/[svn]/hopm/trunk/doc/reference.conf
ViewVC logotype

Contents of /hopm/trunk/doc/reference.conf

Parent Directory Parent Directory | Revision Log Revision Log


Revision 7199 - (show annotations)
Sat Jan 30 21:56:25 2016 UTC (5 years, 11 months ago) by michael
File size: 23060 byte(s)
- reference.conf: add SOCKS5:10000

1 /*
2 * Hybrid Open Proxy Monitor - HOPM sample configuration
3 *
4 * Copyright (c) 2014-2016 ircd-hybrid development team
5 *
6 * $Id$
7 */
8
9 /*
10 * Shell style (#), C++ style (//) and C style comments are supported.
11 *
12 * Times/durations are written as:
13 * 12 hours 30 minutes 1 second
14 *
15 * Valid units of time:
16 * year, month, week, day, hour, minute, second
17 *
18 * Valid units of size:
19 * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
20 *
21 * Sizes and times may be singular or plural.
22 */
23
24 options {
25 /*
26 * Full path and filename for storing the process ID of the running
27 * HOPM.
28 */
29 pidfile = "var/run/hopm.pid";
30
31 /*
32 * Maximum commands to queue. Set to 0 if you don't want HOPM
33 * to process commands.
34 */
35 command_queue_size = 64;
36
37 /*
38 * Interval to check command queue for timed out commands.
39 */
40 command_interval = 10 seconds;
41
42 /*
43 * Timeout of commands.
44 */
45 command_timeout = 180 seconds;
46
47 /*
48 * How long to store the IP address of hosts which are confirmed
49 * (by previous scans) to be secure. New users from these
50 * IP addresses will not be scanned again until this amount of time
51 * has passed. IT IS STRONGLY RECOMMENDED THAT YOU DO NOT USE THIS
52 * DIRECTIVE, but it is provided due to demand.
53 *
54 * The main reason for not using this feature is that anyone capable
55 * of running a proxy can get abusers onto your network - all they
56 * need do is shut the proxy down, connect themselves, restart the
57 * proxy, and tell their friends to come flood.
58 *
59 * Keep this directive commented out to disable negative caching.
60 */
61 # negcache = 1 hour;
62
63 /*
64 * How long between rebuilds of the negative cache. The negcache
65 * is only rebuilt to free up memory used by entries that are too old.
66 * You probably don't need to tweak this unless you have huge amounts
67 * of people connecting (hundreds per minute). Default is 12 hours.
68 */
69 negcache_rebuild = 12 hours;
70
71 /*
72 * Amount of file descriptors to allocate to asynchronous DNS. 64
73 * should be plenty for almost anyone.
74 */
75 dns_fdlimit = 64;
76
77 /*
78 * Amount of time the resolver waits until a response is received
79 * from a name server.
80 */
81 dns_timeout = 5 seconds;
82
83 /*
84 * Put the full path and filename of a logfile here if you wish to log
85 * every scan done. Normally HOPM only logs successfully detected
86 * proxies in the hopm.log, but you may get abuse reports to your ISP
87 * about portscanning. Being able to show that it was HOPM that did
88 * the scan in question can be useful. Leave commented for no
89 * logging.
90 */
91 # scanlog = "var/log/scan.log";
92 };
93
94
95 irc {
96 /*
97 * IP address to bind to for the IRC connection. You only need to
98 * use this if you wish HOPM to use a particular interface
99 * (virtual host, IP alias, ...) when connecting to the IRC server.
100 * There is another "vhost" setting in the scan {} block below for
101 * the actual portscans. Note that this directive expects an IP address,
102 * not a hostname. Please leave this commented out if you do not
103 * understand what it does, as most people don't need it.
104 */
105 # vhost = "0.0.0.0";
106
107 /*
108 * Nickname for HOPM to use.
109 */
110 nick = "MyHopm";
111
112 /*
113 * Text to appear in the "realname" field of HOPM's /whois output.
114 */
115 realname = "Hybrid Open Proxy Monitor";
116
117 /*
118 * If you don't have an identd running, what username to use.
119 */
120 username = "hopm";
121
122 /*
123 * Hostname (or IP address) of the IRC server which HOPM will monitor
124 * connections on. IPv6 is now supported.
125 */
126 server = "irc.example.org";
127
128 /*
129 * Password used to connect to the IRC server (PASS)
130 */
131 # password = "secret";
132
133 /*
134 * Port of the above server to connect to. This is what HOPM uses to
135 * get onto IRC itself, it is nothing to do with what ports/protocols
136 * are scanned, nor do you need to list every port your ircd listens
137 * on.
138 */
139 port = 6667;
140
141 /*
142 * Defines time in which bot will timeout if no data is received
143 */
144 readtimeout = 15 minutes;
145
146 /*
147 * Interval in how often we try to reconnect to the IRC server
148 */
149 reconnectinterval = 30 seconds;
150
151 /*
152 * Command to execute to identify to NickServ (if your network uses
153 * it). This is the raw IRC command text, and the below example
154 * corresponds to "/msg nickserv identify password" in a client. If
155 * you don't understand, just edit "password" in the line below to be
156 * your HOPM's nick password. Leave commented out if you don't need
157 * to identify to NickServ.
158 */
159 # nickserv = "NS IDENTIFY password";
160
161 /*
162 * The username and password needed for HOPM to oper up.
163 */
164 oper = "hopm operpass";
165
166 /*
167 * Mode string that HOPM needs to set on itself as soon as it opers
168 * up. This needs to include the mode for seeing connection notices,
169 * otherwise HOPM won't scan anyone (that's usually umode +c).
170 */
171 mode = "+c";
172
173 /*
174 * If this is set then HOPM will use it as an /away message as soon as
175 * it connects.
176 */
177 away = "I'm a bot. Your messages will be ignored.";
178
179 /*
180 * Info about channels you wish HOPM to join in order to accept
181 * commands. HOPM will also print messages in these channels every
182 * time it detects a proxy. Only IRC operators can command HOPM to do
183 * anything, but some of the things HOPM reports to these channels
184 * could be considered sensitive, so it's best not to put HOPM into
185 * public channels.
186 */
187 channel {
188 /*
189 * Channel name. Local ("&") channels are supported if your ircd
190 * supports them.
191 */
192 name = "#hopm";
193
194 /*
195 * If HOPM will need to use a key to enter this channel, this is
196 * where you specify it.
197 */
198 # key = "somekey";
199
200 /*
201 * If you use ChanServ then maybe you want to set the channel
202 * invite-only and have each HOPM do "/msg ChanServ invite" to get
203 * itself in. Leave commented if you don't, or if this makes no
204 * sense to you.
205 */
206 # invite = "CS INVITE #hopm";
207 };
208
209 /*
210 * You can define a bunch of channels if you want:
211 *
212 * channel { name = "#other"; }; channel { name= "#channel"; }
213 */
214
215 /*
216 * connregex is a POSIX regular expression used to parse connection
217 * notices from the ircd. The complexity of the expression should
218 * be kept to a minimum.
219 *
220 * Items in order MUST be: nick user host IP
221 *
222 * HOPM will not work with ircds which do not send an IP address in the
223 * connection notice.
224 *
225 * This is fairly complicated stuff, and the consequences of getting
226 * it wrong are the HOPM does not scan anyone. Unless you know
227 * absolutely what you are doing, please just uncomment the example
228 * below that best matches the type of ircd you use.
229 */
230
231 /* bahamut / charybdis / ircd-hybrid / ircd-ratbox / ircu / UnrealIRCd 3.2.x (in HCN mode) */
232 connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
233
234 /* ircd-hybrid with far connect notices (user mode +F) to scan clients on remote servers */
235 # connregex = "\\*\\*\\* Notice -- Client connecting.*: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
236
237 /* UnrealIRCd 4.0.x */
238 # connregex = "\\*\\*\\* Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
239
240 /* InspIRCd */
241 # connregex = "\\*\\*\\* .*CONNECT: Client connecting.*: ([^ ]+)!([^@]+)@([^\\)]+) \\(([0-9\\.]+)\\) \\[.*\\]";
242
243 /* ngIRCd */
244 # connregex = "Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
245
246 /*
247 * "kline" controls the command used when an open proxy is confirmed.
248 * We suggest applying a temporary (no more than a few hours) KLINE on the host.
249 *
250 * <WARNING>
251 * Make sure if you need to change this string you also change the
252 * kline command for every DNSBL you enable below.
253 *
254 * Also note that some servers do not allow you to include ':' characters
255 * inside the KLINE message (e.g. for a http:// address).
