need help with bopm

The UnrealIRCd team does not officially provide support for any services packages that you may be using or want to use. This forum is provided so the community can help each other with services issues.

Moderator: Supporters

Post Reply
c0re
Posts: 2
Joined: Fri Jan 16, 2009 10:54 am

need help with bopm

Post by c0re » Fri Jan 16, 2009 11:05 am

Hi, i installed bopm yesterday... the problem is bopm is not checking user on connect... then i installed neostats with opsb and blsb...neostats seems to work but not bopm...

here is my conf

Code: Select all


/*
 * BOPM sample configuration for Blitzed Admins.  For explanations of what all
 * the directives do, please see bopm.conf.sample.
 *
 * Most of this stuff is just suggestions.  Any setting that is required will
 * be noted as such.
 *
 */

options {

   pidfile = "/home/c0re/bopm/bopm.pid";
   dns_fdlimit = 64;
   
   /*
    * You can use this to log ALL port scans that are done.  This is
    * optional and may be useful if you ever have to deal with abuse
    * reports.
    */
#  scanlog = "/home/c0re/bopm/scan.log";
};


IRC {
#  vhost = "72.20.42.118";

   /* You're required to keep to this naming scheme! */
   nick = "Sw33t-Elite";

   realname = "SweetBD Open Proxy Monitor";
   username = "SweetBD";
   server = "72.20.42.118";

   /* It makes sense to put the nick password here so it ID's quicker. */
#  password = "secret";
   port = 6667;

   /*
    * Your BOPM will need a registered nick and be identified to it, to get
    * into #wg. (see below)
    */
   nickserv = "nickserv :identify bopm-nick-password";
   oper = "c0xxx xxxx"; /* i changed the password before i post this conf in this theard */
   

   /* Please use these modes, they're the only ones that make sense. */
   mode = "+Fc-h";
   away = "I'm a bot.  Your messages will be ignored.";

   channel {
      /*
       * This is where all of Blitzed's BOPMs are.  The name "#wg" is left over
       * from the days of dalnet's wgmon.
       */
      name = "#staff";

      /*
       * Make sure your BOPM is set to ID to its nick, and that it has access
       * enough in #wg to use the chanserv invite command.  Anyone opped in #wg
       * can add this access for you.
       */
      invite = "chanserv :invite #staff";
   };

   /* Hybrid / Bahamut / Unreal (in HCN mode) */
   connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";

   /*
    * "kline" controls the command used when an open proxy is confirmed.
    *
    *  %n     User's nick
    *  %u     User's username
    *  %h     User's irc hostname
    *  %i     User's IP address
    *
    * You're required to use the following kline_command:
    */
   kline = "GZLINE *@%i 1d :An open proxy was detected on your host. Ensure you have removed any malware from your computer and secured any proxy software running";
};


OPM {
   /* DroneBL (see http://www.dronebl.org/howtouse.do for details) */
   blacklist {
      name = "dnsbl.dronebl.org";
      type = "A record reply";
      ban_unknown = no;
		
      reply {
         2 = "Sample"; 
         3 = "IRC Drone"; 
         5 = "Bottler"; 
         6 = "Unknown spambot or drone";
         7 = "DDOS Drone"; 
         8 = "SOCKS Proxy"; 
         9 = "HTTP Proxy"; 
         10 = "ProxyChain"; 
         255 = "Unknown"; 
      };
      kline = "GZLINE *@%i 1d :Host listed in the DroneBL. For more information visit http://dronebl.org/lookup.do?ip=%i";
   };


        blacklist {
           name = "opm.blitzed.org";
           type = "A record bitmask";
           ban_unknown = yes;
           reply {
              1 = "WinGate";
              2 = "Socks";
              4 = "HTTP";
              8 = "Router";
              16 = "HTTP POST";
           };
           kline = "GZLINE *@%i 1d :Sorry, %n, Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
        }; 
         blacklist {
            name = "dnsbl.njabl.org";
            type = "A record reply";
            reply {
               9 = "Open proxy";
            };
            ban_unknown = no;
            kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our Open Proxy List.. www.njabl.org/cgi-bin/lookup.cgi?query=%i";
        }; 

        blacklist {
           name = "virbl.dnsbl.bit.nl";
           type = "A record reply";
           ban_unknown = yes;
           reply {
              2 = "Virus";
           };
           kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our Virus List.. http://virbl.bit.nl/list.php";
        }; 

        blacklist {
           name = "ircbl.ahbl.org";
           type = "A record reply";
           ban_unknown = yes;
           reply {
              2 = "Abusive";
           };
           kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our DDoS/Drone/Spammer/Abuse List.. http://www.ahbl.org/tools/lookup.php?ip=%i";
        }; 



        blacklist {
           name = "tor.dnsbl.sectoor.de";
           type = "A record reply";
           reply {
              1 = "Tor exit server";
           };
           ban_unknown = no;
           kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our TOR Server List.. http://www.sectoor.de/tor.php?ip=%i";
        }; 


   /* rbl.efnet.org - http://rbl.efnet.org/ */
   blacklist {
      name = "rbl.efnet.org";
      type = "A record reply";
      reply {
         1 = "Open proxy";
         2 = "Trojan spreader";
         3 = "Trojan infected client";
         5 = "Drones / Flooding";
      };
      ban_unknown = no;
      kline = "GZLINE *@%i 1d :Listed in rbl.efnet.org. See http://rbl.efnet.org/?i=%i";
   };

        blacklist {
           name = "tor.ahbl.org";
           type = "A record reply";
           reply {
              2 = "Tor exit server";
           };
           ban_unknown = no;
           kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our TOR Server List..  http://www.ahbl.org/tools/lookup.php?ip=%i";
        }; 

      blacklist {
           name = "no-more-funn.moensted.dk";
           type = "A record reply";
           ban_unknown = no;
           reply {
              10 = "Open Proxy";
           };
           kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our Open Proxy List.. http://moensted.dk/spam/no-more-funn?addr=%i";
        }; 

      blacklist {
           name = "dnsbl.sorbs.net";
           type = "A record reply";
           ban_unknown = no;
           reply {
              2 = "Open HTTP Proxy";
              3 = "Open Socks Proxy";
              4 = "Other Open Proxy";
           };
           kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our Open Proxy List as a %t.. http://dnsbl.sorbs.net/cgi-bin/db?IP=%i";
        }; 

blacklist {
  name = "spbl.bl.winbots.org";
  type = "A record reply";
  ban_unknown = yes;
  reply {
    1 = "Test";
    2 = "UnderNet Spam";
    3 = "QuakeNet Spam";
    4 = "Winbots Spam";
  };
  kline = "GZLINE *@%i 1d :%n, Your IP, %i, is in our %t List.. Email cobi@winbots.org to get this resolved.";
};


        blacklist {
           name = "dronebl.noderebellion.net";
           type = "A record reply";
           ban_unknown = no;
           reply {
              3 = "IRC spam drone (litmus/sdbot)";
              4 = "Tor anonymous proxy";
              5 = "IRC DDoS drone (wisdom/agobot/phatbot/rxbot)";
              10 = "Open proxy";
              14 = "Unknown worm/bot (found in DDoS attack by dronebl user)";
              17 = "Unknown worm/bot (found scanning NodeRebellion's IP network)";
              19 = "Open proxy (proxychain)";
           };
           kline = "GZLINE *@%i 1d :Your IP (%i), is listed as a %t in the DroneBL, see http://www.noderebellion.net/tools/lookup/?ip=%i";
        }; 

blacklist {
        name = "tor.sectoor.de";
        type = "A record reply";
        reply {
                1 = "tor exit server";
        };
        ban_unknown = no;
        kline = "GZLINE *@%i 1d :You are in the tor.sectoor.de DNSBL. Please visit http://www.sectoor.de/tor.php?ip=%i";
}; 


   /* You must use a real email address below (that you actually read). */
   dnsbl_from = "aaa@aaa.com";

   /* Don't change this, it's already the correct address. */
   dnsbl_to = "bopm-report@dronebl.org";

   /* This is usually correct. */
   sendmail = "/usr/sbin/sendmail";
};

scanner {
   name = "default";

   /*
    * Any user will get scanned on these protocols.  This is the top 10 list of
    * protocol/ports found in our blacklist and you're required to test at
    * least these.
    *
    * If you want to add more, ask the OPM people for some sensible
    * suggestions.
    */
        protocol = ROUTER:23;
        protocol = SOCKS4:559;
        protocol = HTTPPOST:3128;
        protocol = SOCKS4:1080;
        protocol = HTTP:8080;
        protocol = SOCKS5:1182;
        protocol = HTTP:3128;
        protocol = HTTPPOST:8080;
        protocol = SOCKS4:9999;
        protocol = HTTPPOST:80;
        protocol = SOCKS5:1080;
        protocol = HTTP:63000;
        protocol = HTTP:8000;
        protocol = HTTPPOST:808;
        protocol = HTTP:80;
        protocol = HTTPPOST:6588;
        protocol = HTTP:6588;
        protocol = SOCKS5:3128;
        protocol = SOCKS5:10080;
        protocol = HTTPPOST:4480;
        protocol = SOCKS4:6664;
        protocol = SOCKS4:63808;
        protocol = HTTP:6667;
        protocol = SOCKS4:19991;
        protocol = SOCKS4:1098;
        protocol = SOCKS4:10000;
        protocol = SOCKS4:4471;
        protocol = HTTP:65506;
        protocol = HTTP:63809;
        protocol = SOCKS5:9090;
        protocol = HTTP:9090;
        protocol = HTTP:6668;
        protocol = SOCKS4:58;
        protocol = SOCKS5:58;
        protocol = SOCKS4:6969;
        protocol = WINGATE:23;
        protocol = SOCKS5:3380;
        protocol = SOCKS4:40;
        protocol = SOCKS5:443;
        protocol = SOCKS4:8888;
        protocol = HTTPPOST:9090;
        protocol = HTTP:5490;
        protocol = SOCKS4:8080;
        protocol = SOCKS5:6969;
        protocol = SOCKS4:1026;
        protocol = SOCKS4:1025;
        protocol = HTTP:8888;
        protocol = HTTP:6669;
        protocol = HTTP:8090;
        protocol = HTTP:808;
        protocol = SOCKS5:1029;
        protocol = SOCKS4:41080;
        protocol = SOCKS5:8020;
        protocol = SOCKS5:6000;
        protocol = HTTPPOST:8081;
        protocol = HTTP:4480;
        protocol = SOCKS5:1027;
        protocol = SOCKS4:1028;
        protocol = HTTP:3332;
        protocol = SOCKS5:8888;
        protocol = SOCKS5:1028;
        protocol = SOCKS4:3330;
        protocol = SOCKS4:29992;
        protocol = SOCKS4:1234;
        protocol = SOCKS4:1029;
        protocol = HTTP:5000;
        protocol = HTTP:443;
        protocol = SOCKS5:1813;
        protocol = SOCKS5:1081;
        protocol = SOCKS5:1026;
        protocol = SOCKS4:1337;
        protocol = SOCKS4:1050;
        protocol = HTTP:1080;
        protocol = SOCKS5:9999;
        protocol = SOCKS5:9100;
        protocol = SOCKS5:19991;
        protocol = SOCKS5:1098;
        protocol = SOCKS4:9100;
        protocol = SOCKS4:7080;
        protocol = SOCKS4:1033;
        protocol = HTTP:9000;
        protocol = HTTP:5800;
        protocol = HTTP:5634;
        protocol = HTTP:4471;
        protocol = HTTP:3382;
        protocol = SOCKS5:1200;
        protocol = SOCKS5:1039;
        protocol = SOCKS5:1025;
        protocol = SOCKS4:8002;
        protocol = SOCKS4:6748;
        protocol = SOCKS4:44548;
        protocol = SOCKS4:3380;
        protocol = SOCKS4:32167;
        protocol = SOCKS4:2000;
        protocol = SOCKS4:1979;
        protocol = SOCKS4:12654;
        protocol = SOCKS4:11225;
        protocol = SOCKS4:1066;
        protocol = SOCKS4:1030;
        protocol = SOCKS4:1027;
        protocol = SOCKS4:10099;
        protocol = HTTP:81;
        protocol = HTTP:6665;
        protocol = HTTP:6664;
        protocol = HTTP:6663;
        protocol = SOCKS5:8278;
        protocol = SOCKS5:6748;
        protocol = SOCKS5:4914;
        protocol = SOCKS5:4471;
        protocol = SOCKS5:29992;
        protocol = SOCKS5:17235;
        protocol = SOCKS5:1234;
        protocol = SOCKS5:1202;
        protocol = SOCKS5:1180;
        protocol = SOCKS5:1075;
        protocol = SOCKS5:1033;
        protocol = SOCKS5:10000;
        protocol = SOCKS4:8020;
        protocol = SOCKS4:4044;
        protocol = SOCKS4:3128;
        protocol = SOCKS4:3127;
        protocol = SOCKS4:28882;
        protocol = SOCKS4:24973;
        protocol = SOCKS4:21421;
        protocol = SOCKS4:1182;
        protocol = SOCKS4:1032;
        protocol = SOCKS4:10242;
        protocol = HTTPPOST:8089;
        protocol = HTTP:8082;
        protocol = HTTP:6661;
        protocol = HTTP:35233;
        protocol = HTTP:19991;
        protocol = HTTP:1098;
        protocol = HTTP:1050;
        protocol = SOCKS5:9988;
        protocol = SOCKS5:8080;
        protocol = SOCKS5:8009;
        protocol = SOCKS5:6561;
        protocol = SOCKS5:24971;
        protocol = SOCKS5:18844;
        protocol = SOCKS5:1122;
        protocol = SOCKS5:10777;
        protocol = SOCKS5:1030;
        protocol = SOCKS5:10130;
        protocol = SOCKS5:10099;
        protocol = SOCKS4:8751;
        protocol = SOCKS4:8278;
        protocol = SOCKS4:8111;
        protocol = SOCKS4:7007;
        protocol = SOCKS4:6551;
        protocol = SOCKS4:5353;
        protocol = SOCKS4:443;
        protocol = SOCKS4:43341;
        protocol = SOCKS4:3801;
        protocol = SOCKS4:2280;
        protocol = SOCKS4:1978;
        protocol = SOCKS4:1212;
        protocol = SOCKS4:1039;
        protocol = SOCKS4:1031;
        protocol = HTTPPOST:81;
        protocol = HTTP:9988;
        protocol = HTTP:7868;
        protocol = HTTP:7070;
        protocol = HTTP:444;
        protocol = HTTP:1200;
        protocol = HTTP:1039;


   /*
    * If your ircd is running from a machine with more than one interface,
    * you'll need to specify the IP to scan from here.  Particularly important
    * if you're running on a shell server.
    */
  vhost = "72.20.42.118";

   /* Don't bother changing these unless you know what they do. */
   fd = 512;
   max_read = 4096;
   timeout = 30;

   /* Don't forget to change this to the public IP of your server! */
   target_ip     = "irc.mynetwork.com";

   /* This needs to be a port that is available to normal clients. */
   target_port   = 6667;

   /* Don't forget to change this to have your FULL server name here! */
   target_string = "*** Looking up your hostname...";
};

scanner {
   /*
    * Here's a bunch more tests to do on "suspicious-looking" clients.  Again,
    * these are the most popular ports/protocols found in our blacklist, but
    * feel free to add/remove some if you know what you're doing.
    */
   name = "extra";

   protocol = WINGATE:1181;

   protocol = HTTP:81;
   protocol = HTTP:8000;
   protocol = HTTP:8001;
   protocol = HTTP:8081;
   protocol = HTTP:5748;
   protocol = HTTP:443;

   protocol = HTTPPOST:81;
   protocol = HTTPPOST:6588;
   protocol = HTTPPOST:8000;
   protocol = HTTPPOST:8001;
   protocol = HTTPPOST:8081;

   protocol = SOCKS5:1978;
   protocol = SOCKS5:10001;
   protocol = SOCKS5:30021;
   protocol = SOCKS5:30022;
   protocol = SOCKS5:38994;
   protocol = SOCKS5:15859;
   protocol = SOCKS5:1027;
   protocol = SOCKS5:2425;

   protocol = SOCKS4:559;
   protocol = SOCKS4:29992;
   protocol = SOCKS4:38884;
   protocol = SOCKS4:18844;
   protocol = SOCKS4:17771;
   protocol = SOCKS4:31121;
   protocol = SOCKS4:1182;

   protocol = ROUTER:23;

   /* Less fds are given to this scanner */
   fd = 400;
};

user {
   scanner = "default";
   mask = "*!*@*";
};

user {
   scanner = "extra";
   /*
    * If the user matches any of these masks they will get the extra scans
    * too.
    *
    * Connections without ident will match on a vast number of connections;
    * very few proxies run ident though.
    */
   mask = "*!~*@*";
   mask = "*!squid@*";
   mask = "*!nobody@*";
   mask = "*!www-data@*";
   mask = "*!cache@*";
   mask = "*!CacheFlowS@*";
   mask = "*!*@*www*";
   mask = "*!*@*proxy*";
   mask = "*!*@*cache*";
};

/*
 * You can use exempts to deliberately allow certain insecure proxies onto the
 * network, but this should never be necessary!  Please consult BOPM people
 * before using this.  If you think you have found a false positive then they
 * really need to know.
 */
/*
exempt {
	mask = "*!*@127.0.0.1";
};
*/


Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Re: need help with bopm

Post by Stealth » Fri Jan 16, 2009 5:24 pm

You need to put this line in your IRC block to make the BOPM get the correct connection notice:

Code: Select all

perform = "PROTOCTL HCN";
Also, your modes are incorrect. They should be:

Code: Select all

mode = "-h+s +Fc";
For modes, it's always easier to use oper::modes and oper::snomask to manage them.

MaRkODrAcUlA
Posts: 16
Joined: Fri Feb 20, 2009 5:05 pm
Location: Albania
Contact:

Re: need help with bopm

Post by MaRkODrAcUlA » Fri Feb 20, 2009 5:15 pm

i cant connect :(
where can i place-> perform = "PROTOCTL HCN"; <-?
anywhere in bomp file ?

digi198816
Posts: 33
Joined: Sat Apr 12, 2008 7:02 pm
Location: Brampton, Ontario

Re: need help with bopm

Post by digi198816 » Sat Feb 21, 2009 3:02 am

There should already be a
"perform = "PROTOCTL HCN";" in Bomp config file, all u would need to do is uncomment it. If u cant then add it anywhere in the config.

Post Reply