKS4:8080;
            protocol = SOCKS5:6969;
            protocol = SOCKS4:1026;
            protocol = SOCKS4:1025;
            protocol = HTTP:8888;
            protocol = HTTP:6669;
            protocol = HTTP:8090;
            protocol = HTTP:808;
            protocol = SOCKS5:1029;
            protocol = SOCKS4:41080;
            protocol = SOCKS5:8020;
            protocol = SOCKS5:6000;
            protocol = HTTPPOST:8081;
            protocol = HTTP:4480;
            protocol = SOCKS5:1027;
            protocol = SOCKS4:1028;
            protocol = HTTP:3332;
            protocol = SOCKS5:8888;
            protocol = SOCKS5:1028;
            protocol = SOCKS4:3330;
            protocol = SOCKS4:29992;
            protocol = SOCKS4:1234;
            protocol = SOCKS4:1029;
            protocol = HTTP:5000;
            protocol = HTTP:443;
            protocol = SOCKS5:1813;
            protocol = SOCKS5:1081;
            protocol = SOCKS5:1026;
            protocol = SOCKS4:1337;
            protocol = SOCKS4:1050;
            protocol = HTTP:1080;
            protocol = SOCKS5:9999;
            protocol = SOCKS5:9100;
            protocol = SOCKS5:19991;
            protocol = SOCKS5:1098;
            protocol = SOCKS4:9100;
            protocol = SOCKS4:7080;
            protocol = SOCKS4:1033;
            protocol = HTTP:9000;
            protocol = HTTP:5800;
            protocol = HTTP:5634;
            protocol = HTTP:4471;
            protocol = HTTP:3382;
            protocol = SOCKS5:1200;
            protocol = SOCKS5:1039;
            protocol = SOCKS5:1025;
            protocol = SOCKS4:8002;
            protocol = SOCKS4:6748;
            protocol = SOCKS4:44548;
            protocol = SOCKS4:3380;
            protocol = SOCKS4:32167;
            protocol = SOCKS4:2000;
            protocol = SOCKS4:1979;
            protocol = SOCKS4:12654;
            protocol = SOCKS4:11225;
            protocol = SOCKS4:1066;
            protocol = SOCKS4:1030;
            protocol = SOCKS4:1027;
            protocol = SOCKS4:10099;
            protocol = HTTP:81;
            protocol = HTTP:6665;
            protocol = HTTP:6664;
            protocol = HTTP:6663;
            protocol = SOCKS5:8278;
            protocol = SOCKS5:6748;
            protocol = SOCKS5:4914;
            protocol = SOCKS5:4471;
            protocol = SOCKS5:29992;
            protocol = SOCKS5:17235;
            protocol = SOCKS5:1234;
            protocol = SOCKS5:1202;
            protocol = SOCKS5:1180;
            protocol = SOCKS5:1075;
            protocol = SOCKS5:1033;
            protocol = SOCKS5:10000;
            protocol = SOCKS4:8020;
            protocol = SOCKS4:4044;
            protocol = SOCKS4:3128;
            protocol = SOCKS4:3127;
            protocol = SOCKS4:28882;
            protocol = SOCKS4:24973;
            protocol = SOCKS4:21421;
            protocol = SOCKS4:1182;
            protocol = SOCKS4:1032;
            protocol = SOCKS4:10242;
            protocol = HTTPPOST:8089;
            protocol = HTTP:8082;
            protocol = HTTP:6661;
            protocol = HTTP:35233;
            protocol = HTTP:19991;
            protocol = HTTP:1098;
            protocol = HTTP:1050;
            protocol = SOCKS5:9988;
            protocol = SOCKS5:8080;
            protocol = SOCKS5:8009;
            protocol = SOCKS5:6561;
            protocol = SOCKS5:24971;
            protocol = SOCKS5:18844;
            protocol = SOCKS5:1122;
            protocol = SOCKS5:10777;
            protocol = SOCKS5:1030;
            protocol = SOCKS5:10130;
            protocol = SOCKS5:10099;
            protocol = SOCKS4:8751;
            protocol = SOCKS4:8278;
            protocol = SOCKS4:8111;
            protocol = SOCKS4:7007;
            protocol = SOCKS4:6551;
            protocol = SOCKS4:5353;
            protocol = SOCKS4:443;
            protocol = SOCKS4:43341;
            protocol = SOCKS4:3801;
            protocol = SOCKS4:2280;
            protocol = SOCKS4:1978;
            protocol = SOCKS4:1212;
            protocol = SOCKS4:1039;
            protocol = SOCKS4:1031;
            protocol = HTTPPOST:81;
            protocol = HTTP:9988;
            protocol = HTTP:7868;
            protocol = HTTP:7070;
            protocol = HTTP:444;
            protocol = HTTP:1200;
            protocol = HTTP:1039;


