1 |
michael |
5052 |
Introduction |
2 |
|
|
------------ |
3 |
|
|
|
4 |
michael |
5060 |
HOPM (Hybrid Open Proxy Monitor) is an open proxy monitoring bot designed for |
5 |
|
|
Hybrid based ircds. The bot is designed to monitor an individual server (all |
6 |
|
|
servers on the network have to run their own bot) with a local operator {} |
7 |
michael |
5104 |
block and monitor connections. When a client connects to the server, HOPM will |
8 |
|
|
scan the connection for insecure proxies. Insecure proxies are determined by |
9 |
|
|
attempting to connect the proxy back to another host (usually the IRC server in |
10 |
michael |
5052 |
question). |
11 |
|
|
|
12 |
michael |
5060 |
HOPM is written ground-up in C language, concept derived from wgmon. It |
13 |
michael |
5052 |
improves on wgmon with HTTP support, faster scanning (it can scan clients |
14 |
|
|
simultaneously), better layout (scalability), and dnsbl support. |
15 |
|
|
|
16 |
|
|
|
17 |
|
|
Requirements |
18 |
|
|
------------ |
19 |
|
|
|
20 |
michael |
5060 |
o An IRCd which presents connection notices in a format which HOPM |
21 |
michael |
5052 |
recognises (see below). |
22 |
|
|
|
23 |
|
|
o A host with full connectivity for all the ports you wish to scan. i.e. is |
24 |
|
|
NOT transparently proxied -- many domestic internet connections have port 80 |
25 |
|
|
transparently proxied and this produces completely unpredictable results, |
26 |
|
|
sometimes as severe as 100% of clients being K:lined! |
27 |
|
|
|
28 |
michael |
5060 |
o A unix OS with GNU Make, a C99 compiler, etc.. |
29 |
michael |
5052 |
|
30 |
|
|
o Permission from your users to portscan them for open proxies. |
31 |
|
|
|
32 |
|
|
|
33 |
|
|
Compatibility |
34 |
|
|
------------- |
35 |
|
|
|
36 |
michael |
5060 |
ircd-hybrid 8.2.1 |
37 |
michael |
5052 |
|
38 |
michael |
5108 |
HOPM is designed for ircd-hybrid based ircds. It is easily suitable for any |
39 |
|
|
other ircd with little modification (connregex in hopm.conf). However, if an |
40 |
|
|
ircd does not send IP addresses in a connection notice, HOPM will not be |
41 |
|
|
effective because the time it takes to resolve a hostname would be a |
42 |
|
|
significant factor to HOPM's efficiency. |
43 |
michael |
5052 |
|
44 |
|
|
|
45 |
|
|
Command Line Options |
46 |
|
|
-------------------- |
47 |
|
|
|
48 |
michael |
5060 |
-c <name> Config name. By default HOPM reads hopm.conf, "-c foo" |
49 |
|
|
will cause HOPM to read foo.conf. The primary use for |
50 |
|
|
this is to run multiple HOPMs from one directory. |
51 |
michael |
5052 |
|
52 |
michael |
5060 |
-d Debug mode. HOPM will not fork, and will write logs to stderr. |
53 |
michael |
5052 |
Multiple -d increase debug level. |
54 |
|
|
|
55 |
|
|
|
56 |
|
|
Operator Channel Commands |
57 |
|
|
------------------------- |
58 |
|
|
|
59 |
|
|
botnick check <host> [scanner] -- Manually scan host for insecure proxies and output all errors. |
60 |
michael |
5060 |
If scanner is not given, hopm will scan on all scanners. |
61 |
michael |
5052 |
NOTE: this will NOT add a kline (or whatever) if it finds a |
62 |
michael |
5060 |
proxy. |
63 |
michael |
5052 |
|
64 |
|
|
botnick stats -- Output scan stats, uptime and client connection count. |
65 |
|
|
|
66 |
|
|
botnick fdstat -- Output some into about file descriptors in use. |
67 |
|
|
|
68 |
michael |
5060 |
Also if several HOPMs are present in one channel they will all respond to !all, |
69 |
michael |
5104 |
for example !all stats. |
70 |
michael |
5052 |
|
71 |
|
|
|
72 |
michael |
5104 |
Rehashing HOPM |
73 |
michael |
5052 |
-------------- |
74 |
|
|
|
75 |
michael |
5060 |
A /kill to hopm will cause the process to restart, rehashing the configuration file |
76 |
michael |
5052 |
and ending all queued scans. |
77 |
|
|
|
78 |
|
|
|
79 |
|
|
Logging |
80 |
|
|
------- |
81 |
|
|
|
82 |
michael |
5060 |
Once started, HOPM logs all significant events to a file called "hopm.log" |
83 |
|
|
which by default can be found at $HOME/hopm/var/hopm.log. There is also a |
84 |
michael |
5052 |
config option to log all proxy scans initiated, which can be quite useful if |
85 |
|
|
you receive an abuse report related to portscanning. |
86 |
|
|
|
87 |
|
|
These log files, especially the scan log, can grow quite large. It is |
88 |
|
|
suggested that you arrange for these files to be rotated periodically. An |
89 |
|
|
example shell script is provided in the contrib/logrotate directory. If you |
90 |
|
|
prefer to use the log rotation facilities of your operating system then you |
91 |
michael |
5060 |
should send a USR1 signal to HOPM after moving its logfiles - this will cause |
92 |
|
|
HOPM to reopen those files. |
93 |
michael |
5052 |
|
94 |
|
|
|
95 |
|
|
Support |
96 |
|
|
------- |
97 |
|
|
|
98 |
michael |
5060 |
* Bug Reports: |
99 |
|
|
- bugs@ircd-hybrid.org |
100 |
|
|
* IRC contact: |
101 |
|
|
- #ircd-coders on irc.ircd-hybrid.org |