| 1 |
Introduction |
| 2 |
============ |
| 3 |
|
| 4 |
HOPM (Hybrid Open Proxy Monitor) is an open-proxy monitoring bot designed to |
| 5 |
monitor an individual server (all servers on the network have to run their own |
| 6 |
bot if the IRCD does not support the "far connect" user mode) with a local |
| 7 |
operator {} block and monitor connections. When a client connects to a server, |
| 8 |
HOPM will scan the connection for insecure proxies. Insecure proxies are |
| 9 |
determined by attempting to connect the proxy back to another host (usually the |
| 10 |
IRC server in question). |
| 11 |
|
| 12 |
HOPM is written ground-up in C language and it is an improved fork of BOPM |
| 13 |
(blitzed open proxy monitor), which is a concept derived from wgmon. It |
| 14 |
improves on wgmon with HTTP support, faster scanning (it can scan clients |
| 15 |
simultaneously), better layout (scalability) and DNSBL support. |
| 16 |
|
| 17 |
|
| 18 |
Requirements |
| 19 |
============ |
| 20 |
|
| 21 |
* An IRCD, which presents connection notices in a format, which HOPM recognizes; |
| 22 |
|
| 23 |
* A host with full connectivity for all the ports you wish to scan. i.e. is NOT |
| 24 |
transparently proxied -- many domestic internet connections have port 80 |
| 25 |
transparently proxied and this produces completely unpredictable results, |
| 26 |
sometimes as severe as 100% of clients being K:lined; |
| 27 |
|
| 28 |
* A UNIX OS with GNU make, a C99 compiler, etc.; |
| 29 |
|
| 30 |
* Permission from your users to portscan them for open proxies; |
| 31 |
|
| 32 |
* For HTTPS proxy detection, a working LibreSSL/OpenSSL library is required. |
| 33 |
|
| 34 |
|
| 35 |
Compatibility |
| 36 |
============= |
| 37 |
|
| 38 |
* ircd-hybrid 8.2.x |
| 39 |
* ircd-ratbox 3.0.x |
| 40 |
* ircu 2.10.x |
| 41 |
* InspIRCd 3.5.x |
| 42 |
* UnrealIRCd 5.0.x |
| 43 |
* ngIRCd 25 |
| 44 |
* Bahamut 2.0.x |
| 45 |
* Charybdis 3.4.x |
| 46 |
|
| 47 |
HOPM is easily suitable for any other IRCD with little modification (`connregex` |
| 48 |
in `hopm.conf`). However, if an IRCD does not send IP addresses in a connection |
| 49 |
notice, HOPM will not work. |
| 50 |
|
| 51 |
|
| 52 |
Command-line options |
| 53 |
==================== |
| 54 |
|
| 55 |
`-c <name>` Configuration filename. By default, HOPM reads `hopm.conf`, |
| 56 |
`-c foo` will cause HOPM to read `foo.conf`. The primary use for |
| 57 |
this is to run multiple HOPM from one directory. |
| 58 |
|
| 59 |
`-d` Debug mode. HOPM will not fork and will write logs to `stderr`. |
| 60 |
Multiple `-d` increase debug level. |
| 61 |
|
| 62 |
|
| 63 |
Operator channel commands |
| 64 |
========================= |
| 65 |
|
| 66 |
`<bot> check <host> [scanner]` Manually scans host for insecure proxies and |
| 67 |
outputs all errors. If scanner is not given, |
| 68 |
HOPM will scan on all scanners. NOTE: this will |
| 69 |
not add a kline if it finds a proxy. |
| 70 |
|
| 71 |
`<bot> stats` Outputs scan stats, uptime and connection count. |
| 72 |
|
| 73 |
`<bot> fdstat` Outputs info about file descriptors in use. |
| 74 |
|
| 75 |
Also, if several HOPM are present in one channel, they will all respond to `!all`, |
| 76 |
for example `!all stats`. |
| 77 |
|
| 78 |
|
| 79 |
Rehashing HOPM |
| 80 |
============== |
| 81 |
|
| 82 |
A `/quote KILL` on HOPM will cause the process to restart, rehashing the |
| 83 |
configuration file and ending all queued scans. The same can be achieved |
| 84 |
with `kill -HUP` from the command line. |
| 85 |
|
| 86 |
|
| 87 |
Logging |
| 88 |
======= |
| 89 |
|
| 90 |
Once started, HOPM logs all significant events to a file called `hopm.log`, |
| 91 |
which by default can be found at `$HOME/hopm/var/log/hopm.log`. There is also a |
| 92 |
configuration option, `scanlog`, to log all proxy scans initiated, which can be |
| 93 |
quite useful if you receive an abuse report related to portscanning. |
| 94 |
|
| 95 |
These log files, especially the `scan.log`, can grow quite large. It is suggested |
| 96 |
that you arrange for these files to be rotated periodically. You should send a |
| 97 |
`USR1` signal to HOPM after moving its logfiles -- this will cause HOPM to |
| 98 |
reopen those files. |
| 99 |
|
| 100 |
|
| 101 |
Contact information |
| 102 |
=================== |
| 103 |
|
| 104 |
* Home page: https://www.ircd-hybrid.org |
| 105 |
* Bug reports: bugs@ircd-hybrid.org |
| 106 |
* IRC: #ircd-coders on irc.ircd-hybrid.org |
| 107 |
* GitHub: https://github.com/ircd-hybrid/hopm |
| 108 |
|
| 109 |
Anonymous SVN access is also available: |
| 110 |
Devel: `svn co svn://svn.ircd-hybrid.org/svnroot/hopm/trunk` |
| 111 |
Stable branch (1.1.x): `svn co svn://svn.ircd-hybrid.org/svnroot/hopm/branches/1.1.x` |
