|
Name |
|
Date |
Size |
#Lines |
LOC |
| .. | | 03-May-2022 | - |
| contrib/ | H | 07-May-2022 | - | 269 | 149 |
| network-bopm/ | H | 07-May-2022 | - | 305 | 169 |
| src/ | H | 16-May-2007 | - | 64,543 | 48,775 |
| ChangeLog | H A D | 15-May-2007 | 92.4 KiB | 3,535 | 2,187 |
| INSTALL | H A D | 28-Jan-2003 | 4.4 KiB | 106 | 80 |
| Makefile.am | H A D | 15-May-2007 | 681 | 24 | 18 |
| Makefile.in | H A D | 03-May-2022 | 20.2 KiB | 656 | 579 |
| README | H A D | 25-Jun-2003 | 6.2 KiB | 174 | 118 |
| TODO | H A D | 29-Dec-2002 | 101 | 3 | 2 |
| aclocal.m4 | H A D | 15-May-2007 | 256.4 KiB | 7,282 | 6,529 |
| bopm.conf.blitzed | H A D | 15-May-2007 | 6.8 KiB | 261 | 219 |
| bopm.conf.sample | H A D | 03-May-2022 | 22.5 KiB | 694 | 607 |
| config.guess | H A D | 19-Jun-2006 | 43 KiB | 1,498 | 1,287 |
| config.sub | H A D | 19-Jun-2006 | 31.6 KiB | 1,609 | 1,466 |
| configure | H A D | 15-May-2007 | 789.6 KiB | 25,420 | 20,700 |
| configure.in | H A D | 15-May-2007 | 3.1 KiB | 121 | 92 |
| depcomp | H A D | 08-Aug-2002 | 11.8 KiB | 424 | 278 |
| install-sh | H A D | 26-May-2002 | 5.5 KiB | 252 | 153 |
| ltmain.sh | H A D | 19-Jun-2006 | 192.1 KiB | 6,872 | 5,424 |
| missing | H A D | 08-Aug-2002 | 10 KiB | 337 | 263 |
| mkinstalldirs | H A D | 26-May-2002 | 722 | 41 | 23 |
README
1Introduction
2------------
3
4BOPM (Blitzed Open Proxy Monitor) is an open proxy monitoring bot designed for
5Bahamut and Hybrid based ircds. The bot is designed to monitor an individual
6server (all servers on the network have to run their own bot) with a local o:
7line and monitor connections. When a client connects to the server, BOPM will
8scan the connection for insecure proxies. Insecure proxies are determined by
9attempting to connect the proxy back to another host (usually the IRC server in
10question).
11
12BOPM is written ground-up in C language, concept derived from wgmon. It
13improves on wgmon with HTTP support, faster scanning (it can scan clients
14simultaneously), better layout (scalability), and dnsbl support.
15
16
17Requirements
18------------
19
20o An IRCd which presents connection notices in a format which BOPM
21 recognises (see below).
22
23o A host with full connectivity for all the ports you wish to scan. i.e. is
24 NOT transparently proxied -- many domestic internet connections have port 80
25 transparently proxied and this produces completely unpredictable results,
26 sometimes as severe as 100% of clients being K:lined!
27
28o A unix OS with GNU Make, an ANSI C compiler, etc.. BOPM probably does
29 compile and work on win32 under cygwin, but we won't support it.
30
31o Permission from your users to portscan them for open proxies.
32
33
34Compatibility
35-------------
36
37Bahamut (tested with 1.4.28 -> 1.4.34)
38Hybrid (tested with 2.8/hybrid-5.3p8, ircd-hybrid-6.3 and ircd-hybrid-7)
39Unreal (tested with 3.1.2 and 3.2)
40Dancer (tested with 1.0.31)
41Ultimate IRCD (tested with UltimateIRCd(Tsunami)-3.0(00).a22) - please
42note, earlier versions of Ultimate IRCD are *not* supported
43
44BOPM is designed for the Bahamut and Hybrid IRCds. It is easily
45suitable for any other ircd with little modification (connregex in bopm.conf).
46However, if an ircd does not send IP's in a connection notice (bahamut sends
47[IP]), BOPM will not be effective because the time it takes to resolve a
48hostname would be a significant factor to BOPM's efficiency.
49
50If you want to use BOPM but you don't think your ircd supports it then please
51contact us. As long as source is available for your ircd then we can almost
52certainly make BOPM work with it.
53
54Any questions regarding compatibility should be sent to the developers. If
55feasible we might be able to add compatibility to multiple ircd types to the
56project in the future.
57
58
59Command Line Options
60--------------------
61
62-c <name> Config name. By default BOPM reads bopm.conf, "-c foo"
63 will cause BOPM to read foo.conf. The primary use for
64 this is to run multiple BOPMs from one directory.
65
66-d Debug mode. BOPM will not fork, and will write logs to stderr.
67 Multiple -d increase debug level.
68
69
70Operator Channel Commands
71-------------------------
72
73botnick check <host> [scanner] -- Manually scan host for insecure proxies and output all errors.
74 If scanner is not given, bopm will scan on all scanners.
75 NOTE: this will NOT add a kline (or whatever) if it finds a
76 proxy. This is a change from 2.x.
77
78botnick stats -- Output scan stats, uptime and client connection count.
79
80botnick fdstat -- Output some into about file descriptors in use.
81
82Also if several BOPMs are present in one channel they will all respond to !all,
83for example !all stats (fixed in BOPM 3.1.0).
84
85
86Rehashing BOPM
87--------------
88
89A /kill to bopm will cause the process to restart, rehashing the configuration file
90and ending all queued scans.
91
92
93Logging
94-------
95
96Once started, BOPM logs all significant events to a file called "bopm.log"
97which by default can be found at $HOME/bopm/var/bopm.log. There is also a
98config option to log all proxy scans initiated, which can be quite useful if
99you receive an abuse report related to portscanning.
100
101These log files, especially the scan log, can grow quite large. It is
102suggested that you arrange for these files to be rotated periodically. An
103example shell script is provided in the contrib/logrotate directory. If you
104prefer to use the log rotation facilities of your operating system then you
105should send a USR1 signal to BOPM after moving its logfiles - this will cause
106BOPM to reopen those files.
107
108
109Support
110-------
111
112BOPM has a mailing list for general discussion and announcements. CVS
113commit emails are also sent there and that is also the place to mail your
114patches (unless they are massive, in which case just post a URL). You can
115subscribe to this list from:
116
117 http://lists.blitzed.org/listinfo/bopm
118
119Also check if your question is answered on the BOPM FAQ:
120
121 http://blitzed.org/bopm/faq.phtml
122
123No IRC support currently exists for BOPM. If you would like to run such a
124support channel, please let us know so that we can list it here.
125
126
127Compatibility Notes
128-------------------
129
130o Unreal Ircd
131
132 For *older* versions of Unreal to work, patches to fix the HCN connect
133 notices (found at http://www.blitzed.org/files/) must be applied.
134
135 Unreal 3.1.3 seems to require opers to be global if they are to see
136 connection notices.
137 -- prince@avalon.zirc.org
138
139 Later versions of Unreal require different user modes to be set on BOPM for
140 it to see connection notices. You will need to use
141
142 mode = "+sc";
143
144 in your bopm.conf. Also later versions of Unreal no longer require patching
145 as described above.
146 -- prince@avalon.zirc.org
147
148o IRCu
149
150 IRCu does not present a banner to clients when they connect, so
151 target_string, target_ip and target_port must use some other service besides
152 ircd. For those with root access to their servers, the following inetd.conf
153 example is an easy fix for this:
154
155 # BOPM proxy check string
156 16667 stream tcp nowait nobody /bin/echo echo Open Proxy Check
157
158 target_string can then be set to "Open Proxy Check", and target_ip/target_port
159 set to your IP and port 16667.
160
161 If you don't want to do the above, you could use any other service on
162 your machine that presents a banner. We would recommend against using
163 port 25 because it is common for providers to transparently proxy port
164 25.
165
166 Also, to see connect notices, your bopm should set itself umode "+s +16384".
167 There is a config file item for setting umodes.
168
169
170Credits
171-------
172
173Please see the CREDITS file.
174