256 *
257 * Users rewriting this message into something that isn't even a valid
258 * IRC command is the single most common cause of support requests and
259 * therefore WE WILL NOT SUPPORT YOU UNLESS YOU USE ONE OF THE EXAMPLE
260 * KLINE COMMANDS BELOW.
261 * </WARNING>
262 *
263 * That said, should you wish to customise this text, several
264 * printf-like placeholders are available:
265 *
266 * %n User's nick
267 * %u User's username
268 * %h User's irc hostname
269 * %i User's IP address
270 * %t Protocol type which has triggered a positive scan
271 */
272 kline = "KLINE 180 *@%h :Open proxy found on your host.";
273
274 /* A GLINE example for ircu */
275 # kline = "GLINE +*@%i 1800 :Open proxy found on your host.";
276
277 /*
278 * An AKILL example for services with OperServ. Your HOPM must have permission to
279 * AKILL for this to work!
280 */
281 # kline = "OS AKILL ADD +3h *@%h Open proxy found on your host.";
282
283 /*
284 * Text to send on connection, these can be stacked and will be sent in this order.
285 *
286 * !!! UNREAL USERS PLEASE NOTE !!!
287 * Unreal users will need PROTOCTL HCN to force hybrid connect
288 * notices.
289 *
290 * Yes Unreal users! That means you! That means you need the line
291 * below! See that thing at the start of the line? That's what we
292 * call a comment! Remove it to UNcomment the line.
293 *
294 * Note that this is no longer needed as of UnrealIRCd 4.0.0.
295 */
296 # perform = "PROTOCTL HCN";
297
298 /*
299 * Text to send, via NOTICE, immediately when a new client connects. These can be
300 * stacked and will be sent in this order.
301 */
302 # notice = "You are now being scanned for open proxies. If you have nothing to hide, you have nothing to fear.";
303 };
304
305
306 /*
307 * OPM Block defines blacklists and information required to report new proxies
308 * to a dns blacklist. DNS-based blacklists store IP addresses in a DNS zone
309 * file. There are several blacklist that list IP addresses known to be open
310 * proxies or other forms of IRC abuse. By checking against these blacklists,
311 * HOPMs are able to ban known sources of abuse without completely scanning them.
312 */
313 #opm {
314 /*
315 * Blacklist zones to check IPs against. If you would rather not
316 * trust a remotely managed blacklist, you could set up your own, or
317 * leave these commented out in which case every user will be
318 * scanned. The use of at least one open proxy DNSBL is recommended
319 * however.
320 *
321 * Please check the policies of each blacklist you use to check you
322 * are comfortable with using them to block access to your server
323 * (and that you are allowed to use them).
324 */
325
326
327 /* dnsbl.dronebl.org - http://dronebl.org */
328 # blacklist {
329 /* The DNS name of the blacklist */
330 # name = "dnsbl.dronebl.org";
331
332 /*
333 * There are only two values that are valid for this
334 * "A record bitmask" and "A record reply"
335 * These options affect how the values specified to reply
336 * below will be interpreted, a bitmask is where the reply
337 * values are 2^n and more than one is added up, a reply is
338 * simply where the last octet of the IP address is that number.
339 * If you are not sure then the values set for dnsbl.dronebl.org
340 * will work without any changes.
341 */
342 # type = "A record reply";
343
344 /*
345 * Kline types not listed in the reply list below.
346 *
347 * For DNSBLs that are not IRC specific and you just wish to kline
348 * certain types this can be enabled/disabled.
349 */
350 # ban_unknown = no;
351
352 /*
353 * The actual values returned by the dnsbl.dronebl.org blacklist as
354 * documented at http://dronebl.org/docs/howtouse
355 */
356 # reply {
357 # 2 = "Sample";
358 # 3 = "IRC Drone";
359 # 5 = "Bottler";
360 # 6 = "Unknown spambot or drone";
361 # 7 = "DDOS Drone";
362 # 8 = "SOCKS Proxy";
363 # 9 = "HTTP Proxy";
364 # 10 = "ProxyChain";
365 # 13 = "Brute force attackers";
366 # 14 = "Open Wingate Proxy";
367 # 15 = "Compromised router / gateway";
368 # 17 = "Automatically determined botnet IPs (experimental)";
369 # 255 = "Unknown";
370 # };
371
372 /*
373 * The kline message sent for this specific blacklist, remember to put
374 * the removal method in this.
375 */
376 # kline = "KLINE 180 *@%h :You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=Network";
377 # };
378
379
380 /* tor.dnsbl.sectoor.de - http://www.sectoor.de/tor.php */
381 # blacklist {
382 # name = "tor.dnsbl.sectoor.de";
383 # type = "A record reply";
384 # ban_unknown = no;
385
386 # reply {
387 # 1 = "Tor exit server";
388 # };
389
390 # kline = "KLINE 180 *@%h :Tor exit server detected. For more information, visit http://www.sectoor.de/tor.php?ip=%i";
391 # };
392
393 /* rbl.efnetrbl.org - http://rbl.efnetrbl.org/ */
394 # blacklist {
395 # name = "rbl.efnetrbl.org";
396 # type = "A record reply";
397 # ban_unknown = no;
398
399 # reply {
400 # 1 = "Open proxy";
401 # 2 = "spamtrap666";
402 # 3 = "spamtrap50";
403 # 4 = "TOR";
404 # 5 = "Drones / Flooding";
405 # };
406
407 # kline = "KLINE 180 *@%h :Blacklisted proxy found. For more information, visit http://rbl.efnetrbl.org/?i=%i";
408 # };
409
410
411
412 /* tor.efnetrbl.org - http://rbl.efnetrbl.org/ */
413 # blacklist {
414 # name = "tor.efnetrbl.org";
415 # type = "A record reply";
416 # ban_unknown = no;
417
418 # reply {
419 # 1 = "TOR";
420 # };
421
422 # kline = "KLINE 180 *@%h :TOR exit node found. For more information, visit http://rbl.efnetrbl.org/?i=%i";
423 # };
424
425 /*
426 * You can report the insecure proxies you find to a DNSBL also!
427 * The remaining directives in this section are only needed if you
428 * intend to do this. Reports are sent by email, one email per IP
429 * address. The format does support multiple addresses in one email,
430 * but we don't know of any servers that are detecting enough insecure
431 * proxies for this to be really necessary.
432 */
433
434 /*
435 * Email address to send reports FROM. If you intend to send reports,
436 * please pick an email address that we can actually send mail to
437 * should we ever need to contact you.
438 */
439 # dnsbl_from = "mybopm@myserver.org";
440
441 /*
442 * Email address to send reports TO.
443 * For example DroneBL:
444 */
445 # dnsbl_to = "bopm-report@dronebl.org";
446
447 /*
448 * Full path to your sendmail binary. Even if your system does not
449 * use sendmail, it probably does have a binary called "sendmail"
450 * present in /usr/sbin or /usr/lib. If you don't set this, no
451 * proxies will be reported.
452 */
453 # sendmail = "/usr/sbin/sendmail";
454 #};
455
456
457 /*
458 * The short explanation:
459 *
460 * This is where you define what ports/protocols to check for. You can have
461 * multiple scanner blocks and then choose which users will get scanned by
462 * which scanners further down.
463 *
464 * The long explanation:
465 *
466 * Scanner defines a virtual scanner. For each user being scanned, a scanner
467 * will use a file descriptor (and subsequent connection) for each protocol.
468 * Once connecting it will negotiate the proxy to connect to
469 * target_ip:target_port (target_ip MUST be an IP address).
470 *
471 * Once connected, any data passed through the proxy will be checked to see if
472 * target_string is contained within that data. If it is the proxy is
473 * considered open. If the connection is closed at any point before
474 * target_string is matched, or if at least max_read bytes are read from the
475 * connection, the negotiation is considered failed.
476 */
477 scanner {
478 /*
479 * Unique name of this scanner. This is used further down in the
480 * user {} blocks to decide which users get affected by which
481 * scanners.
482 */
483 name = "default";
484
485 /*
486 * HTTP CONNECT - very common proxy protocol supported by widely known
487 * software such as Squid and Apache. The most common sort of
488 * insecure proxy and found on a multitude of weird ports too. Offers
489 * transparent two way TCP connections.
490 */
491 protocol = HTTP:80;
492 protocol = HTTP:8080;
493 protocol = HTTP:3128;
494 protocol = HTTP:6588;
495
496 /*
497 * The SSL/TLS variant of HTTP
498 */
499 # protocol = HTTPS:443;
500 # protocol = HTTPS:8443;
501
502 /*
503 * SOCKS4/5 - well known proxy protocols, probably the second most
504 * common for insecure proxies, also offers transparent two way TCP
505 * connections. Fortunately largely confined to port 1080.
506 */
507 protocol = SOCKS4:1080;
508 protocol = SOCKS5:1080;
509
510 /*
511 * Cisco routers with a default password (yes, it really does happen).
512 * Also pretty much anything else that will let you telnet to anywhere
513 * else on the Internet. Fortunately these are always on port 23.
514 */
515 protocol = ROUTER:23;
516
517 /*
518 * WinGate is commercial windows proxy software which is now not so
519 * common, but still to be found, and helpfully presents an interface
520 * that can be used to telnet out, on port 23.
521 */
522 protocol = WINGATE:23;
523
524 /*
525 * Dreambox DVB receivers with a default password allowing
526 * full root access to telnet or install bouncers.
527 */
528 protocol = DREAMBOX:23;
529
530 /*
531 * The HTTP POST protocol, often dismissed when writing the access
532 * controls for proxies, but sadly can still be used to abused.
533 * Offers only the opportunity to send a single block of data, but
534 * enough of them at once can still make for a devastating flood.
535 * Found on the same ports that HTTP CONNECT proxies inhabit.
536 *
537 * Note that if your ircd has "ping cookies" then clients from HTTP
538 * POST proxies cannot actually ever get onto your network anyway. If
539 * you leave the checks in then you'll still find some (because some
540 * people IRC from boxes that run them), but if you use HOPM purely as
541 * a protective measure and you have ping cookies, you need not scan
542 * for HTTP POST.
543 */
544 protocol = HTTPPOST:80;
545
546 /*
547 * The SSL/TLS variant of HTTPPOST
548 */
549 # protocol = HTTPSPOST:443;
550 # protocol = HTTPSPOST:8443;
551
552 /*
553 * IP address this scanner will bind to. Use this if you need your scans to
554 * come FROM a particular interface on the machine you run HOPM from.
555 * If you don't understand what this means, please leave this
556 * commented out, as this is a major source of support queries!
557 */
558 # vhost = "127.0.0.1";
559
560 /*
561 * Maximum file descriptors this scanner can use. Remember that there
562 * will be one FD for each protocol listed above. As this example
563 * scanner has 8 protocols, it requires 8 FDs per user. With a 512 FD
564 * limit, this scanner can be used on 64 users _at the same time_.
565 * That should be adequate for most servers.
566 */
567 fd = 512;
568
569 /*
570 * Maximum data read from a proxy before considering it closed. Don't
571 * set this too high, some people have fun setting up lots of ports
572 * that send endless data to tie up your scanner. 4KB is plenty for
573 * any known proxy.
574 */
575 max_read = 4 kbytes;
576
577 /*
578 * Amount of time before a test is considered timed out.
579 * Again, all but the poorest slowest proxies will be detected within
580 * 30 seconds, and this helps keep resource usage low.
581 */
582 timeout = 30 seconds;
583
584 /*
585 * Target IP to tell the proxy to connect to
586 *
587 * !!! THIS MUST BE CHANGED !!!
588 *
589 * You cannot instruct the proxy to connect to itself! The easiest
590 * thing to do would be to set this to the IP address of your ircd
591 * and then keep the default target_strings.
592 *
593 * Please use an IP address that is publically reachable from anywhere
594 * on the Internet, because you have no way of knowing where the insecure
595 * proxies will be located. Just because you and your HOPM can
596 * connect to your ircd on some private IP address like 192.168.0.1,
597 * does not mean that the insecure proxies out there on the Internet will be
598 * able to. And if they never connect, you will never detect them.
599 *
600 * Remember to change this setting for every scanner you configure.
601 */
602 target_ip = "127.0.0.1";
603
604 /*
605 * Target port to tell the proxy to connect to. This is usually
606 * something like 6667. Basically any client-usable port.
607 */
608 target_port = 6667;
609
610 /*
611 * Target string we check for in the data read back by the scanner.
612 * This should be some string out of the data that your ircd usually
613 * sends on connect. Multiple target strings are allowed.
614 *
615 * NOTE: Try to keep the number of target strings to a minimum. Two
616 * should be fine. One for normal connections and one for throttled
617 * connections. Comment out any others for efficiency.
618 */
619
620 /*
621 * Usually first line sent to client on connection to ircd.
622 * If your ircd supports a more specific line (see below),
623 * using it will reduce false positives.
624 */
625 target_string = ":irc.example.org NOTICE * :*** Looking up your hostname";
626
627 /*
628 * If you try to connect too fast, you'll be throttled by your own
629 * ircd. Here's what a hybrid throttle message looks like:
630 */
631 target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
632 };
633
634
635 scanner {
636 name = "extended";
637
638 protocol = HTTP:81;
639 protocol = HTTP:8000;
640 protocol = HTTP:8001;
641 protocol = HTTP:8081;
642
643 protocol = HTTPPOST:81;
644 protocol = HTTPPOST:6588;
645 protocol = HTTPPOST:4480;
646 protocol = HTTPPOST:8000;
647 protocol = HTTPPOST:8001;
648 protocol = HTTPPOST:8080;
649 protocol = HTTPPOST:8081;
650
651 /*
652 * IRCnet have seen many socks5 on these ports, more than on the
653 * standard ports even.
654 */
655 protocol = SOCKS4:4914;
656 protocol = SOCKS4:6826;
657 protocol = SOCKS4:7198;
658 protocol = SOCKS4:7366;
659 protocol = SOCKS4:9036;
660
661 protocol = SOCKS5:4438;
662 protocol = SOCKS5:5104;
663 protocol = SOCKS5:5113;
664 protocol = SOCKS5:5262;
665 protocol = SOCKS5:5634;
666 protocol = SOCKS5:6552;
667 protocol = SOCKS5:6561;
668 protocol = SOCKS5:7464;
669 protocol = SOCKS5:7810;
670 protocol = SOCKS5:8130;
671 protocol = SOCKS5:8148;
672 protocol = SOCKS5:8520;
673 protocol = SOCKS5:8814;
674 protocol = SOCKS5:9100;
675 protocol = SOCKS5:9186;
676 protocol = SOCKS5:9447;
677 protocol = SOCKS5:9578;
678 protocol = SOCKS5:10000;
679 protocol = SOCKS5:64101;
680
681 /*
682 * These came courtsey of Keith Dunnett from a bunch of public open
683 * proxy lists.
684 */
685 protocol = SOCKS4:29992;
686 protocol = SOCKS4:38884;
687 protocol = SOCKS4:18844;
688 protocol = SOCKS4:17771;
689 protocol = SOCKS4:31121;
690
691 fd = 400;
692
693 /*
694 * If required you can add settings such as target_ip here
695 * they will override the defaults set in the first scanner
696 * for this and subsequent scanners defined in the config file
697 * This affects the following options:
698 * fd, vhost, target_ip, target_port, target_string, timeout and
699 * max_read.
700 */
701 };
702
703
704 /*
705 * User blocks define what scanners will be used to scan which hostmasks.
706 * When a user connects they will be scanned on every scanner {} (above)
707 * that matches their host.
708 */
709 user {
710 /*
711 * Users matching this host mask will be scanned with all the
712 * protocols in the scanner named.
713 */
714 mask = "*!*@*";
715 scanner = "default";
716 };
717
718 user {
719 /*
720 * Connections without ident will match on a vast number of connections
721 * very few proxies run ident though
722 */
723 # mask = "*!~*@*";
724 mask = "*!squid@*";
725 mask = "*!nobody@*";
726 mask = "*!www-data@*";
727 mask = "*!cache@*";
728 mask = "*!CacheFlowS@*";
729 mask = "*!*@*www*";
730 mask = "*!*@*proxy*";
731 mask = "*!*@*cache*";
732
733 scanner = "extended";
734 };
735
736
737 /*
738 * Exempt hosts matching certain strings from any form of scanning or dnsbl.
739 * HOPM will check each string against both the hostname and the IP address of
740 * the user.
741 *
742 * There are very few valid reasons to actually use "exempt". HOPM should
743 * never get false positives, and we would like to know very much if it does.
744 * One possible scenario is that the machine HOPM runs from is specifically
745 * authorized to use certain hosts as proxies, and users from those hosts use
746 * your network. In this case, without exempt, HOPM will scan these hosts,
747 * find itself able to use them as proxies, and ban them.
748 */
749 exempt {
750 mask = "*!*@127.0.0.1";
751 };

Properties

Name Value
svn:eol-style native
svn:keywords Id

svnadmin@ircd-hybrid.org
ViewVC Help
Powered by ViewVC 1.1.28