      /*
        * If your ircd is running from a machine with more than one interface,
        * you'll need to specify the IP to scan from here.  Particularly important
        * if you're running on a shell server.
        */
#      vhost = "72.20.42.118";

      /* Don't bother changing these unless you know what they do. */
      fd = 512;
      max_read = 4096;
      timeout = 30;

      /* Don't forget to change this to the public IP of your server! */
#      target_ip    = "irc.mIRCxNet.ISRAEL";

      /* This needs to be a port that is available to normal clients. */
#      target_port  = 6667;

      /* Don't forget to change this to have your FULL server name here! */
#      target_string = "*** Looking up your hostname...";
    };

    scanner {
      /*
        * Here's a bunch more tests to do on "suspicious-looking" clients.  Again,
        * these are the most popular ports/protocols found in our blacklist, but
        * feel free to add/remove some if you know what you're doing.
        */
      name = "extra";

      protocol = WINGATE:1181;

      protocol = HTTP:81;
      protocol = HTTP:8000;
      protocol = HTTP:8001;
      protocol = HTTP:8081;
      protocol = HTTP:5748;
      protocol = HTTP:443;

      protocol = HTTPPOST:81;
      protocol = HTTPPOST:6588;
      protocol = HTTPPOST:8000;
      protocol = HTTPPOST:8001;
      protocol = HTTPPOST:8081;

      protocol = SOCKS5:1978;
      protocol = SOCKS5:10001;
      protocol = SOCKS5:30021;
      protocol = SOCKS5:30022;
      protocol = SOCKS5:38994;
      protocol = SOCKS5:15859;
      protocol = SOCKS5:1027;
      protocol = SOCKS5:2425;

      protocol = SOCKS4:559;
      protocol = SOCKS4:29992;
      protocol = SOCKS4:38884;
      protocol = SOCKS4:18844;
      protocol = SOCKS4:17771;
      protocol = SOCKS4:31121;
      protocol = SOCKS4:1182;

      protocol = ROUTER:23;

      /* Less fds are given to this scanner */
      fd = 400;
    };

    user {
      scanner = "default";
      mask = "*!*@*";
    };

    user {
      scanner = "extra";
      /*
        * If the user matches any of these masks they will get the extra scans
        * too.
        *
        * Connections without ident will match on a vast number of connections;
        * very few proxies run ident though.
        */
      mask = "*!~*@*";
      mask = "*!squid@*";
      mask = "*!nobody@*";
      mask = "*!www-data@*";
      mask = "*!cache@*";
      mask = "*!CacheFlowS@*";
      mask = "*!*@*www*";
      mask = "*!*@*proxy*";
      mask = "*!*@*cache*";
    };

    /*
    * You can use exempts to deliberately allow certain insecure proxies onto the
    * network, but this should never be necessary!  Please consult BOPM people
    * before using this.  If you think you have found a false positive then they
    * really need to know.
    */
    /*
    exempt {
      mask = "*!*@127.0.0.1";
      mask = "*!*@255.255.255.255";
    };
    */
avatar
Chief
Admin

מספר הודעות : 215
Join date : 2011-12-09
מיקום : mIRCx IRC Network

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum