BOPM doesn't ban TOR services

The UnrealIRCd team does not officially provide support for any services packages that you may be using or want to use. This forum is provided so the community can help each other with services issues.

Moderator: Supporters

Post Reply
Laterport
Posts: 8
Joined: Sun Jan 22, 2012 5:14 am

BOPM doesn't ban TOR services

Post by Laterport » Fri Jun 22, 2012 4:04 am

Hello everyone!
With any proxies it works very well, but when i see this in the bopm.log:

Code: Select all

[Jun 22 03:41:22 2012] DNSBL -> nick!mynickname@199.48.147.35 appears in BL zone tor.dnsbl.sectoor.de (Tor exit server)
nothing happens.


bopm.conf:

Code: Select all


IRC 
      {
	nick = "del";
	realname = "del";
	username = "del"; 
	server = "del";
	port = 6667;
#	password = "pass";
#	nickserv = "privmsg nickserv :identify pass";
	oper = "del";
        mode = "+csFGk";
	away = "del";
#	vhost = "0.0.0.0";
	channel { name = "#opers";
#                 key = "key";
#	          invite = "privmsg chanserv :invite #bopm";               
                };
        connregex = "\\*\\*\\* Notice -- Client connectin.*: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([^ ]+)\\] .*";
        kline = "GLINE *@%h 0 :del";
        perform = "PROTOCTL HCN";
   };

OPM {
       blacklist {
    name = "dnsbl.dronebl.org";
    type = "A record reply";
    reply {
        2 = "Sample";
        3 = "IRC Drone";
        5 = "Bottler";
        6 = "Unknown spambot or drone";
        7 = "DDOS Drone";
        8 = "SOCKS Proxy";
        9 = "HTTP Proxy";
        10 = "ProxyChain";
        13 = "Brute force attackers";
        14 = "Open Wingate Proxy";
        15 = "Compromised router / gateway";
        17 = "Automatically determined botnet IPs (experimental)";
        255 = "Unknown";
    };
    ban_unknown = no;
    kline = "PRIVMSG OperServ :akill add +3h *@%i You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=Network"; 
};


            blacklist {
               name = "opm.blitzed.org";
               type = "A record bitmask";
               ban_unknown = yes;
               reply {
                  1 = "WinGate";
                  2 = "Socks";
                  4 = "HTTP";
                  8 = "Router";
                  16 = "HTTP POST";
               };
               kline = "KLINE 10080 *@%i :Sorry, %n, Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
            };

             blacklist {
                name = "dnsbl.njabl.org";
                type = "A record reply";
                reply {
                   9 = "Open proxy";
                };
                ban_unknown = no;
                kline = "KLINE 10080 *@%i :%n, Your IP, %i, is in our Open Proxy List.. www.njabl.org/cgi-bin/lookup.cgi?query=%i";
            };
                 blacklist {
	         name = "dnsbl.swiftbl.org";
	         type = "A record reply";
	         reply {
		    2 = "SOCKS Proxy";
		    3 = "HTTP Proxy";
		    4 = "IRC Drone";
	};
	ban_unknown = no;
	kline = "gline +*@%h 10000 :Your host is listed in SwiftBL. For further information and removal visit http://swiftbl.org/lookup";
};
 
            blacklist {
               name = "virbl.dnsbl.bit.nl";
               type = "A record reply";
               ban_unknown = yes;
               reply {
                  2 = "Virus";
               };
               kline = "KLINE 10080 *@%i :%n, Your IP, %i, is in our Virus List.. http://virbl.bit.nl/list.php";
            };
 
            blacklist {
               name = "ircbl.ahbl.org";
               type = "A record reply";
               ban_unknown = yes;
               reply {
                  2 = "Abusive";
               };
               kline = "KLINE 10080 *@%i :%n, Your IP, %i, is in our DDoS/Drone/Spammer/Abuse List.. http://www.ahbl.org/tools/lookup.php?ip=%i";
            };
 
 
 
            blacklist {
               name = "tor.dnsbl.sectoor.de";
               type = "A record reply";
               reply {
                  1 = "Tor exit server";
               };
               ban_unknown = no;
               kline = "KLINE 10080 *@%i :%n, Your IP, %i, is in our TOR Server List.. http://www.sectoor.de/tor.php?ip=%i";
            };
 
 
       /* rbl.efnet.org - http://rbl.efnet.org/ */
       blacklist {
           name = "rbl.efnetrbl.org";
           type = "A record reply";
           ban_unknown = no;
           reply { 
   		   1 = "Open Proxy";
		   2 = "spamtrap666";
		   3 = "spamtrap50";
   		   4 = "TOR";
		   5 = "Drones / Flooding";
   	   };
    	   kline = "KLINE 1440 *@%h :Blacklisted Proxy found.  Visit http://rbl.efnetrbl.org/?i=%i for info.";
};
 
            blacklist {
               name = "tor.ahbl.org";
               type = "A record reply";
               reply {
                  2 = "Tor exit server";
               };
               ban_unknown = no;
               kline = "KLINE 10080 *@%i :%n, Your IP, %i, is in our TOR Server List..  http://www.ahbl.org/tools/lookup.php?ip=%i";
            };
 
          blacklist {
               name = "no-more-funn.moensted.dk";
               type = "A record reply";
               ban_unknown = no;
               reply {
                  10 = "Open Proxy";
               };
               kline = "KLINE 10080 *@%i :%n, Your IP, %i, is in our Open Proxy List.. http://moensted.dk/spam/no-more-funn?addr=%i";
            };
 
          blacklist {
               name = "dnsbl.sorbs.net";
               type = "A record reply";
               ban_unknown = no;
               reply {
                  2 = "Open HTTP Proxy";
                  3 = "Open Socks Proxy";
                  4 = "Other Open Proxy";
               };
               kline = "KLINE 10080 *@%i :%n, Your IP, %i, is in our Open Proxy List as a %t.. http://dnsbl.sorbs.net/cgi-bin/db?IP=%i";
            };
 
    blacklist {
      name = "spbl.bl.winbots.org";
      type = "A record reply";
      ban_unknown = yes;
      reply {
        1 = "Test";
        2 = "UnderNet Spam";
        3 = "QuakeNet Spam";
        4 = "Winbots Spam";
      };
      kline = "KLINE 10080 *@%i :%n, Your IP, %i, is in our %t List.. Email cobi@winbots.org to get this resolved.";
    };
 
 
            blacklist {
               name = "dronebl.noderebellion.net";
               type = "A record reply";
               ban_unknown = no;
               reply {
                  3 = "IRC spam drone (litmus/sdbot)";
                  4 = "Tor anonymous proxy";
                  5 = "IRC DDoS drone (wisdom/agobot/phatbot/rxbot)";
                  10 = "Open proxy";
                  14 = "Unknown worm/bot (found in DDoS attack by dronebl user)";
                  17 = "Unknown worm/bot (found scanning NodeRebellion's IP network)";
                  19 = "Open proxy (proxychain)";
               };
               kline = "KLINE 10080 *@%i :Your IP (%i), is listed as a %t in the DroneBL, see http://www.noderebellion.net/tools/lookup/?ip=%i";
            };
 
    blacklist {
            name = "tor.sectoor.de";
            type = "A record reply";
            reply {
                    1 = "tor exit server";
            };
            ban_unknown = no;
            kline = "KLINE *@%i 7d :You are in the tor.sectoor.de DNSBL. Please visit http://www.sectoor.de/tor.php?ip=%i";
    };
 
       dnsbl_from = "Admin@Aha-irc.net";
       dnsbl_to = "bopm-report@dronebl.org";
       sendmail = "/usr/sbin/sendmail";
    };
 
    scanner {
       name = "default";
            protocol = ROUTER:23;
            protocol = SOCKS4:559;
            protocol = HTTPPOST:3128;
            protocol = SOCKS4:1080;
            protocol = HTTP:8080;
            protocol = SOCKS5:1182;
            protocol = HTTP:3128;
            protocol = HTTPPOST:8080;
            protocol = SOCKS4:9999;
            protocol = HTTPPOST:80;
            protocol = SOCKS5:1080;
            protocol = HTTP:63000;
            protocol = HTTP:8000;
            protocol = HTTPPOST:808;
            protocol = HTTP:80;
            protocol = HTTPPOST:6588;
            protocol = HTTP:6588;
            protocol = SOCKS5:3128;
            protocol = SOCKS5:10080;
            protocol = HTTPPOST:4480;
            protocol = SOCKS4:63808;
            protocol = SOCKS4:19991;
            protocol = SOCKS4:1098;
            protocol = SOCKS4:10000;
            protocol = SOCKS4:4471;
            protocol = HTTP:65506;
            protocol = HTTP:63809;
            protocol = SOCKS5:9090;
            protocol = HTTP:9090;
            protocol = SOCKS4:58;
            protocol = SOCKS5:58;
            protocol = SOCKS4:6969;
            protocol = WINGATE:23;
            protocol = SOCKS5:3380;
            protocol = SOCKS4:40;
            protocol = SOCKS5:443;
            protocol = SOCKS4:8888;
            protocol = HTTPPOST:9090;
            protocol = HTTP:5490;
            protocol = SOCKS4:8080;
            protocol = SOCKS5:6969;
            protocol = SOCKS4:1026;
            protocol = SOCKS4:1025;
            protocol = HTTP:8888;
            protocol = HTTP:8090;
            protocol = HTTP:808;
            protocol = SOCKS5:1029;
            protocol = SOCKS4:41080;
            protocol = SOCKS5:8020;
            protocol = SOCKS5:6000;
            protocol = HTTPPOST:8081;
            protocol = HTTP:4480;
            protocol = SOCKS5:1027;
            protocol = SOCKS4:1028;
            protocol = HTTP:3332;
            protocol = SOCKS5:8888;
            protocol = SOCKS5:1028;
            protocol = SOCKS4:3330;
            protocol = SOCKS4:29992;
            protocol = SOCKS4:1234;
            protocol = SOCKS4:1029;
            protocol = HTTP:5000;
            protocol = HTTP:443;
            protocol = SOCKS5:1813;
            protocol = SOCKS5:1081;
            protocol = SOCKS5:1026;
            protocol = SOCKS4:1337;
            protocol = SOCKS4:1050;
            protocol = HTTP:1080;
            protocol = SOCKS5:9999;
            protocol = SOCKS5:9100;
            protocol = SOCKS5:19991;
            protocol = SOCKS5:1098;
            protocol = SOCKS4:9100;
            protocol = SOCKS4:7080;
            protocol = SOCKS4:1033;
            protocol = HTTP:9000;
            protocol = HTTP:5800;
            protocol = HTTP:5634;
            protocol = HTTP:4471;
            protocol = HTTP:3382;
            protocol = SOCKS5:1200;
            protocol = SOCKS5:1039;
            protocol = SOCKS5:1025;
            protocol = SOCKS4:8002;
            protocol = SOCKS4:6748;
            protocol = SOCKS4:44548;
            protocol = SOCKS4:3380;
            protocol = SOCKS4:32167;
            protocol = SOCKS4:2000;
            protocol = SOCKS4:1979;
            protocol = SOCKS4:12654;
            protocol = SOCKS4:11225;
            protocol = SOCKS4:1066;
            protocol = SOCKS4:1030;
            protocol = SOCKS4:1027;
            protocol = SOCKS4:10099;
            protocol = HTTP:81;
            protocol = SOCKS5:8278;
            protocol = SOCKS5:6748;
            protocol = SOCKS5:4914;
            protocol = SOCKS5:4471;
            protocol = SOCKS5:29992;
            protocol = SOCKS5:17235;
            protocol = SOCKS5:1234;
            protocol = SOCKS5:1202;
            protocol = SOCKS5:1180;
            protocol = SOCKS5:1075;
            protocol = SOCKS5:1033;
            protocol = SOCKS5:10000;
            protocol = SOCKS4:8020;
            protocol = SOCKS4:4044;
            protocol = SOCKS4:3128;
            protocol = SOCKS4:3127;
            protocol = SOCKS4:28882;
            protocol = SOCKS4:24973;
            protocol = SOCKS4:21421;
            protocol = SOCKS4:1182;
            protocol = SOCKS4:1032;
            protocol = SOCKS4:10242;
            protocol = HTTPPOST:8089;
            protocol = HTTP:8082;
            protocol = HTTP:35233;
            protocol = HTTP:19991;
            protocol = HTTP:1098;
            protocol = HTTP:1050;
            protocol = SOCKS5:9988;
            protocol = SOCKS5:8080;
            protocol = SOCKS5:8009;
            protocol = SOCKS5:6561;
            protocol = SOCKS5:24971;
            protocol = SOCKS5:18844;
            protocol = SOCKS5:1122;
            protocol = SOCKS5:10777;
            protocol = SOCKS5:1030;
            protocol = SOCKS5:10130;
            protocol = SOCKS5:10099;
            protocol = SOCKS4:8751;
            protocol = SOCKS4:8278;
            protocol = SOCKS4:8111;
            protocol = SOCKS4:7007;
            protocol = SOCKS4:6551;
            protocol = SOCKS4:5353;
            protocol = SOCKS4:443;
            protocol = SOCKS4:43341;
            protocol = SOCKS4:3801;
            protocol = SOCKS4:2280;
            protocol = SOCKS4:1978;
            protocol = SOCKS4:1212;
            protocol = SOCKS4:1039;
            protocol = SOCKS4:1031;
            protocol = HTTPPOST:81;
            protocol = HTTP:9988;
            protocol = HTTP:7868;
            protocol = HTTP:7070;
            protocol = HTTP:444;
            protocol = HTTP:1200;
            protocol = HTTP:1039;
       vhost = "0.0.0.0";
       fd = 512;
       max_read = 4096;
       timeout = 30;
       target_ip     = "83.69.233.12";
       target_port   = 6667;
       target_string = "*** Looking up your hostname...";
    };
 
    scanner {
       name = "extra";
 
        protocol = WINGATE:1181;
        protocol = HTTP:81;
        protocol = HTTP:8000;
        protocol = HTTP:8001;
        protocol = HTTP:8081;
        protocol = HTTP:5748;
        protocol = HTTP:443;
        protocol = SOCKS4:4914;
        protocol = SOCKS4:6826;
        protocol = SOCKS4:7198;
        protocol = SOCKS4:7366;
        protocol = SOCKS4:9036;
        protocol = SOCKS5:4438;
        protocol = SOCKS5:5104;
        protocol = SOCKS5:5113;
        protocol = SOCKS5:5262;
        protocol = SOCKS5:5634;
        protocol = SOCKS5:6552;
        protocol = SOCKS5:6561;
        protocol = SOCKS5:7464;
        protocol = SOCKS5:7810;
        protocol = SOCKS5:8130;
        protocol = SOCKS5:8148;
        protocol = SOCKS5:8520;
        protocol = SOCKS5:8814;
        protocol = SOCKS5:9100;
        protocol = SOCKS5:9186;
        protocol = SOCKS5:9447;
        protocol = SOCKS5:9578;
        protocol = SOCKS4:559;
        protocol = HTTPPOST:3128;
        protocol = SOCKS4:1080;
        protocol = HTTP:8080;
        protocol = SOCKS5:1182;
        protocol = HTTP:3128;
        protocol = HTTPPOST:8080;
        protocol = SOCKS4:9999;
        protocol = SOCKS5:1080;
        protocol = HTTP:63000;
        protocol = HTTP:8000;
        protocol = HTTPPOST:808;
        protocol = HTTPPOST:6588;
        protocol = HTTP:6588;
        protocol = SOCKS5:3128;
        protocol = SOCKS5:10080;
        protocol = HTTPPOST:4480;
        protocol = SOCKS4:63808;
        protocol = SOCKS4:19991;
        protocol = SOCKS4:1098;
        protocol = SOCKS4:10000;
        protocol = SOCKS4:4471;
        protocol = HTTP:65506;
        protocol = HTTP:63809;
        protocol = SOCKS5:9090;
        protocol = HTTP:9090;
        protocol = SOCKS4:58;
        protocol = SOCKS5:58;
        protocol = SOCKS4:6969;
        protocol = WINGATE:23;
        protocol = SOCKS5:3380;
        protocol = SOCKS4:40;
        protocol = SOCKS5:443;
        protocol = SOCKS4:8888;
        protocol = HTTPPOST:9090;
        protocol = HTTP:5490;
        protocol = SOCKS4:8080;
        protocol = SOCKS5:6969;
        protocol = SOCKS4:1026;
        protocol = SOCKS4:1025;
        protocol = HTTP:8090;
        protocol = HTTP:808;
        protocol = SOCKS5:1029;
        protocol = SOCKS4:41080;
        protocol = SOCKS5:8020;
        protocol = SOCKS5:6000;
        protocol = HTTPPOST:8081;
        protocol = HTTP:4480;
        protocol = SOCKS5:1027;
        protocol = SOCKS4:1028;
        protocol = HTTP:3332;
        protocol = SOCKS5:8888;
        protocol = SOCKS5:1028;
        protocol = SOCKS4:3330;
        protocol = SOCKS4:29992;
        protocol = SOCKS4:1234;
        protocol = SOCKS4:1029;
        protocol = HTTP:5000;
        protocol = HTTP:443;
        protocol = SOCKS5:1813;
        protocol = SOCKS5:1081;
        protocol = SOCKS5:1026;
        protocol = SOCKS4:1337;
        protocol = SOCKS4:1050;
        protocol = HTTP:1080;
        protocol = SOCKS5:9999;
        protocol = SOCKS5:9100;
        protocol = SOCKS5:19991;
        protocol = SOCKS5:1098;
        protocol = SOCKS4:9100;
        protocol = SOCKS4:7080;
        protocol = SOCKS4:1033;
        protocol = HTTP:9000;
        protocol = HTTP:5800;
        protocol = HTTP:5634;
        protocol = HTTP:4471;
        protocol = HTTP:3382;
        protocol = SOCKS5:1200;
        protocol = SOCKS5:1039;
        protocol = SOCKS5:1025;
        protocol = SOCKS4:8002;
        protocol = SOCKS4:6748;
        protocol = SOCKS4:44548;
        protocol = SOCKS4:3380;
        protocol = SOCKS4:32167;
        protocol = SOCKS4:2000;
        protocol = SOCKS4:1979;
        protocol = SOCKS4:12654;
        protocol = SOCKS4:11225;
        protocol = SOCKS4:1066;
        protocol = SOCKS4:1030;
        protocol = SOCKS4:1027;
        protocol = SOCKS4:10099;
        protocol = HTTP:81;
        protocol = SOCKS5:8278;
        protocol = SOCKS5:6748;
        protocol = SOCKS5:4914;
        protocol = SOCKS5:4471;
        protocol = SOCKS5:29992;
        protocol = SOCKS5:17235;
        protocol = SOCKS5:1234;
        protocol = SOCKS5:1202;
        protocol = SOCKS5:1180;
        protocol = SOCKS5:1075;
        protocol = SOCKS5:1033;
        protocol = SOCKS5:10000;
        protocol = SOCKS4:8020;
        protocol = SOCKS4:4044;
        protocol = SOCKS4:3128;
        protocol = SOCKS4:3127;
        protocol = SOCKS4:28882;
        protocol = SOCKS4:24973;
        protocol = SOCKS4:21421;
        protocol = SOCKS4:1182;
        protocol = SOCKS4:1032;
        protocol = SOCKS4:10242;
        protocol = HTTPPOST:8089;
        protocol = HTTP:8082;
        protocol = HTTP:35233;
        protocol = HTTP:19991;
        protocol = HTTP:1098;
        protocol = HTTP:1050;
        protocol = SOCKS5:9988;
        protocol = SOCKS5:8080;
        protocol = SOCKS5:8009;
        protocol = SOCKS5:6561;
        protocol = SOCKS5:24971;
        protocol = SOCKS5:18844;
        protocol = SOCKS5:1122;
        protocol = SOCKS5:10777;
        protocol = SOCKS5:1030;
        protocol = SOCKS5:10130;
        protocol = SOCKS5:10099;
        protocol = SOCKS4:8751;
        protocol = SOCKS4:8278;
        protocol = SOCKS4:8111;
        protocol = SOCKS4:7007;
        protocol = SOCKS4:6551;
        protocol = SOCKS4:5353;
        protocol = SOCKS4:443;
        protocol = SOCKS4:43341;
        protocol = SOCKS4:3801;
        protocol = SOCKS4:2280;
        protocol = SOCKS4:1978;
        protocol = SOCKS4:1212;
        protocol = SOCKS4:1039;
        protocol = SOCKS4:1031;
        protocol = HTTPPOST:81;
        protocol = HTTP:9988;
        protocol = HTTP:7868;
        protocol = HTTP:7070;
        protocol = HTTP:444;
        protocol = HTTP:1200;
        protocol = HTTP:1039;
        protocol = SOCKS4:11348;
        protocol = SOCKS5:11348;
        protocol = SOCKS4:6081;
        protocol = SOCKS5:6081;
        protocol = SOCKS4:25552;
        protocol = SOCKS5:25552;
        protocol = SOCKS4:50305;
        protocol = SOCKS5:50305;
        protocol = SOCKS4:29992;
        protocol = SOCKS4:38884;
        protocol = SOCKS4:18844;
        protocol = SOCKS4:17771;
        protocol = SOCKS4:31121;
        protocol = HTTPPOST:81;
        protocol = HTTPPOST:6588;
        protocol = HTTPPOST:8000;
        protocol = HTTPPOST:8001;
        protocol = HTTPPOST:8081;
        protocol = SOCKS5:1978;
        protocol = SOCKS5:10001;
        protocol = SOCKS5:30021;
        protocol = SOCKS5:30022;
        protocol = SOCKS5:38994;
        protocol = SOCKS5:15859;
        protocol = SOCKS5:1027;
        protocol = SOCKS5:2425;
        protocol = SOCKS4:559;
        protocol = SOCKS4:29992;
        protocol = SOCKS4:38884;
        protocol = SOCKS4:18844;
        protocol = SOCKS4:17771;
        protocol = SOCKS4:31121;
        protocol = SOCKS4:1182;
        protocol = ROUTER:23;
       fd = 400;
    };
 
    user {
       scanner = "default";
       mask = "*!*@*";
    };
 
    user {
       scanner = "extra";
       mask = "*!squid@*";
       mask = "*!nobody@*";
       mask = "*!www-data@*";
       mask = "*!cache@*";
       mask = "*!CacheFlowS@*";
       mask = "*!*@*www*";
       mask = "*!*@*proxy*";
       mask = "*!*@*cache*";
    };
 
    exempt {
       mask = "*!*@127.0.0.1";
    };

options {

	pidfile = "/var/log/bopm/bopm.pid";
#	negcache = 3600;
	dns_fdlimit = 64;
#	scanlog = "/var/log/bopm/scan.log";
};
	


Laterport
Posts: 8
Joined: Sun Jan 22, 2012 5:14 am

Re: BOPM doesn't ban TOR services

Post by Laterport » Fri Jun 22, 2012 7:18 am

SOLVED!

Jobe1986
Official supporter
Posts: 1177
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: BOPM doesn't ban TOR services

Post by Jobe1986 » Sat Jun 23, 2012 8:05 pm

And so others can learn from your mistakes/errors, what was the solution to your problem?

Post Reply