Search
 
 

Display results as :
 


Rechercher Advanced Search

Web Applications
install Joomla Wordpress Phpbb Drupal FluxBB PunBB osCommerce simple-machines MYBB moodle vBulletin Dolphin-v.7.1.1 PHPNUKE XOOPS
Services
install BorkNet Services X3 Services Anope Atheme Services Srvx IRC Srervices
IRCD
install Snircd IRCU INSPIRCD UNREAL Nefarious Bircd Bahamut Asuka Charybdis
TCL SCRIPT
TCL SCRIPT FOR EGGDROP Allprotection4.7 Antiproxy
Bots
Bots install FishBot bobot++ Eggdrop janus Omega Security Services Botnix Bopm SupyBot PyLink Hopm
Latest topics
» mIRCx IRC Network Config
Sat Aug 04, 2018 2:39 pm by Chief

» מדריך הגנות אופרים בגירסאות IRCD
Mon May 14, 2018 5:50 am by Chief

» install irssi v1.2-1.2-dev in freebsd
Thu Mar 22, 2018 5:43 am by Chief

» install ZNC in Ubuntu 14.04
Sun Mar 04, 2018 5:50 am by Chief

» מדריך שינוי גירסאות ב FREEBSD
Fri Mar 02, 2018 8:35 am by Chief

» מדריך התקנה ZNC על WINDOWS 7
Wed Feb 21, 2018 3:30 am by Chief

» Guide install Znc in FreeBsd
Sun Feb 18, 2018 7:58 am by Chief

» Guide install InspIRCd v3.0.0a5 in FreeBsd
Thu Jan 18, 2018 9:52 pm by Chief

» מדריך התקנה Pylink על unrealircd4 && inspircd
Sat Nov 18, 2017 6:35 am by Chief

November 2018
MonTueWedThuFriSatSun
   1234
567891011
12131415161718
19202122232425
2627282930  

Calendar Calendar

Affiliates
free forum

Affiliates
free forum


mIRCx IRC Network Config

Page 2 of 2 Previous  1, 2

Go down

bopm.conf For uneralircd4

Post  Chief on Fri Oct 13, 2017 11:15 pm

Code:

/*

BOPM sample configuration

*/

options {
   /*
    * Full path and filename for storing the process ID of the running
    * BOPM.
    */
   pidfile = "/home/asher/bopm/bopm.pid";

   /*
    * How many seconds to store the IP address of hosts which are
    * confirmed (by previous scans) to be secure.  New users from these
    * IP addresses will not be scanned again until this amount of time
    * has passed. IT IS STRONGLY RECOMMENDED THAT YOU DO NOT USE THIS
    * DIRECTIVE, but it is provided due to demand.
    *
    * The main reason for not using this feature is that anyone capable
    * of running a proxy can get abusers onto your network - all they
    * need do is shut the proxy down, connect themselves, restart the
    * proxy, and tell their friends to come flood.
    *   
    * Keep this directive commented out to disable negative caching.
    */
#   negcache = 3600;

   /*
    * Amount of file descriptors to allocate to asynchronous DNS.  64
    * should be plenty for almost anyone - previous versions of BOPM only
    * did one at a time!
    */
   dns_fdlimit = 64;

   /*
    * Put the full path and filename of a logfile here if you wish to log
    * every scan done.  Normally BOPM only logs successfully detected
    * proxies in the bopm.log, but you may get abuse reports to your ISP
    * about portscanning.  Being able to show that it was BOPM that did
    * the scan in question can be useful.  Leave commented for no
    * logging.
    */
#   scanlog = "/some/path/scan.log";
};


IRC {
   /*
    * IP to bind to for the IRC connection.  You only need to use this if
    * you wish BOPM to use a particular interface (virtual host, IP
    * alias, ...) when connecting to the IRC server.  There is another
    * "vhost" setting in the scan {} block below for the actual
    * portscans.  Note that this directive expects an IP address, not a
    * hostname.  Please leave this commented out if you do not
    * understand what it does, as most people don't need it.
    */
#   vhost = "0.0.0.0";

   /*
    * Nickname for BOPM to use.
    */
   nick = "MyBopm";

   /*
    * Text to appear in the "realname" field of BOPM's /whois output.
    */
   realname = "Blitzed Open Proxy Monitor";

   /*
    * If you don't have an identd running, what username to use.
    */
   username = "bopm";

   /*
    * Hostname (or IP) of the IRC server which BOPM will monitor
    * connections on.
    */
   server = "192.168.1.219";


   /*
    * Password used to connect to the IRC server (PASS)
    */
   
#   password = "secret";


   /*
    * Port of the above server to connect to.  This is what BOPM uses to
    * get onto IRC itself, it is nothing to do with what ports/protocols
    * are scanned, nor do you need to list every port your ircd listens
    * on.
    */
   port = 6665;

   /*
    * Command to execute to identify to NickServ (if your network uses
    * it).  This is the raw IRC command text, and the below example
    * corresponds to "/msg nickserv identify password" in a client.  If
    * you don't understand, just edit "password" in the line below to be
    * your BOPM's nick password.  Leave commented out if you don't need
    * to identify to NickServ.
    */
#   nickserv = "privmsg nickserv :identify password";

   /*
    * The username and password needed for BOPM to oper up.
    */
   oper = "hopm 123456";
 
   /*
    * Mode string that BOPM needs to set on itself as soon as it opers
    * up.  This needs to include the mode for seeing connection notices,
    * otherwise BOPM won't scan anyone (that's usually umode +c).  It's
    * often also a good idea to remove any helper modes so that users
    * don't try to talk to the BOPM.
    *
    * REMEMBER THAT IRCU AND LATER VERSIONS OF UNREAL DO NOT USE A SIMPLE
    * +c !!
    */
   mode = "+Bs +cF";

   /* Example for Bahamut; +F gives BOPM relaxed flood limits */
#   mode = "+Fc-h";

   /*
    * If this is set then BOPM will use it as an /away message as soon as
    * it connects.
    */
   away = "I'm a bot.  Your messages will be ignored.";

   /*
    * Info about channels you wish BOPM to join in order to accept
    * commands.  BOPM will also print messages in these channels every
    * time it detects a proxy.  Only IRC operators can command BOPM to do
    * anything, but some of the things BOPM reports to these channels
    * could be soncidered sensitive, so it's best not to put BOPM into
    * public channels.
    */
   channel {
     /*
       * Channel name.  Local ("&") channels are supported if your ircd
       * supports them.
       */
     name = "#mIRCx";
                   
     /*
       * If BOPM will need to use a key to enter this channel, this is
       * where you specify it.
       */
#     key = "somekey";

     /*
       * If you use ChanServ then maybe you want to set the channel
       * invite-only and have each BOPM do "/msg ChanServ invite" to get
       * itself in.  Leave commented if you don't, or if this makes no
       * sense to you.
       */
#     invite = "privmsg chanserv :invite #bopm";
   };

   /*
    * You can define a bunch of channels if you want:
    *
    * channel { name = "#other"; }; channel { name="#channel"; }
    */
     
   /*
    * connregex is a POSIX regular expression used to parse connection
    * (+c) notices from the ircd. The complexity of the expression should
    * be kept to a minimum.
    * 
    * Items in order MUST be: nick user host IP
    *
    * BOPM will not work with ircds which do not send an IP in the
    * connection notice.
    *
    * This is fairly complicated stuff, and the consequences of getting
    * it wrong are the BOPM does not scan anyone.  Unless you know
    * absolutely what you are doing, please just uncomment the example
    * below that best matches the type of ircd you use.
    *
    * !!! NOTE !!! If a connregex for your ircd does not appear here and the
    * hybrid connregex does not appear to work, check the BOPM FAQ at
    * http://wiki.blitzed.org/BOPM before contacting our lists for help.
    *
    */

   /* Hybrid / Bahamut / Unreal (in HCN mode) */
#   connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
              connregex = "\\*\\*\\* Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-fA-F\\.:]+)\\].*";
   /*
    * Ultimate ircd  - note the control-B characters around Connect/Exit,
    * that is because that text appears in bold in the actual connect
    * notice.  Be very careful when editing this, do it as you would put
    * bold characters into IRC MOTDs.
    */
#   connregex = "\\*\\*\\* Connect/Exit -- from [^:]+: Client connecting on port [0-9]+: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";

   /*
    * SorIRCd 1.3.4+ / StarIRCd 5.26+.
    */
#   connregex = "\\*\\*\\* Notice -- Client connecting on port [0-9]+: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";


   /*
    * "kline" controls the command used when an open proxy is confirmed.
    * We suggest applying a temporary (no more than a few hours) KLINE on the host.
    *
    * <WARNING>
        * Make sure if you need to change this string you also change the
        * kline command for every DNSBL you enable below.
    *
        * Also note that some servers do not allow you to include ':' characters
        * inside the KLINE message (e.g. for a http:// address).
    *
    * Users rewriting this message into something that isn't even a valid
    * IRC command is the single most common cause of support requests and
    * therefore WE WILL NOT SUPPORT YOU UNLESS YOU USE ONE OF THE EXAMPLE
    * KLINE COMMANDS BELOW.
    * </WARNING>
    *
    * That said, should you wish to customise this text, several
    * printf-like placeholders are available:
    *
    *  %n    User's nick
    *  %u    User's username
    *  %h    User's irc hostname
    *  %i    User's IP address
    *
    */
   kline = "KLINE *@%h :Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";

   /* A GLINE example for IRCu: */
#      kline = "GLINE +*@%i 1800 :Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";

        /* An AKILL example for services with OperServ
        * Your BOPM must have permission to AKILL for this to work! */

#      kline = "PRIVMSG OpenServ :AKILL +3h *@%h Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
     
   /*
    * Text to send on connection, these can be stacked and will be sent in this order
    *
    * !!! UNREAL USERS PLEASE NOTE !!!
    * Unreal users will need PROTOCTL HCN to force hybrid connect
    * notices.
    *
    * Yes Unreal users!  That means you!  That means you need the line
    * below!  See that thing at the start of the line?  That's what we
    * call a comment!  Remove it to UNcomment the line.
    */
   perform = "PROTOCTL HCN";

};


/*
 * OPM Block defines blacklists and information required to report new proxies
 * to a dns blacklist.  DNS-based blacklists store IP addresses in a DNS zone
 * file. There are several blacklist that list IP addresses known to be open
 * proxies or other forms of IRC abuse. By checking against these blacklists,
 * BOPMs are able to ban known sources of abuse without completely scanning them.
 */

OPM {
   /*
    * Blacklist zones to check IPs against.  If you would rather not
    * trust a remotely managed blacklist, you could set up your own, or
    * leave these commented out in which case every user will be
    * scanned. The use of at least one open proxy DNSBL is recommended
        * however.
        *
        * Blitzed is not associated with any of these DNSBLs, please check
        * the policies of each blacklist you use to check you are comfortable
        * with using them to block access to your server (and that you are
        * allowed to use them).
    */

        /* DroneBL - http://dronebl.org */
   blacklist {
     /* The DNS name of the blacklist */
     name = "dnsbl.dronebl.org";
    
     /*
       * There are only two values that are valid for this
       * "A record bitmask" and "A record reply"
       * These options affect how the values specified to reply
       * below will be interpreted, a bitmask is where the reply
       * values are 2^n and more than one is added up, a reply is
       * simply where the last octet of the IP is that number.
       * If you are not sure then the values set for dnsbl.dronebl.org
       * will work without any changes.
       */
     type = "A record bitmask";
    
     /* Kline types not listed in the reply list below.
            *
       * For DNSBLs that are not IRC specific and you just wish to kline
            * certain types this can be disabled.
       */
     ban_unknown = yes;
    
     /* The actual values returned by the dnsbl.dronebl.org blacklist
       * As documented at http://www.dronebl.org/howtouse.do */
     reply {
                2 = "Sample";
              3 = "IRC Drone";
              4 = "Tor";
              5 = "Bottler";
              6 = "Unknown spambot or drone";
              7 = "DDOS Drone";
              8 = "SOCKS Proxy";
              9 = "HTTP Proxy";
              10 = "ProxyChain";
              255 = "Unknown";
     };
    
     /* The kline message sent for this specific blacklist, remember to put
       * the removal method in this.
       */
     kline = "ZLINE *@%i 1d :You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded.do?ip=%i&network=Network";
   };

#        /* ircbl.ahbl.org - see http://ahbl.org/docs/ircbl
#        * http://oldwww.temp.ahbl.org/docs/ircbl.php */
#        blacklist {
#          name = "ircbl.ahbl.org";
#          type = "A record reply";
#          ban_unknown = no;
#          reply {
#              2 = "Open proxy";
#          };
#          kline = "KLINE *@%h :Listed in ircbl.ahbl.org. See http://ahbl.org/removals";
#        };

        /* tor.dnsbl.sectoor.de - http://www.sectoor.de/tor.php */
#        blacklist {
#          name = "tor.dnsbl.sectoor.de";
#          type = "A record reply";
#          reply {
#              1 = "Tor exit server";
#          };
#          ban_unknown = no;
#          kline = "KLINE *@%h :Tor exit server detected. See www.sectoor.de/tor.php?ip=%i";
#        };

        /* rbl.efnet.org - http://rbl.efnet.org/ */
        blacklist {
          name = "rbl.efnet.org";
          type = "A record bitmask";
          reply {
              1 = "Open proxy";
              2 = "Trojan spreader";
              3 = "Trojan infected client";
              4 = "TOR exit server";
              5 = "Drones / Flooding";
          };
          ban_unknown = yes;
          kline = "ZLINE *@%i 1d :Listed in rbl.efnet.org. See rbl.efnet.org/?i=%i";
        };


   /* example: NJABL - please read http://www.njabl.org/use.html before
    * uncommenting */
#    blacklist {
#       name = "dnsbl.njabl.org";
#       type = "A record reply";
#       reply {
#         9 = "Open proxy";
#       };
#       ban_unknown = no;
#       kline = "KLINE *@%h :Open proxy found on your host, please visit www.njabl.org/cgi-bin/lookup.cgi?query=%i";
#   };

   /*
    * You can report the insecure proxies you find to a DNSBL also!
    * The remaining directives in this section are only needed if you
    * intend to do this.  Reports are sent by email, one email per IP
    * address.  The format does support multiple addresses in one email,
    * but we don't know of any servers that are detecting enough insecure
    * proxies for this to be really necessary.
    */

   /*
    * Email address to send reports FROM.  If you intend to send reports,
    * please pick an email address that we can actually send mail to
    * should we ever need to contact you.
    */
#   dnsbl_from = "mybopm@myserver.org";

   /*
    * Email address to send reports TO.
        * For example DroneBL:
    */
#   dnsbl_to = "bopm-report@dronebl.org";

   /*
    * Full path to your sendmail binary.  Even if your system does not
    * use sendmail, it probably does have a binary called "sendmail"
    * present in /usr/sbin or /usr/lib.  If you don't set this, no
    * proxies will be reported.
    */
#   sendmail = "/usr/sbin/sendmail";
};


/*
 * The short explanation:
 *
 * This is where you define what ports/protocols to check for.  You can have
 * multiple scanner blocks and then choose which users will get scanned by
 * which scanners further down.
 *
 * The long explanation:
 *
 * Scanner defines a virtual scanner.  For each user being scanned, a scanner
 * will use a file descriptor (and subsequent connection) for each protocol.
 * Once connecting it will negotiate the proxy to connect to
 * target_ip:target_port (target_ip MUST be an IP).
 *
 * Once connected, any data passed through the proxy will be checked to see if
 * target_string is contained within that data.  If it is the proxy is
 * considered open. If the connection is closed at any point before
 * target_string is matched, or if at least max_read bytes are read from the
 * connection, the negotiation is considered failed.
 */

scanner {

   /*
    * Unique name of this scanner.  This is used further down in the
    * user {} blocks to decide which users get affected by which
    * scanners.
    */
   name="default";

   /*
    * HTTP CONNECT - very common proxy protocol supported by widely known
    * software such as Squid and Apache.  The most common sort of
    * insecure proxy and found on a multitude of weird ports too.  Offers
    * transparent two way TCP connections.
    */
   protocol = HTTP:80;
   protocol = HTTP:8080;
   protocol = HTTP:3128;
   protocol = HTTP:6588;

   /*
    * SOCKS4/5 - well known proxy protocols, probably the second most
    * common for insecure proxies, also offers transparent two way TCP
    * connections.  Fortunately largely confined to port 1080.
    */
   protocol = SOCKS4:1080;
   protocol = SOCKS5:1080;

   /*
    * Cisco routers with a default password (yes, it really does happen).
    * Also pretty much anything else that will let you telnet to anywhere
    * else on the internet.  Fortunately these are always on port 23.
    */
   protocol = ROUTER:23;

   /*
    * WinGate is commercial windows proxy software which is now not so
    * common, but still to be found, and helpfully presents an interface
    * that can be used to telnet out, on port 23.
    */
   protocol = WINGATE:23;

   /*
    * The HTTP POST protocol, often dismissed when writing the access
    * controls for proxies, but sadly can still be used to abused.
    * Offers only the opportunity to send a single block of data, but
    * enough of them at once can still make for a devastating flood.
    * Found on the same ports that HTTP CONNECT proxies inhabit.
    *
    * Note that if your ircd has "ping cookies" then clients from HTTP
    * POST proxies cannot actually ever get onto your network anyway.  If
    * you leave the checks in then you'll still find some (because some
    * people IRC from boxes that run them), but if you use BOPM purely as
    * a protective measure and you have ping cookies, you need not scan
    * for HTTP POST.
    */
   protocol = HTTPPOST:80;

   /*
    * IP this scanner will bind to.  Use this if you need your scans to
    * come FROM a particular interface on the machine you run BOPM from.
    * If you don't understand what this means, please leave this
    * commented out, as this is a major source of support queries!
    */
#   vhost = "127.0.0.1";

   /* Maximum file descriptors this scanner can use.  Remember that there
    * will be one FD for each protocol listed above.  As this example
    * scanner has 8 protocols, it requires 8 FDs per user.  With a 512 FD
    * limit, this scanner can be used on 64 users _at the same time_.
    * That should be adequate for most servers.
    */
   fd = 512;

   /*
    * Maximum data read from a proxy before considering it closed.  Don't
    * set this too high, some people have fun setting up lots of ports
    * that send endless data to tie up your scanner.  4KB is plenty for
    * any known proxy.
    */
   max_read = 4096;

   /*
    * Amount of time (in seconds) before a test is considered timed out.
    * Again, all but the poorest slowest proxies will be detected within
    * 30 seconds, and this helps keep resource usage low.
    */
   timeout = 30;

   /*
    * Target IP to tell the proxy to connect to
    *
    * !!! THIS MUST BE CHANGED !!!
    *
    * You cannot instruct the proxy to connect to itself! The easiest
    * thing to do would be to set this to the IP of your ircd and then
    * keep the default target_strings.
    *
    * Please use an IP that is publically reachable from anywhere on the
    * Internet, because you have no way of knowing where the insecure
    * proxies will be located.  Just because you and your BOPM can
    * connect to your ircd on some private IP like 192.168.0.1, does not
    * mean that the insecure proxies out there on the Internet will be
    * able to.  And if they never connect, you will never detect them.
    *
    * Remember to change this setting for every scanner you configure.
    *
    */
   target_ip    = "127.0.0.1";

   /*
    * Target port to tell the proxy to connect to.  This is usually
    * something like 6667.  Basically any client-usable port.
    */
   target_port  = 6665;

   /*
    * Target string we check for in the data read back by the scanner.
    * This should be some string out of the data that your ircd usually
    * sends on connect.  The example below will work on most
    * hybrid/bahamut ircds.  Multiple target strings are allowed.
    *
    * NOTE: Try to keep the number of target strings to a minimum. Two
    *      should be fine. One for normal connections and one for throttled
    *      connections. Comment out any others for efficiency.
    */

   /* Usually first line sent to client on connection to ircd.
    * If your ircd supports a more specific line (see below),
    * using it will reduce false positives.
    */
   target_string = "*** Looking up your hostname...";

   /* Some ircds give a source for the NOTICE AUTH (bahamut for example).
    * It is recommended you use the following instead of the generic
    * "*** Looking up your hostname..." if your ircd supports it.
    * This will reduce the chances of false positives.
    */
#   target_string = ":server.yournetwork.org NOTICE AUTH :*** Looking up your hostname...";

   /* If you try to connect too fast, you'll be throttled by your own
    * ircd.  Here's what a hybrid throttle message looks like:
    */
   target_string = "ERROR :Trying to reconnect too fast.";

   /* And the same for bahamut (comment this out if you're not using bahamut): */
   target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
};

scanner {
   name = "extended";

   protocol = HTTP:81;
   protocol = HTTP:8000;
   protocol = HTTP:8001;
   protocol = HTTP:8081;

   protocol = HTTPPOST:81;
   protocol = HTTPPOST:6588;
#   protocol = HTTPPOST:4480;
   protocol = HTTPPOST:8000;
   protocol = HTTPPOST:8001;
   protocol = HTTPPOST:8080;
   protocol = HTTPPOST:8081;

   /*
    * IRCnet have seen many socks5 on these ports, more than on the
    * standard ports even.
    */
   protocol = SOCKS4:4914;
   protocol = SOCKS4:6826;
   protocol = SOCKS4:7198;
   protocol = SOCKS4:7366;
   protocol = SOCKS4:9036;

   protocol = SOCKS5:4438;
   protocol = SOCKS5:5104;
   protocol = SOCKS5:5113;
   protocol = SOCKS5:5262;
   protocol = SOCKS5:5634;
   protocol = SOCKS5:6552;
   protocol = SOCKS5:6561;
   protocol = SOCKS5:7464;
   protocol = SOCKS5:7810;
   protocol = SOCKS5:8130;
   protocol = SOCKS5:8148;
   protocol = SOCKS5:8520;
   protocol = SOCKS5:8814;
   protocol = SOCKS5:9100;
   protocol = SOCKS5:9186;
   protocol = SOCKS5:9447;
   protocol = SOCKS5:9578;

   /*
    * These came courtsey of Keith Dunnett from a bunch of public open
    * proxy lists.
    */
   protocol = SOCKS4:29992;
   protocol = SOCKS4:38884;
   protocol = SOCKS4:18844;
   protocol = SOCKS4:17771;
   protocol = SOCKS4:31121;

   fd = 400;

   /* If required you can add settings such as target_ip here
    * they will override the defaults set in the first scanner
    * for this and subsequent scanners defined in the config file
    * This affects the following options:
    * fd, vhost, target_ip, target_port, target_string, timeout and
    * max_read.
    */
};



/*
 * User blocks define what scanners will be used to scan which hostmasks. When
 * a user connects they will be scanned on every scanner {} (above) that
 * matches their host.
 */

user {
   /*
    * Users matching this host mask will be scanned with all the
    * protocols in the scanner named.
    */
   mask = "*!*@*";
   scanner = "default";
};

user {
   /* Connections without ident will match on a vast number of connections
    * very few proxies run ident though */
#   mask = "*!~*@*";
   mask = "*!squid@*";
   mask = "*!nobody@*";
   mask = "*!www-data@*";
   mask = "*!cache@*";
   mask = "*!CacheFlowS@*";
   mask = "*!*@*www*";
   mask = "*!*@*proxy*";
   mask = "*!*@*cache*";

   scanner = "extended";
};


/*
 * Exempt hosts matching certain strings from any form of scanning or dnsbl.
 * BOPM will check each string against both the hostname and the IP address of
 * the user.
 *
 * There are very few valid reasons to actually use "exempt".  BOPM should
 * never get false positives, and we would like to know very much if it does.
 * One possible scenario is that the machine BOPM runs from is specifically
 * authorized to use certain hosts as proxies, and users from those hosts use
 * your network.  In this case, without exempt, BOPM will scan these hosts,
 * find itself able to use them as proxies, and ban them.
 */
exempt {
   mask = "*!*@127.0.0.1";
};
avatar
Chief
Admin

מספר הודעות : 224
Join date : 2011-12-09
מיקום : mIRCx IRC Network

View user profile

Back to top Go down

hybrid open proxy monitor for unrealircd 4

Post  Chief on Fri Oct 13, 2017 11:23 pm

Code:

/*
 * Hybrid Open Proxy Monitor - HOPM sample configuration
 *
 * Copyright (c) 2014-2017 ircd-hybrid development team
 *
 * $Id$
 */

/*
 * Shell style (#), C++ style (//) and C style comments are supported.
 *
 * Files may be included by either:
 *        .include "filename"
 *        .include <filename>
 *
 * Times/durations are written as:
 *        12 hours 30 minutes 1 second
 *
 * Valid units of time:
 *        year, month, week, day, hour, minute, second
 *
 * Valid units of size:
 *        megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
 *
 * Sizes and times may be singular or plural.
 */

options {
   /*
    * Full path and filename for storing the process ID of the running
    * HOPM.
    */
   pidfile = "/home/asher/hopm/var/run/hopm.pid";

   /*
    * Maximum commands to queue. Set to 0 if you don't want HOPM
    * to process commands.
    */
   command_queue_size = 64;

   /*
    * Interval to check command queue for timed out commands.
    */
   command_interval = 10 seconds;

   /*
    * Timeout of commands.
    */
   command_timeout = 180 seconds;

   /*
    * How long to store the IP address of hosts which are confirmed
    * (by previous scans) to be secure. New users from these
    * IP addresses will not be scanned again until this amount of time
    * has passed. IT IS STRONGLY RECOMMENDED THAT YOU DO NOT USE THIS
    * DIRECTIVE, but it is provided due to demand.
    *
    * The main reason for not using this feature is that anyone capable
    * of running a proxy can get abusers onto your network - all they
    * need do is shut the proxy down, connect themselves, restart the
    * proxy, and tell their friends to come flood.
    *
    * Keep this directive commented out to disable negative caching.
    */
#   negcache = 1 hour;

   /*
    * How long between rebuilds of the negative cache. The negcache
    * is only rebuilt to free up memory used by entries that are too old.
    * You probably don't need to tweak this unless you have huge amounts
    * of people connecting (hundreds per minute). Default is 12 hours.
    */
   negcache_rebuild = 12 hours;

   /*
    * Amount of file descriptors to allocate to asynchronous DNS. 64
    * should be plenty for almost anyone.
    */
   dns_fdlimit = 64;

   /*
    * Amount of time the resolver waits until a response is received
    * from a name server.
    */
   dns_timeout = 5 seconds;

   /*
    * Put the full path and filename of a logfile here if you wish to log
    * every scan done. Normally HOPM only logs successfully detected
    * proxies in the hopm.log, but you may get abuse reports to your ISP
    * about portscanning. Being able to show that it was HOPM that did
    * the scan in question can be useful. Leave commented for no
    * logging.
    */
#   scanlog = "var/log/scan.log";
};


irc {
   /*
    * IP address to bind to for the IRC connection. You only need to
    * use this if you wish HOPM to use a particular interface
    * (virtual host, IP alias, ...) when connecting to the IRC server.
    * There is another "vhost" setting in the scan {} block below for
    * the actual portscans. Note that this directive expects an IP address,
    * not a hostname. Please leave this commented out if you do not
    * understand what it does, as most people don't need it.
    */
#   vhost = "0.0.0.0";

   /*
    * Nickname for HOPM to use.
    */
   nick = "MIRCX";

   /*
    * Text to appear in the "realname" field of HOPM's /whois output.
    */
   realname = "Hybrid Open Proxy Monitor";

   /*
    * If you don't have an identd running, what username to use.
    */
   username = "hopm";

   /*
    * Hostname (or IP address) of the IRC server which HOPM will monitor
    * connections on. IPv6 is now supported.
    */
   server = "192.168.1.219";

   /*
    * Password used to connect to the IRC server (PASS)
    */
#   password = "secret";

   /*
    * Port of the above server to connect to. This is what HOPM uses to
    * get onto IRC itself, it is nothing to do with what ports/protocols
    * are scanned, nor do you need to list every port your ircd listens
    * on.
    */
   port = 6665;

   /*
    * Defines time in which bot will timeout if no data is received
    */
   readtimeout = 15 minutes;

   /*
    * Interval in how often we try to reconnect to the IRC server
    */
   reconnectinterval = 30 seconds;

   /*
    * Command to execute to identify to NickServ (if your network uses
    * it). This is the raw IRC command text, and the below example
    * corresponds to "/msg nickserv identify password" in a client. If
    * you don't understand, just edit "password" in the line below to be
    * your HOPM's nick password. Leave commented out if you don't need
    * to identify to NickServ.
    */
   nickserv = "auth matrix a123456";

   /*
    * The username and password needed for HOPM to oper up.
    */
   oper = "hopm 123456";

   /*
    * Mode string that HOPM needs to set on itself as soon as it opers
    * up. This needs to include the mode for seeing connection notices,
    * otherwise HOPM won't scan anyone (that's usually umode +c).
    */
   mode = "+Bs +cF";

   /*
    * If this is set then HOPM will use it as an /away message as soon as
    * it connects.
    */
   away = "I'm a bot. Your messages will be ignored.";

   /*
    * Info about channels you wish HOPM to join in order to accept
    * commands. HOPM will also print messages in these channels every
    * time it detects a proxy. Only IRC operators can command HOPM to do
    * anything, but some of the things HOPM reports to these channels
    * could be considered sensitive, so it's best not to put HOPM into
    * public channels.
    */
   channel {
      /*
       * Channel name. Local ("&") channels are supported if your ircd
       * supports them.
       */
      name = "#hopm";

      /*
       * If HOPM will need to use a key to enter this channel, this is
       * where you specify it.
       */
#      key = "somekey";

      /*
       * If you use ChanServ then maybe you want to set the channel
       * invite-only and have each HOPM do "/msg ChanServ invite" to get
       * itself in. Leave commented if you don't, or if this makes no
       * sense to you.
       */
#      invite = "ChanServ INVITE #mIRCx MIRCX";
   };

   
     /*
    * You can define a bunch of channels if you want:
    *
    * channel { name = "#mIRCx"; }; channel { name= "#channel"; }
    */
                channel { name = "#mIRCx";
                };
   /*
    * connregex is a POSIX regular expression used to parse connection
    * notices from the ircd. The complexity of the expression should
    * be kept to a minimum.
    *
    * Items in order MUST be: nick user host IP
    *
    * HOPM will not work with ircds which do not send an IP address in the
    * connection notice.
    *
    * This is fairly complicated stuff, and the consequences of getting
    * it wrong are the HOPM does not scan anyone. Unless you know
    * absolutely what you are doing, please just uncomment the example
    * below that best matches the type of ircd you use.
    */

   /* bahamut / charybdis / ircd-hybrid / ircd-ratbox / ircu / UnrealIRCd 3.2.x (in HCN mode) */
   connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-fA-F\\.:]+)\\].*";
              connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
   /* ircd-hybrid with far connect notices (user mode +F) to scan clients on remote servers */
#   connregex = "\\*\\*\\* Notice -- Client connecting.*: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-fA-F\\.:]+)\\].*";

   /* UnrealIRCd 4.0.x */
   connregex = "\\*\\*\\* Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-fA-F\\.:]+)\\].*";

   /* InspIRCd */
#   connregex = "\\*\\*\\* .*CONNECT: Client connecting.*: ([^ ]+)!([^@]+)@([^\\)]+) \\(([0-9a-fA-F\\.:]+)\\) \\[.*\\]";

   /* ngIRCd */
#   connregex = "Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-fA-F\\.:]+)\\].*";

   /*
    * "kline" controls the command used when an open proxy is confirmed.
    * We suggest applying a temporary (no more than a few hours) KLINE on the host.
    *
    * <WARNING>
    * Make sure if you need to change this string you also change the
    * kline command for every DNSBL you enable below.
    *
    * Also note that some servers do not allow you to include ':' characters
    * inside the KLINE message (e.g. for a http:// address).
    *
    * Users rewriting this message into something that isn't even a valid
    * IRC command is the single most common cause of support requests and
    * therefore WE WILL NOT SUPPORT YOU UNLESS YOU USE ONE OF THE EXAMPLE
    * KLINE COMMANDS BELOW.
    * </WARNING>
    *
    * That said, should you wish to customise this text, several
    * printf-like placeholders are available:
    *
    *  %n    User's nick
    *  %u    User's username
    *  %h    User's irc hostname
    *  %i    User's IP address
    *  %t    Protocol type which has triggered a positive scan
    */
   kline = "KLINE 180 *@%h :Open proxy found on your host.";

   /* A GLINE example for ircu */
#   kline = "GLINE +*@%i 1800 :Open proxy found on your host.";

   /*
    * An AKILL example for services with OperServ. Your HOPM must have permission to
    * AKILL for this to work!
    */
#   kline = "OS AKILL ADD +3h *@%h Open proxy found on your host.";

   /*
    * Text to send on connection, these can be stacked and will be sent in this order.
    *
    * !!! UNREAL USERS PLEASE NOTE !!!
    * Unreal users will need PROTOCTL HCN to force hybrid connect
    * notices.
    *
    * Yes Unreal users!  That means you!  That means you need the line
    * below!  See that thing at the start of the line?  That's what we
    * call a comment!  Remove it to UNcomment the line.
    *
    * Note that this is no longer needed as of UnrealIRCd 4.0.0.
    */
   perform = "PROTOCTL HCN";

   /*
    * Text to send, via NOTICE, immediately when a new client connects. These can be
    * stacked and will be sent in this order.
    */
   notice = "You are now being scanned for open proxies. If you have nothing to hide, you have nothing to fear.";
};


/*
 * OPM Block defines blacklists and information required to report new proxies
 * to a dns blacklist. DNS-based blacklists store IP addresses in a DNS zone
 * file. There are several blacklist that list IP addresses known to be open
 * proxies or other forms of IRC abuse. By checking against these blacklists,
 * HOPMs are able to ban known sources of abuse without completely scanning them.
 */
OPM {
   /*
    * Blacklist zones to check IPs against. If you would rather not
    * trust a remotely managed blacklist, you could set up your own, or
    * leave these commented out in which case every user will be
    * scanned. The use of at least one open proxy DNSBL is recommended
    * however.
    *
    * Please check the policies of each blacklist you use to check you
    * are comfortable with using them to block access to your server
    * (and that you are allowed to use them).
    */


   /* dnsbl.dronebl.org - http://dronebl.org */
   blacklist {
      /* The DNS name of the blacklist */
      name = "dnsbl.dronebl.org";

      /*
       * Address families that are supported by the blacklist. Default is 'ipv4'.
       */
      address_family = ipv4;
                           
      /*
       * There are only two values that are valid for this
       * "A record bitmask" and "A record reply"
       * These options affect how the values specified to reply
       * below will be interpreted, a bitmask is where the reply
       * values are 2^n and more than one is added up, a reply is
       * simply where the last octet of the IP address is that number.
       * If you are not sure then the values set for dnsbl.dronebl.org
       * will work without any changes.
       */
      type = "A record bitmask";

      /*
       * Kline types not listed in the reply list below.
       *
       * For DNSBLs that are not IRC specific and you just wish to kline
       * certain types this can be enabled/disabled.
       */
      ban_unknown = yes;

      /*
       * The actual values returned by the dnsbl.dronebl.org blacklist as
       * documented at http://dronebl.org/docs/howtouse
       */
      reply {
         2 = "Sample data used for heuristical analysis";
         3 = "IRC spam drone (litmus/sdbot/fyle)";
         5 = "Bottler (experimental)";
         6 = "Unknown worm or spambot";
         7 = "DDoS drone";
         8 = "Open SOCKS proxy";
         9 = "Open HTTP proxy";
         10 = "ProxyChain";
         11 = "Web Page Proxy";
         12 = "Open DNS Resolver";
         13 = "Automated dictionary attacks";
         14 = "Open WINGATE proxy";
         15 = "Compromised router / gateway";
         16 = "Autorooting worms";
         17 = "Automatically determined botnet IPs (experimental)";
         18 = "DNS/MX type hostname detected on IRC";
         255 = "Uncategorized threat class";
      };

      /*
       * The kline message sent for this specific blacklist, remember to put
       * the removal method in this.
       */
      kline = "ZLINE *@%i 1d :You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=Network";
   };


   /* tor.dnsbl.sectoor.de - http://www.sectoor.de/tor.php */
#   blacklist {
#      name = "tor.dnsbl.sectoor.de";
#      type = "A record reply";
#      ban_unknown = no;

#      reply {
#         1 = "Tor exit server";
#      };

#      kline = "KLINE 180 *@%h :Tor exit server detected. For more information, visit http://www.sectoor.de/tor.php?ip=%i";
#   };

   /* rbl.efnetrbl.org - http://rbl.efnetrbl.org/ */
   blacklist {
      name = "rbl.efnetrbl.org";
      type = "A record bitmask";
      ban_unknown = yes;

      reply {
         1 = "Open proxy";
         2 = "spamtrap666";
         3 = "spamtrap50";
         4 = "TOR";
         5 = "Drones / Flooding";
      };

      kline = "ZLINE *@%i 1d :Blacklisted proxy found. For more information, visit http://rbl.efnetrbl.org/?i=%i";
   };



   /* tor.efnetrbl.org - http://rbl.efnetrbl.org/ */
#   blacklist {
#      name = "tor.efnetrbl.org";
#      type = "A record reply";
#      ban_unknown = no;

#      reply {
#         1 = "TOR";
#      };

#      kline = "KLINE 180 *@%h :TOR exit node found. For more information, visit http://rbl.efnetrbl.org/?i=%i";
#   };

   /*
    * You can report the insecure proxies you find to a DNSBL also!
    * The remaining directives in this section are only needed if you
    * intend to do this. Reports are sent by email, one email per IP
    * address. The format does support multiple addresses in one email,
    * but we don't know of any servers that are detecting enough insecure
    * proxies for this to be really necessary.
    */

   /*
    * Email address to send reports FROM. If you intend to send reports,
    * please pick an email address that we can actually send mail to
    * should we ever need to contact you.
    */
#   dnsbl_from = "mybopm@myserver.org";

   /*
    * Email address to send reports TO.
    * For example DroneBL:
    */
#   dnsbl_to = "bopm-report@dronebl.org";

   /*
    * Full path to your sendmail binary. Even if your system does not
    * use sendmail, it probably does have a binary called "sendmail"
    * present in /usr/sbin or /usr/lib. If you don't set this, no
    * proxies will be reported.
    */
#   sendmail = "/usr/sbin/sendmail";
};


/*
 * The short explanation:
 *
 * This is where you define what ports/protocols to check for. You can have
 * multiple scanner blocks and then choose which users will get scanned by
 * which scanners further down.
 *
 * The long explanation:
 *
 * Scanner defines a virtual scanner. For each user being scanned, a scanner
 * will use a file descriptor (and subsequent connection) for each protocol.
 * Once connecting it will negotiate the proxy to connect to
 * target_ip:target_port (target_ip MUST be an IP address).
 *
 * Once connected, any data passed through the proxy will be checked to see if
 * target_string is contained within that data. If it is the proxy is
 * considered open. If the connection is closed at any point before
 * target_string is matched, or if at least max_read bytes are read from the
 * connection, the negotiation is considered failed.
 */
scanner {
   /*
    * Unique name of this scanner. This is used further down in the
    * user {} blocks to decide which users get affected by which
    * scanners.
    */
   name = "default";

   /*
    * HTTP CONNECT - very common proxy protocol supported by widely known
    * software such as Squid and Apache. The most common sort of
    * insecure proxy and found on a multitude of weird ports too. Offers
    * transparent two way TCP connections.
    */
   protocol = HTTP:80;
   protocol = HTTP:8080;
   protocol = HTTP:3128;
   protocol = HTTP:6588;

   /*
    * The SSL/TLS variant of HTTP
    */
   protocol = HTTPS:443;
   protocol = HTTPS:8443;

   /*
    * SOCKS4/5 - well known proxy protocols, probably the second most
    * common for insecure proxies, also offers transparent two way TCP
    * connections. Fortunately largely confined to port 1080.
    */
   protocol = SOCKS4:1080;
   protocol = SOCKS5:1080;

   /*
    * Cisco routers with a default password (yes, it really does happen).
    * Also pretty much anything else that will let you telnet to anywhere
    * else on the Internet. Fortunately these are always on port 23.
    */
   protocol = ROUTER:23;

   /*
    * WinGate is commercial windows proxy software which is now not so
    * common, but still to be found, and helpfully presents an interface
    * that can be used to telnet out, on port 23.
    */
   protocol = WINGATE:23;

   /*
    * Dreambox DVB receivers with a default password allowing
    * full root access to telnet or install bouncers.
    */
   protocol = DREAMBOX:23;

   /*
    * The HTTP POST protocol, often dismissed when writing the access
    * controls for proxies, but sadly can still be used to abused.
    * Offers only the opportunity to send a single block of data, but
    * enough of them at once can still make for a devastating flood.
    * Found on the same ports that HTTP CONNECT proxies inhabit.
    *
    * Note that if your ircd has "ping cookies" then clients from HTTP
    * POST proxies cannot actually ever get onto your network anyway. If
    * you leave the checks in then you'll still find some (because some
    * people IRC from boxes that run them), but if you use HOPM purely as
    * a protective measure and you have ping cookies, you need not scan
    * for HTTP POST.
    */
   protocol = HTTPPOST:80;

   /*
    * The SSL/TLS variant of HTTPPOST
    */
   protocol = HTTPSPOST:443;
   protocol = HTTPSPOST:8443;

   /*
    * IP address this scanner will bind to. Use this if you need your scans to
    * come FROM a particular interface on the machine you run HOPM from.
    * If you don't understand what this means, please leave this
    * commented out, as this is a major source of support queries!
    */
#   vhost = "127.0.0.1";

   /*
    * Maximum file descriptors this scanner can use. Remember that there
    * will be one FD for each protocol listed above. As this example
    * scanner has 8 protocols, it requires 8 FDs per user. With a 512 FD
    * limit, this scanner can be used on 64 users _at the same time_.
    * That should be adequate for most servers.
    */
   fd = 512;

   /*
    * Maximum data read from a proxy before considering it closed. Don't
    * set this too high, some people have fun setting up lots of ports
    * that send endless data to tie up your scanner. 4KB is plenty for
    * any known proxy.
    */
   max_read = 4 kbytes;

   /*
    * Amount of time before a test is considered timed out.
    * Again, all but the poorest slowest proxies will be detected within
    * 30 seconds, and this helps keep resource usage low.
    */
   timeout = 30 seconds;

   /*
    * Target IP to tell the proxy to connect to
    *
    * !!! THIS MUST BE CHANGED !!!
    *
    * You cannot instruct the proxy to connect to itself! The easiest
    * thing to do would be to set this to the IP address of your ircd
    * and then keep the default target_strings.
    *
    * Please use an IP address that is publically reachable from anywhere
    * on the Internet, because you have no way of knowing where the insecure
    * proxies will be located. Just because you and your HOPM can
    * connect to your ircd on some private IP address like 192.168.0.1,
    * does not mean that the insecure proxies out there on the Internet will be
    * able to. And if they never connect, you will never detect them.
    *
    * Remember to change this setting for every scanner you configure.
    */
   target_ip = "127.0.0.1";

   /*
    * Target port to tell the proxy to connect to. This is usually
    * something like 6667. Basically any client-usable port.
    */
   target_port = 6665;

   /*
    * Target string we check for in the data read back by the scanner.
    * This should be some string out of the data that your ircd usually
    * sends on connect. Multiple target strings are allowed.
    *
    * NOTE: Try to keep the number of target strings to a minimum. Two
    *      should be fine. One for normal connections and one for throttled
    *      connections. Comment out any others for efficiency.
    */

   /*
    * Usually first line sent to client on connection to ircd.
    * If your ircd supports a more specific line (see below),
    * using it will reduce false positives.
    */
   target_string = ":irc.example.org NOTICE * :*** Looking up your hostname";

   /*
    * If you try to connect too fast, you'll be throttled by your own
    * ircd. Here's what a hybrid throttle message looks like:
    */
   target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
};


scanner {
   name = "extended";

   protocol = HTTP:81;
   protocol = HTTP:8000;
   protocol = HTTP:8001;
   protocol = HTTP:8081;

   protocol = HTTPPOST:81;
   protocol = HTTPPOST:6588;
   protocol = HTTPPOST:4480;
   protocol = HTTPPOST:8000;
   protocol = HTTPPOST:8001;
   protocol = HTTPPOST:8080;
   protocol = HTTPPOST:8081;

   /*
    * IRCnet have seen many socks5 on these ports, more than on the
    * standard ports even.
    */
   protocol = SOCKS4:4914;
   protocol = SOCKS4:6826;
   protocol = SOCKS4:7198;
   protocol = SOCKS4:7366;
   protocol = SOCKS4:9036;

   protocol = SOCKS5:4438;
   protocol = SOCKS5:5104;
   protocol = SOCKS5:5113;
   protocol = SOCKS5:5262;
   protocol = SOCKS5:5634;
   protocol = SOCKS5:6552;
   protocol = SOCKS5:6561;
   protocol = SOCKS5:7464;
   protocol = SOCKS5:7810;
   protocol = SOCKS5:8130;
   protocol = SOCKS5:8148;
   protocol = SOCKS5:8520;
   protocol = SOCKS5:8814;
   protocol = SOCKS5:9100;
   protocol = SOCKS5:9186;
   protocol = SOCKS5:9447;
   protocol = SOCKS5:9578;
   protocol = SOCKS5:10000;
   protocol = SOCKS5:64101;

   /*
    * These came courtsey of Keith Dunnett from a bunch of public open
    * proxy lists.
    */
   protocol = SOCKS4:29992;
   protocol = SOCKS4:38884;
   protocol = SOCKS4:18844;
   protocol = SOCKS4:17771;
   protocol = SOCKS4:31121;

   fd = 400;

   /*
    * If required you can add settings such as target_ip here
    * they will override the defaults set in the first scanner
    * for this and subsequent scanners defined in the config file
    * This affects the following options:
    * fd, vhost, target_ip, target_port, target_string, timeout and
    * max_read.
    */
};


/*
 * User blocks define what scanners will be used to scan which hostmasks.
 * When a user connects they will be scanned on every scanner {} (above)
 * that matches their host.
 */
user {
   /*
    * Users matching this host mask will be scanned with all the
    * protocols in the scanner named.
    */
   mask = "*!*@*";
   scanner = "default";
};

user {
   /*
    * Connections without ident will match on a vast number of connections
    * very few proxies run ident though
    */
#   mask = "*!~*@*";
   mask = "*!squid@*";
   mask = "*!nobody@*";
   mask = "*!www-data@*";
   mask = "*!cache@*";
   mask = "*!CacheFlowS@*";
   mask = "*!*@*www*";
   mask = "*!*@*proxy*";
   mask = "*!*@*cache*";

   scanner = "extended";
};


/*
 * Exempt hosts matching certain strings from any form of scanning or dnsbl.
 * HOPM will check each string against both the hostname and the IP address of
 * the user.
 *
 * There are very few valid reasons to actually use "exempt". HOPM should
 * never get false positives, and we would like to know very much if it does.
 * One possible scenario is that the machine HOPM runs from is specifically
 * authorized to use certain hosts as proxies, and users from those hosts use
 * your network. In this case, without exempt, HOPM will scan these hosts,
 * find itself able to use them as proxies, and ban them.
 */
exempt {
   mask = "*!*@127.0.0.1";
};
avatar
Chief
Admin

מספר הודעות : 224
Join date : 2011-12-09
מיקום : mIRCx IRC Network

View user profile

Back to top Go down

update Config UnrealIRCd-4.0.15

Post  Chief on Sun Dec 10, 2017 2:22 am

you are welcome download the config when we fix it more thing do you have in a config options block ssl and connection for PyLink and block dnsbl enjoy
https://f2h.nana10.co.il/2c1r0kgko2yg
Fix By MIRCX IRC NETWORK
avatar
Chief
Admin

מספר הודעות : 224
Join date : 2011-12-09
מיקום : mIRCx IRC Network

View user profile

Back to top Go down

download ircu2 2.10.13.alpha.0

Post  Chief on Sat Aug 04, 2018 2:13 pm

ircu2 with features
"SPAM_OPER_COUNTDOWN" = "5";
 "SPAM_EXPIRE_TIME" = "120";
 "SPAM_JOINED_TIME" = "60";
 "SPAM_FJP_COUNT" = "5";

to download
https://f2h.io/wq2biz2k9qiq
the config fix By BMT
Code:

# ircd.conf - configuration file for ircd version ircu2.10
#
# Last Updated:  20, March 2002.
#
# Written by Niels <niels@undernet.org>, based on the original example.conf,
# server code and some real-life (ahem) experience.
#
# Updated and heavily modified by Braden <dbtem@yahoo.com>.
#
# Rewritten by A1kmm(Andrew Miller)<a1kmm@mware.virtualave.net> to support
# the new flex/bison configuration parser.
#
# Thanks and credits to: Run, Trillian, Cym, Morrissey, Chaos, Flynn,
#                        Xorath, WildThang, Mmmm, SeKs, Ghostwolf and
#                        all other Undernet IRC Admins and Operators,
#                        and programmers working on the Undernet ircd.
#
# This is an example of the configuration file used by the Undernet ircd.
#
# This document is based on a (fictious) server in Europe with a
# connection to the Undernet IRC network. It is primarily a leaf server,
# but if all the other hubs in Europe aren't in service, it can connect
# to one in the US by itself.
#
# The configuration format consists of a number of blocks in the format
#  BlockName { setting = number; setting2 = "string"; setting3 = yes; };
# Note that comments start from a #(hash) and go to the end of the line.
# Whitespace(space, tab, or carriage return/linefeed) are ignored and may
# be used to make the configuration file more readable.
#
# Please note that when ircd puts the configuration lines into practice,
# it parses them exactly the other way round than they are listed here.
# It uses the blocks in reverse order.
#
# This means that you should start your Client blocks with the
# "fall through", most vanilla one, and end with the most detailed.
#
# There is a difference between the "hostname" and the "server name"
# of the machine that the server is run on. For example, the host can
# have "veer.cs.vu.nl" as FQDN, and "Amsterdam.NL.EU.undernet.org" as
# server name.
# A "server mask" is something like "*.EU.UnderNet.org", which is
# matched by "Amsterdam.NL.EU.undernet.org" but not by
# "Manhattan.KS.US.undernet.org".
#
# Please do NOT just rename the example.conf to ircd.conf and expect
# it to work.


# [General]
#
# First some information about the server.
# General {
#         name = "servername";
#         vhost = "ipv4vhost";
#         vhost = "ipv6vhost";
#         description = "description";
#         numeric = numericnumber;
#         dns vhost = "ipv4vhost";
#         dns vhost = "ipv6vhost";
#         dns server = "ipaddress";
#         dns server = "ipaddress2";
# };
#
# If present, <virtual host> must contain a valid address in dotted
# quad or IPv6 numeric notation (127.0.0.1 or ::1).  The address MUST
# be the address of a physical interface on the host.  This address is
# used for outgoing connections if the Connect{} block does not
# override it.  See Port{} for listener virtual hosting.  If in doubt,
# leave it out -- or use "*", which has the same meaning as no vhost.
#
# You may specify both an IPv4 virtual host and an IPv6 virtual host,
# to indicate which address should be used for outbound connections
# of the respective type.
#
# Note that <server numeric> has to be unique on the network your server
# is running on, must be between 0 and 4095, and is not updated on a rehash.
#
# The two DNS lines allow you to specify the local IP address to use
# for DNS lookups ("dns vhost") and one or more DNS server addresses
# to use.  If the vhost is ambiguous for some reason, you may list
# IPV4 and/or IPV6 between the equals sign and the address string.
# The default DNS vhost is to let the operating system assign the
# address, and the default DNS servers are read from /etc/resolv.conf.
# In most cases, you do not need to specify either the dns vhost or
# the dns server.
General {
         name = "irc.mIRCxNet.ISRAEL";
         description = "mIRCx IRC Network";
         numeric = 1;
};

# [Admin]
#
# This sets information that can be retrieved with the /ADMIN command.
# It should contain at least an admin Email contact address.
Admin {
  # At most two location lines are allowed...
  Location = "mIRCx IRC Network";
  Location = "mIRCxNet IRC server";
  Contact = "mIRCx@gmail.com";
};

# [Classes]
#
# All connections to the server are associated with a certain "connection
# class", be they incoming or outgoing (initiated by the server), be they
# clients or servers.
#
# Class {
#  name = "<class>";
#  pingfreq = time;
#  connectfreq = time;
#  maxlinks = number;
#  sendq = size;
#  usermode = "+i";
# };
#
# For connection classes used on server links, maxlinks should be set
# to either 0 (for hubs) or 1 (for leaf servers).  Client connection
# classes may use maxlinks between 0 and approximately 4,000,000,000.
# maxlinks = 0 means there is no limit on the number of connections
# using the class.
#
# <connect freq> applies only to servers, and specifies the frequency
# that the server tries to autoconnect. setting this to 0 will cause
# the server to attempt to connect repeatedly with no delay until the
# <maximum links> condition is satisfied. This is a Bad Thing(tm).
# Note that times can be specified as a number, or by giving something
# like: 1 minutes 20 seconds, or 1*60+20.
#
# Recommended server classes:
# All your server uplinks you are not a hub for.
Class {
 name = "Server";
 pingfreq = 1 minutes 30 seconds;
 connectfreq = 5 minutes;
 maxlinks = 1;
 sendq = 9000000;
};
# All the leaf servers you hub for.
Class {
 name = "LeafServer";
 pingfreq = 1 minutes 30 seconds;
 connectfreq = 5 minutes;
 maxlinks = 0;
 sendq = 9000000;
};

# Client {
#  username = "ident";
#  host = "host";
#  ip = "127.0.0.0/8";
#  password = "password";
#  class = "classname";
#  maxlinks = 3;
# };
#
# Everything in a Client block is optional.  If a username mask is
# given, it must match the client's username from the IDENT protocol.
# If a host mask is given, the client's hostname must resolve and
# match the host mask.  If a CIDR-style IP mask is given, the client
# must have an IP matching that range.  If maxlinks is given, it is
# limits the number of matching clients allowed from a particular IP
# address.
#
# Take the following class blocks only as a guide.
Class {
 name = "Local";
 pingfreq = 1 minutes 30 seconds;
 sendq = 160000;
 maxlinks = 100;
 usermode = "+iw";
};
Class {
 name = "America";
 pingfreq = 1 minutes 30 seconds;
 sendq = 80000;
 maxlinks = 5;
};
Class {
 name = "Other";
 pingfreq = 1 minutes 30 seconds;
 sendq = 160000;
 maxlinks = 400;
};
Class {
 name = "Opers";
 pingfreq = 1 minutes 30 seconds;
 sendq = 160000;
 maxlinks = 10;

 # For connection classes intended for operator use, you can specify
 # privileges used when the Operator block (see below) names this
 # class.  The local (aka globally_opered) privilege MUST be defined
 # by either the Class or Operator block.  The following privileges
 # exist:
 #
 # local (or propagate, with the opposite sense)
 # whox  (log oper's use of x flag with /WHO)
 # display (oper status visible to lusers)
 # chan_limit (can join local channels when in
 #                              MAXCHANNELSPERUSER channels)
 # mode_lchan (can /MODE &channel without chanops)
 # deop_lchan (cannot be deopped or kicked on local channels)
 # walk_lchan (can forcibly /JOIN &channel OVERRIDE)
 # show_invis (see +i users in /WHO x)
 # show_all_invis (see +i users in /WHO x)
 # unlimit_query (show more results from /WHO)
 # local_kill (can kill clients on this server)
 # rehash (can use /REHASH)
 # restart (can use /RESTART)
 # die (can use /DIE)
 # local_jupe (not used)
 # set (can use /SET)
 # local_gline (can set a G-line for this server only)
 # local_badchan (can set a Gchan for this server only)
 # see_chan (can see users in +s channels in /WHO)
 # list_chan (can see +s channels with /LIST S, or modes with /LIST M)
 # wide_gline (can use ! to force a wide G-line)
 # see_opers (can see opers without DISPLAY privilege)
 # local_opmode (can use OPMODE/CLEARMODE on local channels)
 # force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels)
 # kill (can kill clients on other servers)
 # gline (can issue G-lines to other servers)
 # jupe_server (not used)
 # opmode (can use /OPMODE)
 # badchan (can issue Gchans to other servers)
 # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels)
 # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys)
 #
 # For global opers (with propagate = yes or local = no), the default
 # is to grant all of the above privileges EXCEPT walk_lchan,
 # unlimit_query, set, badchan, local_badchan and apass_opmode.
 # For local opers, the default is to grant ONLY the following
 # privileges:
 #  chan_limit, mode_lchan, show_invis, show_all_invis, local_kill,
 #  rehash, local_gline, local_jupe, local_opmode, whox, display,
 #  force_local_opmode
 # Any privileges listed in a Class block override the defaults.

 local = no;
};
# [Client]
#
# To allow clients to connect, they need authorization. This can be
# done based on hostmask, address mask, and/or with a password.
# With intelligent use of classes and the maxconnections field in the
# Client blocks, you can let in a specific domain, but get rid of all other
# domains in the same toplevel, thus setting up some sort of "reverse
# Kill block".
# Client {
#  host = "user@host";
#  ip = "user@ip";
#  password = "password";
#  class = "classname";
# };
#
# Technical description (for examples, see below):
# For every connecting client, the IP address is known.  A reverse lookup
# on this IP-number is done to get the (/all) hostname(s).
# Each hostname that belongs to this IP-number is matched to <hostmask>,
# and the Client {} is used when any matches; the client will then show
# with this particular hostname.  If none of the hostnames match, then
# the IP-number is matched against the <IP mask ...> field, if this matches
# then the Client{} is used nevertheless and the client will show with the
# first (main) hostname if any; if the IP-number did not resolve then the
# client will show with the dot notation of the IP-number.
# There is a special case for the UNIX domain sockets and localhost connections
# though; in this case the <IP mask ...> field is compared with the
# name of the server (thus not with any IP-number representation). The name
# of the server is the one returned in the numeric 002 reply, for example:
# 002 Your host is 2.undernet.org[jolan.ppro], running version ...
# Then the "jolan.ppro" is the name used for matching.
# Therefore, unix domain sockets, and connections to localhost would
# match this block:
# host = "*@jolan.ppro";
#
# This is the "fallback" entry. All .uk, .nl, and all unresolved are
# in these two lines.
# By using two different lines, multiple connections from a single IP
# are only allowed from hostnames which have both valid forward and
# reverse DNS mappings.
Client
{
 class = "Other";
 ip = "*@*";
 maxlinks = 2;
};


Client
{
 class = "Other";
 host = "*@*";
 maxlinks = 2;
};
# If you don't want unresolved dudes to be able to connect to your
# server, do not specify any "ip = " settings.
#
# Here, take care of all American ISPs.
Client
{
 host = "*@*.com";
 class = "America";
 maxlinks = 2;
};

Client
{
 host = "*@*.net";
 class = "America";
 maxlinks = 2;
};
# Now list all the .com / .net domains that you wish to have access...
# actually it's less work to do it this way than to do it the other
# way around - K-lining every single ISP in the US.
# I wish people in Holland just got a .nl domain, and not try to be
# cool and use .com...
Client { host = "*@*.wirehub.net"; class = "Other"; maxlinks=2; };
Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; };
Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; };
Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; };
Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; };
Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; };
Client { host = "*@*.nl.net"; class = "Local"; maxlinks=2; };

# You can request a more complete listing, including the "list of standard
# Kill blocks" from the Routing Committee; it will also be sent to you if
# you apply for a server and get accepted.
#
# Ourselves - this makes sure that we can get in, no matter how full
# the server is (hopefully).
Client
{
 host = "*@*.london.ac.uk";
 ip = "*@193.37.*";
 class = "Local";
 # A maxlinks of over 5 will automatically be glined by euworld on Undernet
 maxlinks = 5;
};

# You can put an expression in the maxlinks value, which will make ircd
# only accept a client when the total number of connections to the network
# from the same IP number doesn't exceed this number.
# The following example would accept at most one connection per IP number
# from "*.swipnet.se" and at most two connections from dial up accounts
# that have "dial??.*" as host mask:
# Client {
#  host = "*@*.swipnet.se";
#  maxlinks = 1;
#  class = "Other";
# };
# Client {
#  host = "*@dial??.*";
#  maxlinks = 2;
#  class = "Other";
# };
#
# If you are not worried about who connects, this line will allow everyone
# to connect.
Client {
 host = "*@*";
 ip = "*@*";
 class = "Other";
 maxlinks = 2;
};


# [motd]
#
# It is possible to show a different Message of the Day to a connecting
# client depending on its origin.
# motd {
#  # Note: host can also be a classname.
#  host = "Other";
#  file = "path/to/motd/file";
# };
#
# More than one host = "mask"; entry may be present in one block; this
# has the same effect as one Motd block for each host entry, but makes
# it easier to update the messages's filename.
#
# DPATH/net_com.motd contains a special MOTD where users are encouraged
# to register their domains and get their own client{} lines if they're in
# Europe, or move to US.UnderNet.org if they're in the USA.
motd {
 host = "*.net";
 file = "net_com.motd";
};
motd {
 host = "*.com";
 file = "net_com.motd";
};
motd {
 host = "America";
 file = "net_com.motd";
};

# A different MOTD for ourselves, where we point out that the helpdesk
# better not be bothered with questions regarding irc...
motd {
 host = "*.london.ac.uk";
 file = "london.motd";
};

# [UWorld]
#
# One of the many nice features of Undernet is "Uworld", a program
# connected to the net as a server. This allows it to broadcast any mode
# change, thus allowing opers to, for example, "unlock" a channel that
# has been taken over.
# There is only one slight problem: the TimeStamp protocol prevents this.
# So there is a configuration option to allow them anyway from a certain
# server.
# UWorld {
#  # The servername or wildcard mask for it that this applies to.
#  name = "relservername";
# };
#
# You may have have more than one name listed in each block.
#
# Note: (1) These lines are agreed on by every server admin on Undernet;
# (2) These lines must be the same on every single server, or results
# will be disasterous; (3) This is a useful feature, not something that
# is a liability and abused regularly (well... :-)
# If you're on Undernet, you MUST have these lines. I cannnot stress
# this enough.  If all of the servers don't have the same lines, the
# servers will try to undo the mode hacks that Uworld does.  Make SURE that
# all of the servers have the EXACT same UWorld blocks.
#
# If your server starts on a bit larger network, you'll probably get
# assigned one or two uplinks to which your server can connect.
# If your uplink(s) also connect to other servers than yours (which is
# probable), you need to define your uplink as being allowed to "hub".
# See the Connect block documentation for details on how to do that.

UWorld {
 name = "uworld.eu.undernet.org";
 name = "uworld2.undernet.org";
 name = "uworld.undernet.org";
 name = "channels.undernet.org";
 name = "channels2.undernet.org";
 name = "channels3.undernet.org";
 name = "channels4.undernet.org";
 name = "channels5.undernet.org";
 name = "channels6.undernet.org";
};

# As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and
# CFV-0255, the following nicks must be juped, it is not allowed to
# jupe others as well.
Jupe {
 nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`";
 nick = "EuWorld,UWorld,UWorld2";
 nick = "login,undernet,protocol,pass,newpass,org";
 nick = "StatServ,NoteServ";
 nick = "ChanSvr,ChanSaver,ChanServ";
 nick = "NickSvr,NickSaver,NickServ";
 nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX";
};

# [Kill]
#
# While running your server, you will most probably encounter individuals
# or groups of persons that you do not wish to have access to your server.
#
# For this purpose, the ircd understands "kill blocks". These are also
# known as K-lines, by virtue of the former config file format.
# Kill
# {
#   host = "user@host";
#   reason = "The reason the user will see";
# };
# It is possible to ban on the basis of the real name.
# It is also possible to use a file as comment for the ban, using
# file = "file":
# Kill
# {
#   realname = "realnametoban";
#   file = "path/to/file/with/reason/to/show";
# };
#
#
# The default reason is: "You are banned from this server"
# Note that Kill blocks are local to the server; if you ban a person or a
# whole domain from your server, they can get on IRC via any other server
# that doesn't have them Killed (yet).
#
# With a simple comment, using quotes:
#Kill { host = "*.au"; reason = "Please use a nearer server"; };
#Kill { host = "*.edu"; reason = "Please use a nearer server"; };

# You can also kill based on username.
#Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected with a Trojan"; };

# The file can contain for example, a reason, a link to the
# server rules and a contact address.  Note the combination
# of username and host in the host field.
#Kill
#{
# host = "*luser@unixbox.flooder.co.uk";
# file = "kline/youflooded.txt";
#};

# IP-based kill lines apply to all hosts, even if an IP address has a
# properly resolving host name.
#Kill
#{
# host = "192.168.*";
# file = "klines/martians";
#};

# The realname field lets you ban by realname...
#Kill
#{
# realname = "*sub7*";
# reason = "You are infected with a Trojan";
#};

# [Connect]
#
# You probably want your server connected to other servers, so your users
# have other users to chat with.
# IRC servers connect to other servers forming a network with a star or
# tree topology. Loops are not allowed.
# In this network, two servers can be distinguished: "hub" and "leaf"
# servers. Leaf servers connect to hubs; hubs connect to each other.
# Of course, many servers can't be directly classified in one of these
# categories. Both a fixed and a rule-based decision making system for
# server links is provided for ircd to decide what links to allow, what
# to let humans do themselves, and what links to (forcefully) disallow.
#
# The Connect blocks
# define what servers the server connect to, and which servers are
# allowed to connect.
# Connect {
#  name = "servername";
#  host = "hostnameORip";
#  vhost = "localIP";
#  password = "passwd";
#  port = portno;
#  class = "classname";
#  maxhops = 2;
#  hub = "*.eu.undernet.org";
#  autoconnect = no;
# };
#
# The "port" field defines the default port the server tries to connect
# to if an operator uses /connect without specifying a port. This is also
# the port used when the server attempts to auto-connect to the remote
# server. (See Class blocks for more informationa about auto-connects).
# You may tell ircu to not automatically connect to a server by adding
# "autoconnect = no;"; the default is to autoconnect.
#
# If the vhost field is present, the server will use that IP as the
# local end of connections that it initiates to this server.  This
# overrides the vhost value from the General block.
#
# The maxhops field causes an SQUIT if a hub tries to introduce
# servers farther away than that; the element 'leaf;' is an alias for
# 'maxhops = 0;'.  The hub field limits the names of servers that may
# be introduced by a hub; the element 'hub;' is an alias for
# 'hub = "*";'.
#
# Our primary uplink.
Connect {
 name = "srvx.mIRCxNet.ISRAEL.Services";
 host = "192.168.1.219";
 password = "asher";
 port = 4400;
 class = "Server";
 hub = "*";
};
Connect {
 name = "PHP.mIRCxNet.ISRAEL.Services";
 host = "192.168.1.219";
 password = "asher";
 port = 4400;
 class = "Server";
 hub = "*";
};
# [crule]
#
# For an advanced, real-time rule-based routing decision making system
# you can use crule blocks. For more information, see doc/readme.crules.
# Including the "all" modifier makes the rule always apply.  Otherwise
# it only applies to outbound autoconnects.
#
# CRule "servermask" all connectrule;
# CRule "servermask" connectrule;
CRule "*.US.Undernet.Org" connected("*.US.Undernet.Org");
CRule "*.EU.Undernet.Org" connected("Amsterdam.NL.EU.*");

# The following CRule is recommended for leaf servers:
CRule "*" directcon("*");

# [Operator]
#
# Inevitably, you have reached the part about "IRC Operators". Oper status
# grants some special privileges to a user, like the power to make the
# server break or (try to) establish a connection with another server,
# and to "kill" users off IRC.
# I can write many pages about this; I will restrict myself to saying that
# if you want to appoint somebody as IRC Operator on your server, that
# person should be aware of his/her responsibilities, and that you, being
# the admin, will be held accountable for their actions.
#
# There are two sorts of IRC Operators: "local" and "global". Local opers
# can squit, connect and kill - but only locally: their +o user mode
# is not not passed along to other servers. On Undernet, this prevents
# them from using Uworld as well.
#
# More than one host = "mask"; entry may be present in one block; this
# has the same effect as one Operator block for each host entry, but
# makes it easier to update operator nicks, passwords, classes, and
# privileges.
#
# Operator {
#  host = "host/IP mask";
#  name = "opername";
#  password = "encryptedpass";
#  class = "classname";
#  # You can also set any operator privilege; see the Class block
#  # documentation for details.  A privilege defined for a single
#  # Operator will override the privilege settings for the Class
#  # and the default setting.
# };
#
# By default, the password is hashed using the system's native crypt()
# function.  Other password mechanisms are available; the umkpasswd
# utility from the ircd directory can hash passwords using those
# mechanisms.  If you use a password format that is NOT generated by
# umkpasswd, ircu will not recognize the oper's password.
#
# All privileges are shown with their default values; if you wish to
# override defaults, you should set only those privileges for the
# operator.  Listing defaulted privileges just makes things harder to
# find.
Operator {
 local = no;
 host = "*@*.cs.vu.nl";
 password = "VRKLKuGKn0jLt";
 name = "Niels";
 class = "Local";
};
Operator {
 host = "*";
 password = "$PLAIN$leetmoo";
 name = "darksis";
 class = "Opers";
};

# Note that the <connection class> is optional, but leaving it away
# puts the opers in class "default", which usually only accepts one
# connection at a time.  If you want users to Oper up more then once per
# block, then use a connection class that allows more then one connection,
# for example (using class Local as in the example above):
#
# Once you OPER your connection class changes no matter where you are or
# your previous connection classes.  If the defined connection class is
# Local for the operator block, then your new connection class is Local.

# [Port]
# When your server gets more full, you will notice delays when trying to
# connect to your server's primary listening port. It is possible via the
# Port lines to specify additional ports for the ircd to listen to.
# De facto ports are: 6667 - standard; 6660-6669 - additional client
# ports;
# Undernet uses 4400 for server listener ports.
# These are just hints, they are in no way official IANA or IETF policies.
# IANA says we should use port 194, but that requires us to run as root,
# so we don't do that.
#
#
# Port {
#  port = [ipv4] [ipv6] number;
#  mask = "ipmask";
#  # Use this to control the interface you bind to.
#  vhost = [ipv4] [ipv6] "virtualhostip";
#  # You can specify both virtual host and port number in one entry.
#  vhost = [ipv4] [ipv6] "virtualhostip" number;
#  # Setting to yes makes this server only.
#  server = yes;
#  # Setting to yes makes the port "hidden" from stats.
#  hidden = yes;
#  # Setting to yes makes the port exempt from connection restrictions
#  # during a timed /restart or /die.
#  exempt = yes;
# };
#
# The port and vhost lines allow you to specify one or both of "ipv4"
# and "ipv6" as address families to use for the port.  The default is
# to listen on both IPv4 and IPv6.
#
# The mask setting allows you to specify a range of IP addresses that
# you will allow connections from. This should only contain IP addresses
# and '*' if used. This field only uses IP addresses. This does not use
# DNS in any way so you can't use it to allow *.nl or *.uk. Attempting
# to specify anything other than numbers, dots and stars [0-9.*] will result
# in the port allowing connections from anyone.
#
# The interface setting allows multiply homed hosts to specify which
# interface to use on a port by port basis, if an interface is not specified
# the default interface will be used. The interface MUST be the complete
# IP address for a real hardware interface on the machine running ircd.
# If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it
# WILL bind to all interfaces - not what most people seem to expect.
#
Port {
 server = yes;
 port = 4400;
};

# This is an IPv4-only Server port that is Hidden
#Port {
# server = yes;
# hidden = yes;
# port = ipv4 4401;
#};

# The following are normal client ports
Port { port = 5000; };
#Port { port = 6668; };
#Port {
 # This only accepts clients with IPs like 192.168.*.
# mask = "192.168.*";
# port = 6666;
 # Allows your opers to connect during a timed /restart or /die.
# exempt = yes;
#};

# This is a hidden client port, listening on 168.8.21.107.
Port {
 vhost = "192.168.1.219";
 hidden = no;
 port = 5000;
};

# More than one vhost may be present in a single Port block; in this case,
# we recommend listing the port number on the vhost line for clarity.
#Port {
# vhost = "172.16.0.1" 6667;
# vhost = "172.16.3.1" 6668;
# hidden = no;
#};

# Quarantine blocks disallow operators from using OPMODE and CLEARMODE
# on certain channels.  Opers with the force_opmode (for local
# channels, force_local_opmode) privilege may override the quarantine
# by prefixing the channel name with an exclamation point ('!').
# Wildcards are NOT supported; the channel name must match exactly.
Quarantine {
  "#shells" = "Thou shalt not support the h4><0rz";
  "&kiddies" = "They can take care of themselves";
};

# This is a server-implemented alias to send a message to a service.
# The string after Pseudo is the command name; the name entry inside
# is the service name, used for error messages.  More than one nick
# entry can be provided; the last one listed has highest priority.
Pseudo "CHANSERV" {
 name = "X";
 nick = "X@channels.undernet.org";
};

# You can also prepend text before the user's message.
Pseudo "LOGIN" {
 name = "X";
 prepend = "LOGIN ";
 nick = "X@channels.undernet.org";
};

# You can ask a separate server whether to allow users to connect.
# Uncomment this ONLY if you have an iauth helper program.
# IAuth {
#  program = "../path/to/iauth" "-n" "options go here";
# };

# [Include]
# You can include certain kinds of configuration snippets from other
# files.  The basic directive, which allows any kind of block or
# recursive include, is:
#
#   Include "filename";
#
# You can limit the file to certain types of configuration blocks by
# using the block name(s), optionally separated by commas.  For
# example:
#
#   Include uworld, jupe, quarantine, kill from "linesync.conf";
#   Include operator from "opers.conf";
#   Include include from "include.conf";
#
# The restrictions are transitive across includes.  This means that
# the last example is not very useful: the only thing include.conf may
# do is include other include files, and none of them may have any
# other kind of block!
#
# Well-formed but disallowed configuration blocks generate a warning
# but do not break the file.  The other syntax rules must still be
# followed, because a syntax error will break the file.

# [features]
# IRC servers have a large number of options and features.  Most of these
# are set at compile time through the use of #define's--see "make config"
# for more details--but we are working to move many of these into the
# configuration file.  Features let you configure these at runtime.
# You only need one feature block in which you use
# "featurename" = "value1" , "value2", ..., "valuen-1", "valuen";
#
# The entire purpose of F:lines are so that you do not have to recompile
# the IRCD everytime you want to change a feature.  All of the features
# are listed below, and at the bottom is how to set logging.
#
# A Special Thanks to Kev for writing the documentation of F:lines.  It can
# be found at doc/readme.features and the logging documentation can be
# found at doc/readme.log.  The defaults used by the Undernet network are
# below.
#
features
{
# These log features are the only way to get certain error messages
# (such as when the server dies from being out of memory).  For more
# explanation of how they work, see doc/readme.log.
 "LOG" = "SYSTEM" "FILE" "ircd.log";
 "LOG" = "SYSTEM" "LEVEL" "CRIT";
#  "DOMAINNAME"="<obtained from /etc/resolv.conf by ./configure>";
#  "RELIABLE_CLOCK"="FALSE";
#  "BUFFERPOOL"="27000000";
#  "HAS_FERGUSON_FLUSHER"="FALSE";
#  "CLIENT_FLOOD"="1024";
#  "SERVER_PORT"="4400";
#  "NODEFAULTMOTD"="TRUE";
#  "MOTD_BANNER"="TRUE";
#  "KILL_IPMISMATCH"="FALSE";
#  "IDLE_FROM_MSG"="TRUE";
  "HUB"="TRUE";
#  "WALLOPS_OPER_ONLY"="FALSE";
#  "NODNS"="FALSE";
#  "NOIDENT"="FALSE";
#  "RANDOM_SEED"="<you should set one explicitly>";
#  "DEFAULT_LIST_PARAM"="TRUE";
#  "NICKNAMEHISTORYLENGTH"="800";
  "NETWORK"="mIRCxNet";
  "HOST_HIDING"="TRUE";
  "HIDDEN_HOST"="users.mIRCxNet.ISRAEL";
#  "HIDDEN_IP"="127.0.0.1";
#  "KILLCHASETIMELIMIT"="30";
#  "MAXCHANNELSPERUSER"="10";
#  "NICKLEN" = "12";
#  "AVBANLEN"="40";
#  "MAXBANS"="30";
#  "MAXSILES"="15";
#  "HANGONGOODLINK"="300";
# "HANGONRETRYDELAY" = "10";
# "CONNECTTIMEOUT" = "90";
# "MAXIMUM_LINKS" = "1";
# "PINGFREQUENCY" = "120";
# "CONNECTFREQUENCY" = "600";
# "DEFAULTMAXSENDQLENGTH" = "40000";
# "GLINEMAXUSERCOUNT" = "20";
# "MPATH" = "ircd.motd";
# "RPATH" = "remote.motd";
# "PPATH" = "ircd.pid";
# "TOS_SERVER" = "0x08";
# "TOS_CLIENT" = "0x08";
# "POLLS_PER_LOOP" = "200";
# "IRCD_RES_TIMEOUT" = "4";
# "IRCD_RES_RETRIES" = "2";
# "AUTH_TIMEOUT" = "9";
 "IPCHECK_CLONE_LIMIT" = "4";
 "IPCHECK_CLONE_PERIOD" = "40";
 "IPCHECK_CLONE_DELAY" = "600";
# "CHANNELLEN" = "200";
# "CONFIG_OPERCMDS" = "FALSE";
# "OPLEVELS" = "TRUE";
# "ZANNELS" = "TRUE";
# "LOCAL_CHANNELS" = "TRUE";
# "ANNOUNCE_INVITES" = "FALSE";
#  These were introduced by Undernet CFV-165 to add "Head-In-Sand" (HIS)
#  behavior to hide most network topology from users.
  "HIS_SNOTICES" = "TRUE";
  "HIS_SNOTICES_OPER_ONLY" = "TRUE";
#  "HIS_DEBUG_OPER_ONLY" = "TRUE";
#  "HIS_WALLOPS" = "TRUE";
#  "HIS_MAP" = "TRUE";
#  "HIS_LINKS" = "TRUE";
#  "HIS_TRACE" = "TRUE";
#  "HIS_STATS_NAMESERVERS" = "TRUE";
#  "HIS_STATS_CONNECT" = "TRUE";
#  "HIS_STATS_CRULES" = "TRUE";
#  "HIS_STATS_ENGINE" = "TRUE";
#  "HIS_STATS_FEATURES" = "TRUE";
#  "HIS_STATS_GLINES" = "TRUE";
#  "HIS_STATS_ACCESS" = "TRUE";
#  "HIS_STATS_HISTOGRAM" = "TRUE";
#  "HIS_STATS_JUPES" = "TRUE";
#  "HIS_STATS_KLINES" = "TRUE";
#  "HIS_STATS_LINKS" = "TRUE";
#  "HIS_STATS_MODULES" = "TRUE";
#  "HIS_STATS_COMMANDS" = "TRUE";
#  "HIS_STATS_OPERATORS" = "TRUE";
#  "HIS_STATS_PORTS" = "TRUE";
#  "HIS_STATS_QUARANTINES" = "TRUE";
#  "HIS_STATS_MAPPINGS" = "TRUE";
#  "HIS_STATS_USAGE" = "TRUE";
#  "HIS_STATS_LOCALS" = "TRUE";
#  "HIS_STATS_MOTDS" = "TRUE";
#  "HIS_STATS_UPTIME" = "FALSE";
#  "HIS_STATS_UWORLD" = "TRUE";
#  "HIS_STATS_VSERVERS" = "TRUE";
#  "HIS_STATS_USERLOAD" = "TRUE";
#  "HIS_STATS_MEMUSAGE" = "TRUE";
#  "HIS_STATS_CLASSES" = "TRUE";
#  "HIS_STATS_MEMORY" = "TRUE";
#  "HIS_STATS_IAUTH" = "TRUE";
#  "HIS_WHOIS_SERVERNAME" = "TRUE";
#  "HIS_WHOIS_IDLETIME" = "TRUE";
#  "HIS_WHOIS_LOCALCHAN" = "TRUE";
#  "HIS_WHO_SERVERNAME" = "TRUE";
#  "HIS_WHO_HOPCOUNT" = "TRUE";
#  "HIS_MODEWHO" = "TRUE";
#  "HIS_BANWHO" = "TRUE";
#  "HIS_KILLWHO" = "TRUE";
#  "HIS_REWRITE" = "TRUE";
#  "HIS_REMOTE" = "TRUE";
#  "HIS_NETSPLIT" = "TRUE";
  "HIS_SERVERNAME" = "*.mIRCxNet.ISRAEL";
  "HIS_SERVERINFO" = "The mIRCxnet Underworld";
#  "HIS_URLSERVERS" = "http://www.undernet.org/servers.php";
#  "URLREG" = "http://cservice.undernet.org/live/";
  "SPAM_OPER_COUNTDOWN" = "5";
  "SPAM_EXPIRE_TIME" = "120";
  "SPAM_JOINED_TIME" = "60";
  "SPAM_FJP_COUNT" = "5";
};

# Well, you have now reached the end of this sample configuration
# file. If you have any questions, feel free to mail
# <coder-com@undernet.org>.  If you are interested in linking your
# server to the Undernet IRC network visit
# http://www.routing-com.undernet.org/, and if there are any
# problems then contact <routing-com@undernet.org> asking for
# information. Upgrades of the Undernet ircd can be found on
# http://coder-com.undernet.org/.
#
# For the rest:  Good Luck!
#
# -- Niels.
Enjoy


Last edited by Chief on Sun Aug 05, 2018 10:42 pm; edited 1 time in total
avatar
Chief
Admin

מספר הודעות : 224
Join date : 2011-12-09
מיקום : mIRCx IRC Network

View user profile

Back to top Go down

Re: mIRCx IRC Network Config

Post  Chief on Sat Aug 04, 2018 2:39 pm




by the way when do you run this ircu you need configure with this
Code:

./configure --prefix=/home/asher --with-domain
is working good
avatar
Chief
Admin

מספר הודעות : 224
Join date : 2011-12-09
מיקום : mIRCx IRC Network

View user profile

Back to top Go down

Re: mIRCx IRC Network Config

Post  Sponsored content


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum