branches/1.0.x/README

Introduction
------------

HOPM (Hybrid Open Proxy Monitor) is an open proxy monitoring bot designed for
Hybrid based ircds.  The bot is designed to monitor an individual server (all
servers on the network have to run their own bot) with a local operator {}
block and monitor connections.  When a client connects to the server, HOPM will 
scan the connection for insecure proxies.  Insecure proxies are determined by 
attempting to connect the proxy back to another host (usually the IRC server in 
question).

HOPM is written ground-up in C language, concept derived from wgmon.  It
improves on wgmon with HTTP support, faster scanning (it can scan clients
simultaneously), better layout (scalability), and dnsbl support.


Requirements
------------

o An IRCd which presents connection notices in a format which HOPM
  recognises (see below).

o A host with full connectivity for all the ports you wish to scan.  i.e. is
  NOT transparently proxied -- many domestic internet connections have port 80
  transparently proxied and this produces completely unpredictable results,
  sometimes as severe as 100% of clients being K:lined!

o A unix OS with GNU Make, a C99 compiler, etc..

o Permission from your users to portscan them for open proxies.


Compatibility
-------------

ircd-hybrid 8.2.1

HOPM is designed for ircd-hybrid.  It is easily suitable for any other ircd with
little modification (connregex in hopm.conf). However, if an ircd does not send
IP's in a connection notice, HOPM will not be effective because the time it takes
to resolve a hostname would be a significant factor to HOPM's efficiency.


Command Line Options
--------------------

-c <name>       Config name.  By default HOPM reads hopm.conf, "-c foo"
                will cause HOPM to read foo.conf.  The primary use for
                this is to run multiple HOPMs from one directory.

-d              Debug mode.  HOPM will not fork, and will write logs to stderr.
                Multiple -d increase debug level.


Operator Channel Commands
-------------------------

botnick check <host> [scanner]  -- Manually scan host for insecure proxies and output all errors.
                                   If scanner is not given, hopm will scan on all scanners.
                                   NOTE: this will NOT add a kline (or whatever) if it finds a
                                   proxy.

botnick stats                   -- Output scan stats, uptime and client connection count.

botnick fdstat                  -- Output some into about file descriptors in use.

Also if several HOPMs are present in one channel they will all respond to !all,
for example !all stats (fixed in BOPM 3.1.0).


Rehashing HOPM 
--------------

A /kill to hopm will cause the process to restart, rehashing the configuration file
and ending all queued scans.


Logging
-------

Once started, HOPM logs all significant events to a file called "hopm.log"
which by default can be found at $HOME/hopm/var/hopm.log.  There is also a
config option to log all proxy scans initiated, which can be quite useful if
you receive an abuse report related to portscanning.

These log files, especially the scan log, can grow quite large.  It is
suggested that you arrange for these files to be rotated periodically.  An
example shell script is provided in the contrib/logrotate directory.  If you
prefer to use the log rotation facilities of your operating system then you
should send a USR1 signal to HOPM after moving its logfiles - this will cause
HOPM to reopen those files.


Support
-------

  * Bug Reports:
    - bugs@ircd-hybrid.org
  * IRC contact:
    - #ircd-coders on irc.ircd-hybrid.org

Credits
-------

Please see the CREDITS file.
Revision:	5060
Committed:	Mon Dec 22 13:54:58 2014 UTC (9 years, 3 months ago) by michael
Original Path:	*hopm/trunk/README*
File size:	3646 byte(s)
Log Message:	- Update INSTALL & README
#	User	Rev	Content
1	michael	5052	Introduction
2			------------
3
4	michael	5060	HOPM (Hybrid Open Proxy Monitor) is an open proxy monitoring bot designed for
5			Hybrid based ircds. The bot is designed to monitor an individual server (all
6			servers on the network have to run their own bot) with a local operator {}
7			block and monitor connections. When a client connects to the server, HOPM will
8	michael	5052	scan the connection for insecure proxies. Insecure proxies are determined by
9			attempting to connect the proxy back to another host (usually the IRC server in
10			question).
11
12	michael	5060	HOPM is written ground-up in C language, concept derived from wgmon. It
13	michael	5052	improves on wgmon with HTTP support, faster scanning (it can scan clients
14			simultaneously), better layout (scalability), and dnsbl support.
15
16
17			Requirements
18			------------
19
20	michael	5060	o An IRCd which presents connection notices in a format which HOPM
21	michael	5052	recognises (see below).
22
23			o A host with full connectivity for all the ports you wish to scan. i.e. is
24			NOT transparently proxied -- many domestic internet connections have port 80
25			transparently proxied and this produces completely unpredictable results,
26			sometimes as severe as 100% of clients being K:lined!
27
28	michael	5060	o A unix OS with GNU Make, a C99 compiler, etc..
29	michael	5052
30			o Permission from your users to portscan them for open proxies.
31
32
33			Compatibility
34			-------------
35
36	michael	5060	ircd-hybrid 8.2.1
37	michael	5052
38	michael	5060	HOPM is designed for ircd-hybrid. It is easily suitable for any other ircd with
39			little modification (connregex in hopm.conf). However, if an ircd does not send
40			IP's in a connection notice, HOPM will not be effective because the time it takes
41			to resolve a hostname would be a significant factor to HOPM's efficiency.
42	michael	5052
43
44			Command Line Options
45			--------------------
46
47	michael	5060	-c <name> Config name. By default HOPM reads hopm.conf, "-c foo"
48			will cause HOPM to read foo.conf. The primary use for
49			this is to run multiple HOPMs from one directory.
50	michael	5052
51	michael	5060	-d Debug mode. HOPM will not fork, and will write logs to stderr.
52	michael	5052	Multiple -d increase debug level.
53
54
55			Operator Channel Commands
56			-------------------------
57
58			botnick check <host> [scanner] -- Manually scan host for insecure proxies and output all errors.
59	michael	5060	If scanner is not given, hopm will scan on all scanners.
60	michael	5052	NOTE: this will NOT add a kline (or whatever) if it finds a
61	michael	5060	proxy.
62	michael	5052
63			botnick stats -- Output scan stats, uptime and client connection count.
64
65			botnick fdstat -- Output some into about file descriptors in use.
66
67	michael	5060	Also if several HOPMs are present in one channel they will all respond to !all,
68	michael	5052	for example !all stats (fixed in BOPM 3.1.0).
69
70
71	michael	5060	Rehashing HOPM
72	michael	5052	--------------
73
74	michael	5060	A /kill to hopm will cause the process to restart, rehashing the configuration file
75	michael	5052	and ending all queued scans.
76
77
78			Logging
79			-------
80
81	michael	5060	Once started, HOPM logs all significant events to a file called "hopm.log"
82			which by default can be found at $HOME/hopm/var/hopm.log. There is also a
83	michael	5052	config option to log all proxy scans initiated, which can be quite useful if
84			you receive an abuse report related to portscanning.
85
86			These log files, especially the scan log, can grow quite large. It is
87			suggested that you arrange for these files to be rotated periodically. An
88			example shell script is provided in the contrib/logrotate directory. If you
89			prefer to use the log rotation facilities of your operating system then you
90	michael	5060	should send a USR1 signal to HOPM after moving its logfiles - this will cause
91			HOPM to reopen those files.
92	michael	5052
93
94			Support
95			-------
96
97	michael	5060	* Bug Reports:
98			- bugs@ircd-hybrid.org
99			* IRC contact:
100			- #ircd-coders on irc.ircd-hybrid.org
101	michael	5052
102			Credits
103			-------
104
105			Please see the CREDITS file.